From user-return-6071-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Wed May 1 19:51:49 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 10E4E180629 for ; Wed, 1 May 2019 21:51:48 +0200 (CEST) Received: (qmail 81818 invoked by uid 500); 1 May 2019 19:51:48 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 81807 invoked by uid 99); 1 May 2019 19:51:48 -0000 Received: from Unknown (HELO mailrelay2-lw-us.apache.org) (10.10.3.159) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 May 2019 19:51:48 +0000 Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) by mailrelay2-lw-us.apache.org (ASF Mail Server at mailrelay2-lw-us.apache.org) with ESMTPSA id C1BA43F5C for ; Wed, 1 May 2019 19:51:47 +0000 (UTC) Received: by mail-oi1-f172.google.com with SMTP id t81so14617197oig.10 for ; Wed, 01 May 2019 12:51:47 -0700 (PDT) X-Gm-Message-State: APjAAAX2Gil/QwIbkKapeZ490muEFR4gN6wxU7zAH0Qvx7n+kU3r62jE C2GtjmY2J1Q5b1Czf/FeX8Ylma19yPAXuzyoW1vDjA== X-Google-Smtp-Source: APXvYqz5HPfmzO0tkJ9M868O019HoTNOInj9m58cAi+KF5UD1gCTPIhsnTe3EUlRByhWpI724TiE8PEVaRVMj8TSC+0= X-Received: by 2002:aca:ef82:: with SMTP id n124mr7502154oih.177.1556740307039; Wed, 01 May 2019 12:51:47 -0700 (PDT) MIME-Version: 1.0 References: <1556725103825-0.post@n4.nabble.com> <1556737598932-0.post@n4.nabble.com> <1556740082657-0.post@n4.nabble.com> In-Reply-To: <1556740082657-0.post@n4.nabble.com> From: Mike Jumper Date: Wed, 1 May 2019 12:51:11 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: LDAP search vs. bind - what does guacamole use when? To: user@guacamole.apache.org Content-Type: multipart/alternative; boundary="0000000000000246c50587d8d9f4" --0000000000000246c50587d8d9f4 Content-Type: text/plain; charset="UTF-8" On Wed, May 1, 2019 at 12:48 PM nicoschottelius < nico.schottelius@ungleich.ch> wrote: > Hey Mike, > > the problem is that users cannot login like this at the moment. They are > being shown the "Unable to query list of objects from ldap directory" on > the > website message after I see a successful login in the guacamole logs. > > ... > > If I understood you correctly, this "should work", as there are no objects > that are needed to be accessed, or did I understand that wrong? > That is correct. Guacamole does not *need* access to the objects in the tree to authenticate users. It tries, but any failure is supposed to be non-fatal. You might be running into: https://issues.apache.org/jira/browse/GUACAMOLE-702 The above was recently fixed. Feel like testing against git master or staging/1.1.0? :) - Mike --0000000000000246c50587d8d9f4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Wed, May 1, 2019 at 1= 2:48 PM nicoschottelius <nico.schottelius@ungleich.ch> wrote:
Hey Mike,

the problem is that users cannot login like this at the moment. They are being shown the "Unable to query list of objects from ldap directory&q= uot; on the
website message after I see a successful login in the guacamole logs.

...

If I understood you correctly, this "should work", as there are n= o objects
that are needed to be accessed, or did I understand that wrong?

That is correct. Guacamole does not *need* access = to the objects in the tree to authenticate users. It tries, but any failure= is supposed to be non-fatal. You might be running into:


The above was recently fixed. Feel like testing against git master or= staging/1.1.0? :)

- Mike

--0000000000000246c50587d8d9f4--