guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Cantle <p...@cantle.me>
Subject Re: is it possible to use ldap-user-base-dn as like "ldap-user-base-dn: dc=example,dc=net" in Guacamole ?
Date Mon, 23 Jan 2017 11:51:19 GMT
Hi,

In modern versions of AD, to search from the root DN, you need to use port 3268 so you can
use the global catalogue

Try that instead of port 389

Rgds

paul



From: Anburaj Palraj <anburajrhce@gmail.com>
Reply-To: "user@guacamole.incubator.apache.org" <user@guacamole.incubator.apache.org>
Date: Monday, 23 January 2017 at 11:41
To: "user@guacamole.incubator.apache.org" <user@guacamole.incubator.apache.org>
Subject: is it possible to use ldap-user-base-dn as like "ldap-user-base-dn: dc=example,dc=net"
in Guacamole ?

Hi Friends,
Currently i am using 0.9.10-incubating  (Associating LDAP with a database) and my guacamole
property file is like below .

==

guacd-hostname: localhost
guacd-port: 4822

####LDAP properties optional for people with MS Active Directory / lDAP environment

ldap-hostname: 192.168.207.48
ldap-port: 389
ldap-user-base-dn: dc=example,dc=net
ldap-search-bind-dn: CN=guacamole,ou=Technology,ou=BLR-KSPs,ou=BLR-KSP-Platina,ou=Platina
- BLR,dc=example,dc=net
ldap-search-bind-password: Welcome@123
ldap-username-attribute: sAMAccountName

# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacadb
mysql-username: guacauser
mysql-password: guacauser@247

# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
mysql-disallow-duplicate-connections: false

===

Whereas if i use  ldap-user-base-dn as like below  , it is working  fine . but the problem
here is  users who all are  under the main  root directory (not under any  OU) they are not
able to  login


ldap-user-base-dn: ou=Platina -BLR,DC=example,DC=net


 doc says  "If a search DN is provided (via ldap-search-bind-dn), then Guacamole users need
only be somewhere within the subtree of the specified user base DN."

so if i use  "ldap-user-base-dn:  dc=example,dc=net" also sould work right ?

Please help me to solve this issue ?
Mime
View raw message