[jira] [Assigned] (GUACAMOLE-957) Add support for querying multiple LDAP servers

Thu, 21 Oct 2021 00:51:07 -0700 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-957?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mike Jumper reassigned GUACAMOLE-957:
-------------------------------------

    Assignee: Mike Jumper

> Add support for querying multiple LDAP servers
> ----------------------------------------------
>
>                 Key: GUACAMOLE-957
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-957
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: guacamole-auth-ldap
>            Reporter: Robert Wolf
>            Assignee: Mike Jumper
>            Priority: Minor
>
> Hello,
> we have configured guacamole with postgresql (for configuration) and LDAP 
> (for authentication only) in version 1.0.0. The LDAP server are 3 Windows AD 
> servers.
> We have configured guacamole LDAP auth with {noformat}
> ldap-hostname: SERVER1 SERVER2 SERVER3
> {noformat}
> During authentication, guacamole connects to first server. If the connection 
> fails, it connectes to seconds server and if this connection fails to, it 
> connects to the third server. It works great in guacamole 1.0.0. But the 
> version 1.0.0 has problem with LDAP groups.
> So we have updated to 1.1.0. But in this configuration the multiple LDAP 
> hosts are incorrectly parsed and login does not work with "Invalid login" on 
> login page and following error message in the log {noformat}
> 13:21:24.339 [http-nio-8080-exec-16] ERROR o.a.g.a.ldap.LDAPConnectionService 
> - Binding with the LDAP server at "SERVER1 SERVER2 SERVER3" as user "bind-dn" 
> failed: ERR_04121_CANNOT_RESOLVE_HOSTNAME Cannot connect to the server, 
> Hostname 'SERVER1 SERVER2 SERVER3' could not be resolved.
> 13:21:24.340 [http-nio-8080-exec-16] ERROR 
> o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN 
> "bind-dn"
> 13:21:24.342 [http-nio-8080-exec-16] WARN  o.a.g.r.auth.AuthenticationService 
> - Authentication attempt from [10.0.48.1, 127.0.0.1] for user 
> "ad.user@domain" failed.
> {noformat}
> Could you verify this issue? Is there some other possible format for multiple 
> hostnames in *ldap-hostname* attribute? I have already tried to use "," 
> (comma) instead of space and to use LDAP URI format, but nothing works.
> Thank you for you answer.
> Regards,
> Robert Wolf.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to