guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hawkins, Richard" <richard.hawk...@medctrbarbour.org>
Subject RE: Configuring LDAP
Date Tue, 21 Nov 2017 20:31:13 GMT
Here is mine.. see if it helps..  the DC is a windows server 2012 r2 server.

 

ldap-hostname: dc01.mydomain.org

ldap-port: 3268

ldap-user-base-dn: DC=mydomain, DC=org

ldap-search-bind-dn: CN=mysecretlookupuser, CN=Users, DC= mydomain, DC=org

ldap-search-bind-password: Mysecret password

ldap-username-attribute: sAMAccountName

 

 

In the past I have had issues with using something other than the Base DN.   Also,  In my
configs the spacing DOES Matter..

 

r

 

From: harry.devine@faa.gov [mailto:harry.devine@faa.gov] 
Sent: Tuesday, November 21, 2017 2:01 PM
To: user@guacamole.apache.org
Subject: RE: Configuring LDAP

 

OK, took me a little bit to weed through some OpenLDAP config issues (it wasn’t installed
on the server I have guacamole installed on; didn’t realize that at first), but I got the
ldapsearch working.  So I re-enabled the LDAP parameters and tried again.  The page shows
“Invalid Login”, but the following is displayed in the /var/log/messages:

 

Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.ldap.LDAPConnectionService
- Unable to connect to LDAP server: Connect Error

Nov 21 14:56:15 access server: 14:56:15.495 [http-bio-8080-exec-9] ERROR o.a.g.a.l.AuthenticationProviderService
- Unable to bind using search DN ""cn=My User""

Nov 21 14:56:15 access server: 14:56:15.496 [http-bio-8080-exec-9] WARN  o.a.g.r.auth.AuthenticationService
- Authentication attempt from 172.31.26.216 for user "harry.devine" failed.

 

I have the LDAP parameters defined as follows in guacamole properties (I am masking the usernames
and such):

ldap-hostname="my-host"

ldap-port=636

ldap-search-bind-dn="cn=My User"

ldap-search-bind-password="Pass123"

ldap-user-base-dn="dc=my,dc=example,dc=com"

ldap-username-attribute="cn=users,cn=accounts,dc=my,dc=example,dc=com"

ldap-group-base-dn="cn=groups,cn=accounts,dc=my,dc=example,dc=com"

 

Ideas?

Harry

 

From: Nick Couchman [mailto:vnick@apache.org] 
Sent: Tuesday, November 21, 2017 9:20 AM
To: user@guacamole.apache.org
Subject: Re: Configuring LDAP

 

On Tue, Nov 21, 2017 at 8:10 AM, <harry.devine@faa.gov> wrote:

	I set SELinux to permissive and put the LDAP extension back (its under /usr/share/tomcat/.guacamole/extensions),
restarted tomcat and guacd, and try to log in using an LDAP user.  I click Login and on the
Network tab, it shows tokens (/guacamole/api/tokens) as having a “pending” status.  Never
gets any further.

	 

 

Okay...on the system where you're running Tomcat, can you make sure the OpenLDAP client utilities
are installed and then use "ldapsearch" to query the same LDAP server that you're trying to
use in Guacamole?  Something like this:

 

ldapsearch -H ldap://<server> -D <Search User> -W -b <base dn> cn=<Some
User In LDAP>

 

...substituting in the above parameters and make sure you get a response?

 

-Nick 

Mime
View raw message