Hi,
just did the test, Studio accepts multiple values for the
guacConfigParameter parameter. Here is an export of an entry with
multiple parameters created with Studio and stored in ApacheDS:
version: 1
dn: commonName=test,dc=example,dc=com
objectClass: groupOfNames
objectClass: guacConfigGroup
objectClass: top
commonName: test
guacConfigProtocol: ABC
member: cn=config
guacConfigParameter: hostname=localhost
guacConfigParameter: password=secret
guacConfigParameter: port=5900
I suspect that OpenLDAP does not.
The error [LDAP result code 18 - inappropriateMatching] modify/add:
> guacConfigParameter: no equality matching rule means OpenLDAP does
not find a MatchingRule for the attribute, which is quite strange.
Can you extract the OpenLDAP schema you are using?
On 13/10/2023 18:08, Joe Gullo wrote:
I am using Apache Guacamole 1.5.3 with an openLDAP (slapd 2.5.16)
backend, where all connection information is stored in the LDAP
directory. The schema for the object class "guacConfigGroup" is here:
https://github.com/glyptodon/guacamole-client/blob/master/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif
<https://github.com/glyptodon/guacamole-client/blob/master/extensions/guacamole-auth-ldap/schema/guacConfigGroup.ldif>
The contents of this are here:
dn: cn=guacConfigGroup,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: guacConfigGroup
olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME
'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466
.115.121.1.15 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME
'guacConfigParameter' SYNTAX 1.3.6.1.4.1.146
6.115.121.1.15 )
olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup'
DESC 'Guacamole config
uration group' SUP groupOfNames MUST guacConfigProtocol MAY
guacConfigParameter )
When I create a test ldif file to import I can define multiple
"guacConfigParameter" values as specified here:
https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database
<https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database>
Using ldapadd, this works fine. Contents of the ldif file (with some
info removed) below:
dn:
cn=guac-sr66-hostname-test,ou=guacamoleConnections,ou=groups,dc=subdomain,dc=domain,dc=com
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: guac-sr66-darter-test
guacConfigProtocol: rdp
guacConfigParameter: hostname=sr66-hostname.subdomain.domain.com
<http://sr66-hostname.subdomain.domain.com>
guacConfigParameter: port=3389
member: cn=surfrock66,ou=accounts,dc=subdomain,dc=domain,dc=com
If I use ApacheDirectoryStudio (2.0.0.v20210717-M17) and create the
object, everything is fine for the first guacConfigParameter, but when I
try to add an additional one, first I get a warning:
"Warning! According to the schema attribute guacConfigParameter is not
allowed! Do you still want to add a new value?"
I can click through this warning and add a value "port=3389" which
produces the following error:
Error while executing LDIF
- [LDAP result code 18 - inappropriateMatching] modify/add:
guacConfigParameter: no equality matching rule
There is an explicit difference between adding the same connection via
ldapadd, and ApacheDS.
On the guacamole mailing list about this same issue, a user indicated
that ApacheDS isn't fully compatible with administering slapd servers,
but I don't know the extent of that claim:
https://www.mail-archive.com/[email protected]/msg01298.html
<https://www.mail-archive.com/[email protected]/msg01298.html>
Joe Gullo
Sysadmin, Web Designer, Artist
http://www.surfrock66.com <http://www.surfrock66.com>
[email protected] <mailto:[email protected]>
(714)926-0336
--
*Emmanuel Lécharny* P. +33 (0)6 08 33 32 61
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
