guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angel Elena <cr...@craem.net>
Subject ldap question
Date Sun, 21 Oct 2018 16:41:19 GMT
Hi, good afternoon.

I'm a new guacamole user. 

I installed it in a debian 9 and 0.9.9 guacd version. The program works fine with local users
mapping... my configuration:

/etc/guacamole/guacamole.properties

# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port:     4822

# Auth provider class (authenticates user/pass combination, needed if using the provided login
screen)
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
lib-directory: /etc/guacamole/extensions

# LDAP properties
ldap-hostname: ldap.craem.net
ldap-port: 389
ldap-user-base-dn: DC=craem,DC=net
ldap-search-bind-dn: CN=admin,DC=craem,DC=net
ldap-search-bind-password: passwordtuyu
ldap-username-attribute: uid



And the user mapping: /etc/guacamole/user-mapping.xml

<user-mapping>
                <authorize username="craem" password="passwordtuyu">
                <connection name="kamailio">
                        <protocol>ssh</protocol>
                        <param name="hostname">10.XX.XX.XX</param>
                        <param name="port">22</param>
                </connection>
                <connection name="chichi">
                        <protocol>ssh</protocol>
                        <param name="hostname">10.XX.XX.XX</param>
                        <param name="port">22</param>
                </connection>
                 <connection name="copiasVeeam">
                        <protocol>rdp</protocol>
                        <param name="hostname">10.XX.XX.XX</param>
                        <param name="port">3389</param>
                        <param name="ignore-cert">true</param>
                        <param name="security">rdp</param>
                </connection>
                <connection name="copiasVeeam9">
                        <protocol>rdp</protocol>
                        <param name="hostname">10.XX.XX.XX</param>
                        <param name="port">3389</param>
                        <param name="ignore-cert">true</param>
                        <param name="security">rdp</param>
                </connection>
                </authorize>
</user-mapping>


When I enter with the username "craem", I can view / enter in all hosts that I defined...
the problem is with the open ldap authentication.


My Ldap server is an OpenLDAP. I added the openldap schema:

# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f guacConfigGroup.ldif

And the schema is ready:

root@asterisk:/usr/src# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config
dn
dn: cn=schema,cn=config

dn: cn={0}core,cn=schema,cn=config

dn: cn={1}cosine,cn=schema,cn=config

dn: cn={2}nis,cn=schema,cn=config

dn: cn={3}inetorgperson,cn=schema,cn=config

dn: cn={4}zarafa,cn=schema,cn=config

dn: cn={5}radius,cn=schema,cn=config

dn: cn={6}guacConfigGroup,cn=schema,cn=config


I add one server to test:

file: entrada.ldif

dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus.craem.net
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net


add the file to my openldap:

# ldapadd -x -D cn=admin,dc=craem,dc=net -W -f entrada.ldif

And works fine

ldapsearch to view "angel" user:

# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"

# Angel Elena, zarafa-users, craem.net
dn: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
givenName:: xxxxx
sn: Elena
uid: angel
uidNumber: 1001
gidNumber: 500
zarafaAccount: 1
dialupAccess: 1
zarafaAdmin: 1
mobile: xxxxxx
homeDirectory: /home/angel
radiusFramedProtocol: PPP
radiusServiceType: Framed-User
radiusFramedCompression: Van-Jacobsen-TCP-IP
zarafaQuotaHard: 3000
zarafaQuotaWarn: 2000
zarafaQuotaSoft: 2500
zarafaQuotaOverride: 0
mail: craem@craem.net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: zarafa-user
objectClass: radiusprofile
objectClass: zarafa-group
objectClass: person
objectClass: organizationalPerson
cn: Angel Elena
cn: angel



And the zeus "object"

# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"

# zeus, craem.net
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
cn: zeus
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net



When I login with de "angel" user to the front-end, the user space is empty, without any machine,
but I can login.


Any ideas ?


Thanks



--------------------------------
Ángel Elena Medina       _o)
craem@craem.net          / \\
http://blog.craem.net  _(___V
@craem_
www.linkedin.com/in/angel-elena-medina
--------------------------------
Zarafa Webapp.
Mime
View raw message