[
https://issues.apache.org/jira/browse/GUACAMOLE-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853067#comment-16853067
]
Michael Jumper commented on GUACAMOLE-804:
------------------------------------------
There is no requirement that the search DN exist within the user base DN.
Guacamole simply binds as the search DN before executing its initial search
query to determine the DN of the user logging in. The search DN has no bearing
on whether users will be displayed within Settings/Users; only on how the
initial user login is mapped to a DN.
I suspect the cause of your error is configuration, not a bug. If you're still
having issues with this, please post to the [email protected] list.
> LDAP authentication not working correctly
> -----------------------------------------
>
> Key: GUACAMOLE-804
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-804
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Reporter: Peter Kubica
> Priority: Minor
>
> LDAP authentication with database backend (as proposed
> [here|https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database])
> can't correctly handle situation, when _ldap-search-bind-dn_ is not contained
> in _ldap-user-base-dn_.
> Eg.:
> {{ldap-user-base-dn: ou=common,ou=users,dc=example,dc=com}}
> {{ldap-search-bind-dn: uid=guacamole,ou=system,ou=users,dc=example,dc=com}}
> In this situation _guacamole_ user will not show LDAP users in Settings/Users
> and common user authentication will result it successful authentication
> followed by _Unable to query list of objects from LDAP directory_ error.
> Even with:
> {{ldap-user-base-dn: ou=users,dc=example,dc=com}}
> things are not working correctly for users from
> _ou=common,ou=users,dc=example,dc=com_.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
