ldap-servers.yml, a configuration file similar to
guacamole.propertiesand located within
/etc/guacamole. When a user authenticates with a Guacamole instance configured to use multiple LDAP servers, each configured LDAP server is tried, in order, until authentication succeeds. Authentication fails only if none of the defined LDAP servers accept the user's provided credentials.
ldap-servers.ymlis used, the values within
guacamole.propertiesstill have meaning, but instead serve as defaults for the LDAP servers defined in
ldap-servers.ymlfile contains a single YAML list of LDAP servers, with each server definition consisting of a simple list of configuration properties and values. These configuration properties are identical to the LDAP properties available within
guacamole.propertiesexcept that the "ldap-" prefix is omitted.
ldap-servers.ymlthat defines two LDAP servers that may be used to authenticate users would contain the following:
server1.example.net). If that fails, Guacamole will proceed with the next (
server2.example.net), and so on. Only if authentication fails against all defined LDAP servers will authentication against LDAP fail overall.
guacamole.propertiesserves as the source of default values when
ldap-servers.ymlis used, the configuration details common to all servers would be better specified within
ldap-servers.ymlcan then be reduced to only the hostnames:
ldap-servers.ymlmay optionally be restricted to only certain users with the "
match-usernames" option. This option accepts both a single string and an array of strings, where each string is a Perl-compatible regular expression. Additionally, if the regular expression includes a capturing group, the contents of the first capturing group will be used as the username representing the user's Guacamole identity.
ldap-servers.ymlto contain something like the following: