diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
new file mode 100644
index 000000000..a7cff5617
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.Directory;
+import org.mybatis.guice.transactional.Transactional;
+
+/**
+ * A MySQL based implementation of the Connection Directory.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class ConnectionDirectory implements Directory<Connection> {
+
+    /**
+     * The user this user directory belongs to. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+    
+    /**
+     * Service for managing connection objects.
+     */
+    @Inject
+    private ConnectionService connectionService;
+
+    /**
+     * Set the user for this directory.
+     *
+     * @param currentUser
+     *     The user whose permissions define the visibility of connections in
+     *     this directory.
+     */
+    public void init(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+    
+    @Override
+    public Connection get(String identifier) throws GuacamoleException {
+        return connectionService.retrieveObject(currentUser, identifier);
+    }
+
+    @Override
+    @Transactional
+    public Collection<Connection> getAll(Collection<String> identifiers) throws GuacamoleException {
+        Collection<MySQLConnection> objects = connectionService.retrieveObjects(currentUser, identifiers);
+        return Collections.<Connection>unmodifiableCollection(objects);
+    }
+
+    @Override
+    @Transactional
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        return connectionService.getIdentifiers(currentUser);
+    }
+
+    @Override
+    @Transactional
+    public void add(Connection object) throws GuacamoleException {
+        connectionService.createObject(currentUser, object);
+    }
+
+    @Override
+    @Transactional
+    public void update(Connection object) throws GuacamoleException {
+        MySQLConnection connection = (MySQLConnection) object;
+        connectionService.updateObject(currentUser, connection);
+    }
+
+    @Override
+    @Transactional
+    public void remove(String identifier) throws GuacamoleException {
+        connectionService.deleteObject(currentUser, identifier);
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 294752ea0..7d19cfe9a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -29,6 +29,7 @@ import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
@@ -36,6 +37,7 @@ import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
@@ -134,10 +136,14 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bindTransactionFactoryType(JdbcTransactionFactory.class);
 
                     // Add MyBatis mappers
+                    addMapperClass(ConnectionMapper.class);
                     addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
 
                     // Bind interfaces
+                    bind(ConnectionDirectory.class);
+                    bind(ConnectionService.class);
+                    bind(MySQLConnection.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
                     bind(MySQLSystemPermissionSet.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
new file mode 100644
index 000000000..177517805
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleUnsupportedException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
+
+/**
+ * A MySQL based implementation of the Connection object.
+ * @author James Muehlner
+ */
+public class MySQLConnection implements Connection, DirectoryObject<ConnectionModel> {
+
+    /**
+     * The user this connection belongs to. Access is based on his/her permission
+     * settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The internal model object containing the values which represent this
+     * connection in the database.
+     */
+    private ConnectionModel connectionModel;
+
+    /**
+     * Creates a new, empty MySQLConnection.
+     */
+    public MySQLConnection() {
+    }
+
+    @Override
+    public void init(AuthenticatedUser currentUser, ConnectionModel connectionModel) {
+        this.currentUser = currentUser;
+        setModel(connectionModel);
+    }
+
+    @Override
+    public AuthenticatedUser getCurrentUser() {
+        return currentUser;
+    }
+
+    @Override
+    public void setCurrentUser(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+
+    @Override
+    public ConnectionModel getModel() {
+        return connectionModel;
+    }
+
+    @Override
+    public void setModel(ConnectionModel userModel) {
+        this.connectionModel = userModel;
+    }
+
+    @Override
+    public String getIdentifier() {
+        return connectionModel.getIdentifier();
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        connectionModel.setIdentifier(identifier);
+    }
+
+    @Override
+    public String getName() {
+        return connectionModel.getName();
+    }
+
+    @Override
+    public void setName(String name) {
+        connectionModel.setName(name);
+    }
+
+    @Override
+    public String getParentIdentifier() {
+        return connectionModel.getParentIdentifier();
+    }
+
+    @Override
+    public void setParentIdentifier(String parentIdentifier) {
+        connectionModel.setParentID(parentIdentifier);
+    }
+
+    @Override
+    public GuacamoleConfiguration getConfiguration() {
+
+        GuacamoleConfiguration config = new GuacamoleConfiguration();
+        config.setProtocol(connectionModel.getProtocol());
+
+        /* FIXME: Set parameters, if available */
+
+        return config;
+        
+    }
+
+    @Override
+    public void setConfiguration(GuacamoleConfiguration config) {
+
+        /* FIXME: Set parameters, if available */
+
+        connectionModel.setProtocol(config.getProtocol());
+        
+    }
+
+    @Override
+    public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
+        /* STUB */
+        return Collections.EMPTY_LIST;
+    }
+
+    @Override
+    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
+        /* STUB */
+        throw new GuacamoleUnsupportedException("STUB - connecting not implemented at the moment");
+    }
+
+    @Override
+    public int getActiveConnections() {
+        /* STUB */
+        return 0;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 6de6b66bf..60353bcce 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -31,7 +31,6 @@ import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionDirectory;
 import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroup;
 import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroupDirectory;
 
@@ -52,6 +51,13 @@ public class MySQLUserContext implements UserContext {
      */
     @Inject
     private UserDirectory userDirectory;
+ 
+    /**
+     * Connection directory restricted by the permissions of the user
+     * associated with this context.
+     */
+    @Inject
+    private ConnectionDirectory connectionDirectory;
     
     /**
      * Initializes the user and directories associated with this context.
@@ -60,8 +66,12 @@ public class MySQLUserContext implements UserContext {
      *     The user owning this context.
      */
     public void init(AuthenticatedUser currentUser) {
+
         this.currentUser = currentUser;
+
         userDirectory.init(currentUser);
+        connectionDirectory.init(currentUser);
+
     }
 
     @Override
@@ -76,14 +86,13 @@ public class MySQLUserContext implements UserContext {
 
     @Override
     public Directory<Connection> getConnectionDirectory() throws GuacamoleException {
-        /* STUB */
-        return new SimpleConnectionDirectory(Collections.EMPTY_LIST);
+        return connectionDirectory;
     }
 
     @Override
     public Directory<ConnectionGroup> getConnectionGroupDirectory() throws GuacamoleException {
         /* STUB */
-        return new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST);
+        return new SimpleConnectionGroupDirectory(Collections.singleton(getRootConnectionGroup()));
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
new file mode 100644
index 000000000..4890361aa
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for connection objects.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionMapper extends DirectoryObjectMapper<ConnectionModel> {
+
+    /**
+     * Selects the identifiers of all connections within the given parent
+     * connection group, regardless of whether they are readable by any
+     * particular user. This should only be called on behalf of a system
+     * administrator. If identifiers are needed by a non-administrative user
+     * who must have explicit read rights, use
+     * selectReadableIdentifiersWithin() instead.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all objects.
+     */
+    Set<String> selectIdentifiersWithin(@Param("parentIdentifier") String parentIdentifier);
+    
+    /**
+     * Selects the identifiers of all connections within the given parent
+     * connection group that are explicitly readable by the given user. If
+     * identifiers are needed by a system administrator (who, by definition,
+     * does not need explicit read rights), use selectIdentifiersWithin()
+     * instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an identifier
+     *    is returned.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all readable objects.
+     */
+    Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
+            @Param("parentIdentifier") String parentIdentifier);
+    
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
new file mode 100644
index 000000000..e65258a24
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * Object representation of a Guacamole connection, as represented in the
+ * database.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionModel {
+
+    /**
+     * The identifier of this connection in the database, if any.
+     */
+    private String identifier;
+
+    /**
+     * The identifier of the parent connection group in the database, or null
+     * if the parent connection group is the root group.
+     */
+    private String parentIdentifier;
+    
+    /**
+     * The human-readable name associated with this connection.
+     */
+    private String name;
+
+    /**
+     * The name of the protocol to use when connecting to this connection.
+     */
+    private String protocol;
+    
+    /**
+     * Creates a new, empty connection.
+     */
+    public ConnectionModel() {
+    }
+
+    /**
+     * Returns the name associated with this connection.
+     *
+     * @return
+     *     The name associated with this connection.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name associated with this connection.
+     *
+     * @param name
+     *     The name to associate with this connection.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the name of the protocol to use when connecting to this
+     * connection.
+     *
+     * @return
+     *     The name of the protocol to use when connecting to this connection.
+     */
+    public String getProtocol() {
+        return protocol;
+    }
+
+    /**
+     * Sets the name of the protocol to use when connecting to this connection.
+     *
+     * @param protocol
+     *     The name of the protocol to use when connecting to this connection.
+     */
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    /**
+     * Returns the identifier of the parent connection group, or null if the
+     * parent connection group is the root connection group.
+     *
+     * @return 
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public String getParentIdentifier() {
+        return parentIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the parent connection group.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public void setParentID(String parentIdentifier) {
+        this.parentIdentifier = parentIdentifier;
+    }
+
+    /**
+     * Returns the identifier of this connection in the database, if it exists.
+     *
+     * @return
+     *     The identifier of this connection in the database, or null if this
+     *     connection was not retrieved from the database.
+     */
+    public String getIdentifier() {
+        return identifier;
+    }
+
+    /**
+     * Sets the identifier of this connection to the given value.
+     *
+     * @param identifier 
+     *     The identifier to assign to this connection.
+     */
+    public void setIdentifier(String identifier) {
+        this.identifier = identifier;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
new file mode 100644
index 000000000..4ddd9578f
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import org.glyptodon.guacamole.GuacamoleClientException;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating connections.
+ *
+ * @author Michael Jumper, James Muehlner
+ */
+public class ConnectionService extends DirectoryObjectService<MySQLConnection, Connection, ConnectionModel> {
+
+    /**
+     * Mapper for accessing connections.
+     */
+    @Inject
+    private ConnectionMapper connectionMapper;
+
+    /**
+     * Provider for creating connections.
+     */
+    @Inject
+    private Provider<MySQLConnection> mySQLConnectionProvider;
+
+    @Override
+    protected DirectoryObjectMapper<ConnectionModel> getObjectMapper() {
+        return connectionMapper;
+    }
+
+    @Override
+    protected MySQLConnection getObjectInstance(AuthenticatedUser currentUser,
+            ConnectionModel model) {
+        MySQLConnection connection = mySQLConnectionProvider.get();
+        connection.init(currentUser, model);
+        return connection;
+    }
+
+    @Override
+    protected ConnectionModel getModelInstance(AuthenticatedUser currentUser,
+            final Connection object) {
+
+        // Create new MySQLConnection backed by blank model
+        ConnectionModel model = new ConnectionModel();
+        MySQLConnection connection = getObjectInstance(currentUser, model);
+
+        // Set model contents through MySQLConnection, copying the provided connection
+        connection.setIdentifier(object.getIdentifier());
+        connection.setParentIdentifier(object.getParentIdentifier());
+        connection.setName(object.getName());
+        connection.setConfiguration(object.getConfiguration());
+
+        return model;
+        
+    }
+
+    @Override
+    protected boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return whether user has explicit user creation permission
+        SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
+        return permissionSet.hasPermission(SystemPermission.Type.CREATE_CONNECTION);
+
+    }
+
+    @Override
+    protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return permissions related to connections 
+        return user.getUser().getConnectionPermissions();
+
+    }
+
+    @Override
+    protected void validateNewObject(AuthenticatedUser user, Connection object)
+            throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("Connection names must not be blank.");
+        
+        // FIXME: Do not attempt to create duplicate connections
+
+    }
+
+    @Override
+    protected void validateExistingObject(AuthenticatedUser user,
+            MySQLConnection object) throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("Connection names must not be blank.");
+        
+        // FIXME: Check whether such a connection is already present
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
new file mode 100644
index 000000000..21b992427
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper" >
+
+    <!-- Result mapper for connection objects -->
+    <resultMap id="ConnectionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel" >
+        <id     column="connection_id" property="identifier"       jdbcType="INTEGER"/>
+        <result column="name"          property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"     property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="protocol"      property="protocol"         jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all connection identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+    </select>
+
+    <!-- Select identifiers of all readable connections -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT connection_id
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all connection identifiers within a particular connection group -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+    </select>
+
+    <!-- Select identifiers of all readable connections within a particular connection group -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT guacamole_connection.connection_id
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple connections by identifier -->
+    <select id="select" resultMap="ConnectionResultMap">
+
+        SELECT
+            connection_id,
+            name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        WHERE connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple connections by identifier only if readable -->
+    <select id="selectReadable" resultMap="ConnectionResultMap">
+
+        SELECT
+            guacamole_connection.connection_id,
+            name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE guacamole_connection.connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Delete single connection by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection
+        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single connection -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+
+        INSERT INTO guacamole_connection (
+            name,
+            parent_id,
+            protocol 
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.protocol,jdbcType=VARCHAR}
+        )
+
+        <selectKey resultType="java.lang.String" keyProperty="identifier" order="AFTER">
+            SELECT LAST_INSERT_ID()
+        </selectKey>
+
+    </insert>
+
+    <!-- Update single connection -->
+    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+        UPDATE guacamole_connection
+        SET name      = #{object.name,jdbcType=VARCHAR},
+            parent_id = #{object.parentIdentifier,jdbcType=VARCHAR},
+            protocol  = #{object.protocol,jdbcType=VARCHAR}
+        WHERE connection_id = #{object.identifier,jdbcType=VARCHAR}
+    </update>
+
+</mapper>
\ No newline at end of file