guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vieri <>
Subject LDAP authentication and connection settings
Date Wed, 24 Apr 2019 09:16:56 GMT

I am trying to configure LDAP authentication with connection details within the LDAP directory.
Actually, I'm using AD instead of standard LDAP, but I'm pretty sure the obects have been
created properly on the AD server (guacConfigParameter, guacConfigProtocol, guacConfigGroup).

I created a test "telnet" group called AlcatelPBXtelnet (objectClass: guacConfigGroup, guacConfigProtocol:
telnet, etc.), and added my user as a member.

These are my config files:

# cat guacd.conf
log_level = debug

bind_host =

# cat
guacd-port: 4822

# auth-provider:
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
ldap-username-attribute: cn
ldap-user-search-filter: (&(objectClass=user)(sAMAccountName=*)(memberOf=cn=VPN,cn=Users,dc=mydomain,dc=org))
ldap-max-search-results: 4000

# ls extensions/

I can log into the Guacamole web UI, but I cannot see my configured connection (telnet).

I'm totally new to Tomcat so please bear with me. My /var/log/tomcat has several files:

I'm expecting to see LDAP debug messages in catalina.*.log files, but I see none.
I enabled a few things in /etc/tomcat/, but it doesn't seem to make any
difference regarding the LDAP extension.

Anyway, I resorted to grabbing a tcpdump on port 389 to see what guacamole was doing.
I can see a successful bindResponse, followed by a searchRequest wholeSubtree.
I can then see a list of all the users who actually belong to the VPN group. One of these
is my user (CN=myuser,CN=Users,DC=mydomain,DC=org).
After the searchResEntry results I get an unbindRequest, and the connection finishes.

I'm guessing Guacamole is not finding the guac* objects.

I then added this to my

ldap-config-base-dn: cn=Schema,cn=Configuration,dc=mydomain,dc=org

The tcpdump shows a searchRequest on cn=Schema,cn=Configuration,dc=mydomain,dc=org and a searchResDone
with 30 results.

However, when my user enters the Guacamole web UI there's no connection available.

A quick manual search shows this:

# ldapsearch -b 'cn=Schema,cn=Configuration,dc=mydomain,dc=org' -x -D admin-w passwd -x -h10.215.144.35
| grep guac
# guacConfigParameter, Schema, Configuration,
dn: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydomain,DC=or
cn: guacConfigParameter
distinguishedName: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydoma
adminDisplayName: guacConfigParameter
adminDescription: guacConfigParameter
lDAPDisplayName: guacConfigParameter
name: guacConfigParameter
# guacConfigProtocol, Schema, Configuration,
dn: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomain,DC=org
cn: guacConfigProtocol
distinguishedName: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomai
adminDisplayName: guacConfigProtocol
adminDescription: guacConfigProtocol
lDAPDisplayName: guacConfigProtocol
name: guacConfigProtocol
# guacConfigGroup, Schema, Configuration,
dn: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain,DC=org
cn: guacConfigGroup
distinguishedName: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain
mustContain: guacConfigProtocol
mayContain: guacConfigParameter
adminDisplayName: guacConfigGroup
adminDescription: guacConfigGroup
lDAPDisplayName: guacConfigGroup
name: guacConfigGroup
defaultObjectCategory: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydoma

# ldapsearch -b 'cn=Users,dc=mydomain,dc=org' -x -D admin -w passwd -x -h10.215.144.35 | grep
# AlcatelPBXtelnet, Users,
dn: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org
cn: AlcatelPBXtelnet
distinguishedName: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org
name: AlcatelPBXtelnet
guacConfigProtocol: telnet

What can I try?



View raw message