guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amin Joodaki <judaki1...@yahoo.com>
Subject Re: Multiple Guacamole Properties
Date Tue, 22 Nov 2016 07:42:41 GMT
Hi Mike,
First of All, special appreciate to Guac. team. After that:Our exact Active Directory 2012
layout is as below:dc=test,dc=com
ou=dep1,OU=Accounts,dc=test,dc=comou=dep2,OU=Accounts,dc=test,dc=comou=serviceAccounts,OU=Accounts,dc=test,dc=com

And the settings in the file Guac.properties is as below:ldap-hostname: 172.24.3.24ldap-port:
389ldap-user-base-dn: OU=Accounts,dc=test,dc=comldap-search-bind-dn: CN=ldapUser,ou=serviceAccounts,OU=Accounts,dc=test,dc=comldap-search-bind-password:
P@ssw0rdldap-username-attribute: sAMAccountName
Also the iP Address of the Guac. is 172.24.3.23 (Which is directly connected to AD, without
any firewall in between).
The problem!!! is that, with the above configuration, no user can login.
But, when the change the ldap-user-base-dn to ou=dep1,OU=Accounts,dc=test,dc=com, Users
under OU dep1 can successfully login while the users under ou=dep2,OU=Accounts,dc=test,dc=com
can not login.
Looking forward for your kindly reply.Best Hopes



 

    On Sunday, November 20, 2016 3:51 AM, Mike Jumper <mike.jumper@guac-dev.org> wrote:
 

 Hi Amin,
Guacamole doesn't support multiple instances under the same servlet container. That said,
even if it did, I don't think that is a good solution to your problem.
If the current LDAP support does not properly map users within your Active Directory, then
the best way forward would be to identify what needs to change in the LDAP auth to support
the way your users are organized.
If you can guarantee that the username are unique, even if they are within different OU's,
you can probably get things working as-is by simply choosing an "ldap-user-base-dn" which
is common to the DN's of all users (even if they are otherwise technically within different
OU's) and using "ldap-search-bind-dn", "ldap-search-bind-password", and (if necessary) "ldap-username-attribute"
to define how AD should be queried to translate usernames to fully-qualified DN's.
If the above doesn't work, can you provide a more concrete example of how your AD users are
organized?
Thanks,
- Mike

On Wed, Nov 16, 2016 at 1:01 AM, Amin Joodaki <judaki1364@yahoo.com> wrote:

Dear All,
I connect Guacamole to Database and Active Directory, but guacamole unable to detect all OU
in active and it understand just the OU that defined in path properties file. then I want
to set some guacamole.war ( Client) file in tomcat to separate my department in login page
for example :
http://192.168.1.1:8080/ departmen1
http://192.168.1.1:8080/ department2  
...and assign specific guacamole.properties for each department.how can I set different properties
file and assign them to my guacamole.war files ?Best 
Amin





   
Mime
View raw message