guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Como asignar conexiones a un usuario autenticado de LDAP
Date Fri, 04 May 2018 10:13:26 GMT
On Fri, May 4, 2018 at 6:08 AM, rvarela <raul_waterclos@hotmail.com> wrote:

> Buenas tardes Nick
>
> El contenido del archivo guacamole.properties es este:
>
> #    Guacamole - Clientless Remote Desktop
> #    Copyright (C) 2010  Michael Jumper
> #
> #    This program is free software: you can redistribute it and/or modify
> #    it under the terms of the GNU Affero General Public License as
> published by
> #    the Free Software Foundation, either version 3 of the License, or
> #    (at your option) any later version.
> #
> #    This program is distributed in the hope that it will be useful,
> #    but WITHOUT ANY WARRANTY; without even the implied warranty of
> #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> #    GNU Affero General Public License for more details.
> #
> #    You should have received a copy of the GNU Affero General Public
> License
> #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
>
>
> # Hostname and port of guacamole proxy
> guacd-hostname: localhost
> guacd-port:     4822
>
> # Auth provider class (authenticates user/pass combination, needed if using
> the provided login screen)
> auth-provider:
> net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
> user-mapping: /etc/guacamole/user-mapping.xml
>
> # LDAP properties
>
> ldap-user-base-dn: ou=usuarios,dc=proyectoasir,dc=net
>


Looks like you're missing the "ldap-config-base-dn" property in your
configuration file.  If you look in the LDAP chapter of the manual under
the Configuration section (
http://guacamole.apache.org/doc/gug/ldap-auth.html#idm140500641772816)
you'll see that, if you don't specify this, Guacamole will not look for
connections in the LDAP tree:

ldap-config-base-dn

The base of the DN for all Guacamole configurations. *This property is
optional.* If omitted, the configurations of Guacamole connections will
simply not be queried from the LDAP directory. If specified, this base DN
will be used when querying the configurations accessible by a user once
they have successfully logged in.

Each configuration is analogous to a connection. Within Guacamole's LDAP
support, each configuration functions as a group, having user members (via
the member attribute) and optionally group members (via the seeAlso attribute),
where each member of a particular configuration group will have access to
the connection defined by that configuration.
So, you need to specify this property.


>
> Cuando hago la orden ldapadd -x -D cn = admin, dc = proyectoasir, dc = net
> -W -f conexionwindows.ldif
> me indica esto:
>
> adding new entry "cn=conexionwindows,ou=usuarios,dc=proyectoasir,dc=net"
>
> Cuando hago la orden ldapsearch -x -D cn = admin, dc = proyectoasir, dc =
> net -W cn =conexionwindows. ldif me indica esto:
>
>
You have an error in your search.  You should *not* be searching for the
LDIF file, you should be searching for the name of the connection.  The
correct search would be:

ldapsearch -x -D cn=admin,dc=proyectoasir,dc=net -W cn=conexionwindows

You put "cn=conexionwindows.ldif" (with .ldif at the end) which won't
work.  However, I suspect the issue you're facing is just the missing
property in guacamole.properties.

-Nick

Mime
View raw message