guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lfzamora>
Subject Docker + LDAP (Active Directory)
Date Fri, 14 Jul 2017 04:19:50 GMT
Deploying latest docker images (as of 07/13/2017) of guacamole, guacd, and
postgres with LDAP enabled in an Active Directory environment but getting
"Invalid Login" at login page and logs throwing the following:

04:06:02.351 [http-nio-8080-exec-10] ERROR
o.a.g.a.l.AuthenticationProviderService - Unable to bi
nd using search DN "CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com"
04:06:02.352 [http-nio-8080-exec-10] WARN 
o.a.g.r.auth.AuthenticationService - Authentication at
tempt from for user "tuser" failed.

Yep, those users exist and that is the correct DN double and triple checked
in ADUAC. Ditto for passwords. Don't think it's anything to do with DB as I
can login successfully with default 'guacadmin' account. But any attempt to
login with a valid (in any other context) AD/LDAP user fails with the
aforementioned errors.

Not a port a network issue as the docker box can nc to 389. Tried IP instead
of FQDN as well, no diff.

It shouldn't be necessary but I also made the LDAP_SEARCH_BIND_DN account a
domain admin. Should be able to search ldap tree as regular domain user but
tried it anyway.

Here is the full docker run command being used:

sudo docker run --name guacamole --link guacd:guacd \
--link postgres:postgres \
-e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \
-e LDAP_USER_BASE_DN=OU=Guacamole,DC=corp,DC=contoso,DC=com \
-e \
-e LDAP_PORT=389 \
-e LDAP_ENCRYPTION_METHOD=none -d -p 8080:8080 guacamole/guacamole

Any ideas? Maybe somewhere to get more detailed error feedback?


View this message in context:
Sent from the Apache Guacamole (incubating) - Users mailing list archive at

View raw message