[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[ https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734781#comment-16734781 ] Michael Jumper commented on GUACAMOLE-687: -- Testing against both {{guacamole/guacamole:0.9.14}} and {{guacamole/guacamole:1.0.0-RC1}} specifying the following: * {{LDAP_HOSTNAME}} (in my case the IP address of the Docker host) * An {{LDAP_USER_BASE_DN}} which does not contain the account used for {{LDAP_SEARCH_BIND_DN}} * An {{LDAP_USERNAME_ATTRIBUTE}} which is different from the default "uid" (I used same as your case: "cn") * An {{LDAP_SEARCH_BIND_DN}} which is outside the {{LDAP_USER_BASE_DN}} * {{LDAP_SEARCH_BIND_PASSWORD}} containing the password of the account specified by {{LDAP_SEARCH_BIND_DN}} I am unable to reproduce the problem described. Logins for all users in the directory work as expected with both images. No errors in the logs. > LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole) > - > > Key: GUACAMOLE-687 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-687 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap, guacamole-docker >Affects Versions: 1.0.0 >Reporter: Joshua Landon Key >Priority: Major > > I currently have a system up and running in docker with the following yml > compose file. I was planning on upgrading to the 1.0.0-RC1 image which was > made available less than a month ago on the docker hub to I used the > appropriate tags :1.0.0-RC1 instead of the :latest which is still using > 0.9.14. The problem that I am encountering is that given the appropriate > changes to the docker system I am presented with a running instance that > seems to work in all areas but one. LDAP Authentication fails with a message > indicating that it can not query the ldap system. when examining the network > calls through the browser dev tools I notice that it is the call to > /api/tokens which is failing and returning this failure message via a json > result. I want to note that the file below (with the *** replaced with the > appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have > also confirmed that by simply using the :latest and not the :1.0.0-RC1 that > the issue resolves itself (the DB has to be recreated but that is due to > schema differences). > {code:none|title=Docker Compose YML} > version: '3.0' > services: > guacd: > image: guacamole/guacd > volumes: > - drive:/drive:rw > - record:/record:rw > deploy: > replicas: 1 > postgres: > environment: > POSTGRES_DB: ** > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > image: postgres > volumes: > - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro > deploy: > replicas: 1 > guacamole: > depends_on: > - guacd > - postgres > environment: > GUACD_HOSTNAME: guacd > POSTGRES_DATABASE: ** > POSTGRES_HOSTNAME: postgres > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > EXTENSIONS: auth-ldap > LDAP_HOSTNAME: ldap.**.com > LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_USERNAME_ATTRIBUTE: cn > LDAP_SEARCH_BIND_DN: > CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_SEARCH_BIND_PASSWORD: ** > image: guacamole/guacamole > deploy: > replicas: 1 > volumes: > drive: > driver: local > record: > driver: local > data: > driver: local > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[ https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734660#comment-16734660 ] Michael Jumper commented on GUACAMOLE-687: -- {quote} I was planning on upgrading to the 1.0.0-RC1 image which was made available less than a month ago on the docker hub to I used the appropriate tags :1.0.0-RC1 instead of the :latest which is still using 0.9.14. {quote} [~KEYJ63], many thanks for testing this, but please keep in mind that this really shouldn't be considered an "upgrade" until the release is actually out. As a release candidate, things can be rolled back and changed at any time, including in a way that breaks compatibility. Anything tagged as a release candidate is still development code until promoted to release. {quote} ... LDAP Authentication fails with a message indicating that it can not query the ldap system. ... {quote} As noted by [~nick.couch...@yahoo.com], please provide the error message(s) you refer to in your description. We really need the actual log messages. {quote} {code:none} ... EXTENSIONS: auth-ldap ... {code} {quote} What's this {{EXTENSIONS}} environment variable about? The Guacamole Docker images do not use any such variable. > LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole) > - > > Key: GUACAMOLE-687 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-687 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap, guacamole-docker >Affects Versions: 1.0.0 >Reporter: Joshua Landon Key >Priority: Major > > I currently have a system up and running in docker with the following yml > compose file. I was planning on upgrading to the 1.0.0-RC1 image which was > made available less than a month ago on the docker hub to I used the > appropriate tags :1.0.0-RC1 instead of the :latest which is still using > 0.9.14. The problem that I am encountering is that given the appropriate > changes to the docker system I am presented with a running instance that > seems to work in all areas but one. LDAP Authentication fails with a message > indicating that it can not query the ldap system. when examining the network > calls through the browser dev tools I notice that it is the call to > /api/tokens which is failing and returning this failure message via a json > result. I want to note that the file below (with the *** replaced with the > appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have > also confirmed that by simply using the :latest and not the :1.0.0-RC1 that > the issue resolves itself (the DB has to be recreated but that is due to > schema differences). > {code:none|title=Docker Compose YML} > version: '3.0' > services: > guacd: > image: guacamole/guacd > volumes: > - drive:/drive:rw > - record:/record:rw > deploy: > replicas: 1 > postgres: > environment: > POSTGRES_DB: ** > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > image: postgres > volumes: > - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro > deploy: > replicas: 1 > guacamole: > depends_on: > - guacd > - postgres > environment: > GUACD_HOSTNAME: guacd > POSTGRES_DATABASE: ** > POSTGRES_HOSTNAME: postgres > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > EXTENSIONS: auth-ldap > LDAP_HOSTNAME: ldap.**.com > LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_USERNAME_ATTRIBUTE: cn > LDAP_SEARCH_BIND_DN: > CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_SEARCH_BIND_PASSWORD: ** > image: guacamole/guacamole > deploy: > replicas: 1 > volumes: > drive: > driver: local > record: > driver: local > data: > driver: local > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (GUACAMOLE-687) LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole)
[ https://issues.apache.org/jira/browse/GUACAMOLE-687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16734317#comment-16734317 ] Nick Couchman commented on GUACAMOLE-687: - Would be helpful to know what failure result is being returned? Also would be useful to see the error messages from the Guacamole Client container (catalina.out messages). > LDAP Failure in 1.0.0-RC1 (official docker hub image guacamole/guacamole) > - > > Key: GUACAMOLE-687 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-687 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap >Affects Versions: 1.0.0 > Environment: docker >Reporter: Joshua Landon Key >Priority: Major > Labels: LDAP, docker > Fix For: 1.0.0 > > > I currently have a system up and running in docker with the following yml > compose file. I was planning on upgrading to the 1.0.0-RC1 image which was > made available less than a month ago on the docker hub to I used the > appropriate tags :1.0.0-RC1 instead of the :latest which is still using > 0.9.14. The problem that I am encountering is that given the appropriate > changes to the docker system I am presented with a running instance that > seems to work in all areas but one. LDAP Authentication fails with a message > indicating that it can not query the ldap system. when examining the network > calls through the browser dev tools I notice that it is the call to > /api/tokens which is failing and returning this failure message via a json > result. I want to note that the file below (with the *** replaced with the > appropriate values) works in version 0.9.14 but fails in 1.0.0-RC1. I have > also confirmed that by simply using the :latest and not the :1.0.0-RC1 that > the issue resolves itself (the DB has to be recreated but that is due to > schema differences). > Docker Compose YML > --- > version: '3.0' > services: > guacd: > image: guacamole/guacd > volumes: > - drive:/drive:rw > - record:/record:rw > deploy: > replicas: 1 > postgres: > environment: > POSTGRES_DB: ** > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > image: postgres > volumes: > - /usr/share/guac/init:/docker-entrypoint-initdb.d:ro > deploy: > replicas: 1 > guacamole: > depends_on: > - guacd > - postgres > environment: > GUACD_HOSTNAME: guacd > POSTGRES_DATABASE: ** > POSTGRES_HOSTNAME: postgres > POSTGRES_PASSWORD: ** > POSTGRES_USER: ** > EXTENSIONS: auth-ldap > LDAP_HOSTNAME: ldap.**.com > LDAP_USER_BASE_DN: OU=Employee,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_USERNAME_ATTRIBUTE: cn > LDAP_SEARCH_BIND_DN: > CN=**,OU=Service,OU=Users,OU=Accounts,DC=**,DC=com > LDAP_SEARCH_BIND_PASSWORD: ** > image: guacamole/guacamole > deploy: > replicas: 1 > volumes: > drive: > driver: local > record: > driver: local > data: > driver: local -- This message was sent by Atlassian JIRA (v7.6.3#76005)