guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philip Herbert <m...@pherbert.de>
Subject ldap groups in 1.0.0 RC1
Date Sun, 06 Jan 2019 00:48:53 GMT
Hello,

I am trying to get ldap groups up and running when using in combination with mysql extension.

Without groups the config used so far for older versions works fine:
Because of global catalogue port(3269), all users in the entire directory are returned and
shown in Users, independant from the ou.


ldap-hostname: mydc.mydomain.de
ldap-port:3269
ldap-encryption-method:ssl
ldap-search-bind-dn:cn=GuacamoleLDAP,cn=Users,dc=mydomain,dc=de
ldap-search-bind-password:<justsomthinggenerated>
ldap-user-base-dn:dc=mydomain,dc=de
dap-username-attribute:sAMAccountName
ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))
ldap-max-search-results:4000


simply adding:
ldap-user-base-dn:dc=mydomain,dc=de

causes a failure:

01:32:21.232 [http-bio-8080-exec-9] WARN  o.a.g.r.auth.AuthenticationService - Authentication
attempt from [192.168.121.212, 127.0.0.1] for user "service" failed.
01:32:25.523 [http-bio-8080-exec-1] INFO  o.a.g.r.auth.AuthenticationService - User "philip"
successfully authenticated from [192.168.121.212, 0:0:0:0:0:0:0:1].
01:32:26.498 [http-bio-8080-exec-1] WARN  o.a.g.e.AuthenticationProviderFacade - The "ldap"
authentication provider has encountered an internal error which will halt the authentication
process. If this is unexpected or you are the developer of this authentication provider, you
may wish to enable debug-level logging. If this is expected and you wish to ignore such failures
in the future, please set "skip-if-unavailable: ldap" within your guacamole.properties.

When I set:
ldap-user-base-dn:cn=Users,dc=mydomain,dc=de

I can log in, but in the Administration Groups Tab
I see all Users and Groups in the Users Container oft the Directory and not only groups.

What is wrong in my config, why am I seeing users in the Groups tab and why can I not get
a list off all existing groups on the Groups tab.

Thanks, Philip



Mime
View raw message