I am using Apache Guacamole 1.5.3 with an openLDAP (slapd 2.5.16) backend, where all connection information is stored in the LDAP directory. The schema for the object class "guacConfigGroup" is here:
https://github.com/glyptodon/guacamole-client/blob/master/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif The contents of this are here: dn: cn=guacConfigGroup,cn=schema,cn=config objectClass: olcSchemaConfig cn: guacConfigGroup olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466 .115.121.1.15 ) olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.146 6.115.121.1.15 ) olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole config uration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter ) When I create a test ldif file to import I can define multiple "guacConfigParameter" values as specified here: https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database Using ldapadd, this works fine. Contents of the ldif file (with some info removed) below: dn: cn=guac-sr66-hostname-test,ou=guacamoleConnections,ou=groups,dc=subdomain,dc=domain,dc=com objectClass: guacConfigGroup objectClass: groupOfNames cn: guac-sr66-darter-test guacConfigProtocol: rdp guacConfigParameter: hostname=sr66-hostname.subdomain.domain.com guacConfigParameter: port=3389 member: cn=surfrock66,ou=accounts,dc=subdomain,dc=domain,dc=com If I use ApacheDirectoryStudio (2.0.0.v20210717-M17) and create the object, everything is fine for the first guacConfigParameter, but when I try to add an additional one, first I get a warning: "Warning! According to the schema attribute guacConfigParameter is not allowed! Do you still want to add a new value?" I can click through this warning and add a value "port=3389" which produces the following error: Error while executing LDIF - [LDAP result code 18 - inappropriateMatching] modify/add: guacConfigParameter: no equality matching rule There is an explicit difference between adding the same connection via ldapadd, and ApacheDS. On the guacamole mailing list about this same issue, a user indicated that ApacheDS isn't fully compatible with administering slapd servers, but I don't know the extent of that claim: https://www.mail-archive.com/[email protected]/msg01298.html Joe Gullo Sysadmin, Web Designer, Artist http://www.surfrock66.com [email protected] (714)926-0336
