[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[
https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734781#comment-16734781
]
Michael Jumper commented on GUACAMOLE-687:
--
Testing against both {{guacamole/guacamole:0.9.14}} andÂ
{{guacamole/guacamole:1.0.0-RC1}} specifying the following:
* {{LDAP_HOSTNAME}} (in my case the IP address of the Docker host)
* An {{LDAP_USER_BASE_DN}} which does not contain the account used for
{{LDAP_SEARCH_BIND_DN}}
* An {{LDAP_USERNAME_ATTRIBUTE}} which is different from the default "uid" (I
used same as your case: "cn")
* An {{LDAP_SEARCH_BIND_DN}} which is outside the {{LDAP_USER_BASE_DN}}
* {{LDAP_SEARCH_BIND_PASSWORD}} containing the password of the account
specified by {{LDAP_SEARCH_BIND_DN}}
I am unable to reproduce the problem described. Logins for all users in the
directory work as expected with both images. No errors in the logs.
> LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
> -
>
> Key: GUACAMOLE-687
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-687
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap, guacamole-docker
>Affects Versions: 1.0.0
>Reporter: Joshua Landon Key
>Priority: Major
>
> I currently have a system up and running in docker with the following yml
> compose file. I was planning on upgrading to the 1.0.0-RC1 image which was
> made available less than a month ago on the docker hub to I used the
> appropriate tags :1.0.0-RC1 instead of the :latest which is still using
> 0.9.14. The problem that I am encountering is that given the appropriate
> changes to the docker system I am presented with a running instance that
> seems to work in all areas but one. LDAP Authentication fails with a message
> indicating that it can not query the ldap system. when examining the network
> calls through the browser dev tools I notice that it is the call to
> /api/tokens which is failing and returning this failure message via a json
> result. I want to note that the file below (with the *** replaced with the
> appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have
> also confirmed that by simply using the :latest and not the :1.0.0-RC1 that
> the issue resolves itself (the DB has to be recreated but that is due to
> schema differences).
> {code:none|title=Docker Compose YML}
> version: '3.0'
> services:
> guacd:
> image: guacamole/guacd
> volumes:
> - drive:/drive:rw
> - record:/record:rw
> deploy:
> replicas: 1
> postgres:
> environment:
> POSTGRES_DB: **
> POSTGRES_PASSWORD: **
> POSTGRES_USER: **
> image: postgres
> volumes:
> - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro
> deploy:
> replicas: 1
> guacamole:
> depends_on:
> - guacd
> - postgres
> environment:
> GUACD_HOSTNAME: guacd
> POSTGRES_DATABASE: **
> POSTGRES_HOSTNAME: postgres
> POSTGRES_PASSWORD: **
> POSTGRES_USER: **
> EXTENSIONS: auth-ldap
> LDAP_HOSTNAME: ldap.**.com
> LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com
> LDAP_USERNAME_ATTRIBUTE: cn
> LDAP_SEARCH_BIND_DN:
> CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com
> LDAP_SEARCH_BIND_PASSWORD: **
> image: guacamole/guacamole
> deploy:
> replicas: 1
> volumes:
> drive:
> driver: local
> record:
> driver: local
> data:
> driver: local
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[
https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734660#comment-16734660
]
Michael Jumper commented on GUACAMOLE-687:
--
{quote}
I was planning on upgrading to the 1.0.0-RC1 image which was made available
less than a month ago on the docker hub to I used the appropriate tags
:1.0.0-RC1 instead of the :latest which is still using 0.9.14.
{quote}
[~KEYJ63], many thanks for testing this, but please keep in mind that this
really shouldn't be considered an "upgrade" until the release is actually out.
As a release candidate, things can be rolled back and changed at any time,
including in a way that breaks compatibility. Anything tagged as a release
candidate is still development code until promoted to release.
{quote}
... LDAP Authentication fails with a message indicating that it can not query
the ldap system. ...
{quote}
As noted by [~nick.couch...@yahoo.com], please provide the error message(s) you
refer to in your description. We really need the actual log messages.
{quote}
{code:none}
...
EXTENSIONS: auth-ldap
...
{code}
{quote}
What's this {{EXTENSIONS}} environment variable about? The Guacamole Docker
images do not use any such variable.
> LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
> -
>
> Key: GUACAMOLE-687
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-687
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap, guacamole-docker
>Affects Versions: 1.0.0
>Reporter: Joshua Landon Key
>Priority: Major
>
> I currently have a system up and running in docker with the following yml
> compose file. I was planning on upgrading to the 1.0.0-RC1 image which was
> made available less than a month ago on the docker hub to I used the
> appropriate tags :1.0.0-RC1 instead of the :latest which is still using
> 0.9.14. The problem that I am encountering is that given the appropriate
> changes to the docker system I am presented with a running instance that
> seems to work in all areas but one. LDAP Authentication fails with a message
> indicating that it can not query the ldap system. when examining the network
> calls through the browser dev tools I notice that it is the call to
> /api/tokens which is failing and returning this failure message via a json
> result. I want to note that the file below (with the *** replaced with the
> appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have
> also confirmed that by simply using the :latest and not the :1.0.0-RC1 that
> the issue resolves itself (the DB has to be recreated but that is due to
> schema differences).
> {code:none|title=Docker Compose YML}
> version: '3.0'
> services:
> guacd:
> image: guacamole/guacd
> volumes:
> - drive:/drive:rw
> - record:/record:rw
> deploy:
> replicas: 1
> postgres:
> environment:
> POSTGRES_DB: **
> POSTGRES_PASSWORD: **
> POSTGRES_USER: **
> image: postgres
> volumes:
> - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro
> deploy:
> replicas: 1
> guacamole:
> depends_on:
> - guacd
> - postgres
> environment:
> GUACD_HOSTNAME: guacd
> POSTGRES_DATABASE: **
> POSTGRES_HOSTNAME: postgres
> POSTGRES_PASSWORD: **
> POSTGRES_USER: **
> EXTENSIONS: auth-ldap
> LDAP_HOSTNAME: ldap.**.com
> LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com
> LDAP_USERNAME_ATTRIBUTE: cn
> LDAP_SEARCH_BIND_DN:
> CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com
> LDAP_SEARCH_BIND_PASSWORD: **
> image: guacamole/guacamole
> deploy:
> replicas: 1
> volumes:
> drive:
> driver: local
> record:
> driver: local
> data:
> driver: local
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[ https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734317#comment-16734317 ] Nick Couchman commented on GUACAMOLE-687: - Would be helpful to know what failure result is being returned? Also would be useful to see the error messages from the Guacamole Client container (catalina.out messages). > LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole) > - > > Key: GUACAMOLE-687 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-687 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap >Affects Versions: 1.0.0 > Environment: docker >Reporter: Joshua Landon Key >Priority: Major > Labels: LDAP, docker > Fix For: 1.0.0 > > > I currently have a system up and running in docker with the following yml > compose file. I was planning on upgrading to the 1.0.0-RC1 image which was > made available less than a month ago on the docker hub to I used the > appropriate tags :1.0.0-RC1 instead of the :latest which is still using > 0.9.14. The problem that I am encountering is that given the appropriate > changes to the docker system I am presented with a running instance that > seems to work in all areas but one. LDAP Authentication fails with a message > indicating that it can not query the ldap system. when examining the network > calls through the browser dev tools I notice that it is the call to > /api/tokens which is failing and returning this failure message via a json > result. I want to note that the file below (with the *** replaced with the > appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have > also confirmed that by simply using the :latest and not the :1.0.0-RC1 that > the issue resolves itself (the DB has to be recreated but that is due to > schema differences). > Docker Compose YML > --- > version: '3.0' > services: > guacd: > image: guacamole/guacd > volumes: > - drive:/drive:rw > - record:/record:rw > deploy: > replicas: 1 > postgres: > environment: > POSTGRES_DB: ** > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > image: postgres > volumes: > - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro > deploy: > replicas: 1 > guacamole: > depends_on: > - guacd > - postgres > environment: > GUACD_HOSTNAME: guacd > POSTGRES_DATABASE: ** > POSTGRES_HOSTNAME: postgres > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > EXTENSIONS: auth-ldap > LDAP_HOSTNAME: ldap.**.com > LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_USERNAME_ATTRIBUTE: cn > LDAP_SEARCH_BIND_DN: > CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_SEARCH_BIND_PASSWORD: ** > image: guacamole/guacamole > deploy: > replicas: 1 > volumes: > drive: > driver: local > record: > driver: local > data: > driver: local -- This message was sent by Atlassian JIRA (v7.6.3#76005)
