I’ve got a (mostly) working install running, which I’m trying to move the connection details into LDAP.
It looks like authentication is working OK:
INFO o.a.g.r.auth.AuthenticationService - User "xxx" successfully authenticated from 10.x.x.x.
However it appears the query for connections isn’t, as far as I can tell it’s searching for the connections with the following query:
00:24:09.854 [http-nio-8080-exec-1] DEBUG o.a.g.auth.ldap.ObjectQueryService - Searching "OU=Groups,DC=xx,DC=xxx,DC=com" for objects matching "(&(!(objectClass=guacConfigGroup))(member=CN=XXX,OU=XX,OU=Accounts,DC=xx,DC=xxx,DC=com))".
Which if I’m reading it correctly will be searching for all objects where the user is listed as a member and the objectClass isn’t guacConfigGroup. Running this query manually with ldapsearch (predictably) produces a list of groups the user is a member of – and not the guac config groups. Running the query without the !( modifier does produce a list of connections.
I’ve tried digging through the code but can’t see where it would be adding the negation to the search.