guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: Docker + LDAP (Active Directory)
Date Fri, 14 Jul 2017 15:51:32 GMT
Are there any characters in the value for LDAP_SEARCH_BIND_PASSWORD
which might be being interpreted by your shell, and thus might not
make it into the environment variables of the Docker container as
expected?

- Mike


On Thu, Jul 13, 2017 at 9:19 PM, lfzamora <me@lennonzamora.com> wrote:
> Deploying latest docker images (as of 07/13/2017) of guacamole, guacd, and
> postgres with LDAP enabled in an Active Directory environment but getting
> "Invalid Login" at login page and logs throwing the following:
>
> 04:06:02.351 [http-nio-8080-exec-10] ERROR
> o.a.g.a.l.AuthenticationProviderService - Unable to bi
> nd using search DN "CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com"
> 04:06:02.352 [http-nio-8080-exec-10] WARN
> o.a.g.r.auth.AuthenticationService - Authentication at
> tempt from 192.168.1.223 for user "tuser" failed.
>
> Yep, those users exist and that is the correct DN double and triple checked
> in ADUAC. Ditto for passwords. Don't think it's anything to do with DB as I
> can login successfully with default 'guacadmin' account. But any attempt to
> login with a valid (in any other context) AD/LDAP user fails with the
> aforementioned errors.
>
> Not a port a network issue as the docker box can nc to 389. Tried IP instead
> of FQDN as well, no diff.
>
> It shouldn't be necessary but I also made the LDAP_SEARCH_BIND_DN account a
> domain admin. Should be able to search ldap tree as regular domain user but
> tried it anyway.
>
> Here is the full docker run command being used:
>
> sudo docker run --name guacamole --link guacd:guacd \
> --link postgres:postgres \
> -e POSTGRES_DATABASE=guacamole_db \
> -e POSTGRES_USER=guacamole_user \
> -e POSTGRES_PASSWORD=*** \
> -e LDAP_USER_BASE_DN=OU=Guacamole,DC=corp,DC=contoso,DC=com \
> -e
> LDAP_SEARCH_BIND_DN=CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com
> \
> -e LDAP_SEARCH_BIND_PASSWORD=*** \
> -e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
> -e LDAP_HOSTNAME=dc-1.corp.contoso.com \
> -e LDAP_PORT=389 \
> -e LDAP_ENCRYPTION_METHOD=none -d -p 8080:8080 guacamole/guacamole
>
> Any ideas? Maybe somewhere to get more detailed error feedback?
>
> Thanks
>
>
>
> --
> View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Docker-LDAP-Active-Directory-tp1296.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

Mime
View raw message