On Fri, Dec 1, 2017 at 10:37 AM, <harry.dev...@faa.gov> wrote: > OK I was able to get it to log in. Here’s what I changed in my > guacamole.properties to make it work: > > ldap-search-bind-dn:cn=”Directory Manager” > > ldap-user-base-dn:cn=users,cn=accounts,dc=example,dc=com > > > > So the user logs in fine, but in /var/log/messages, I get the following > errors that I’m not sure are relevant or not: > > Dec 1 13:34:34 access server: 13:34:34.157 [http-bio-8080-exec-6] INFO > o.a.g.r.auth.AuthenticationService - User "harry.devine" successfully > authenticated from 172.31.26.216. > > Dec 1 13:34:35 access server: 13:34:35.644 [http-bio-8080-exec-6] WARN > o.a.g.auth.ldap.user.UserService - Possibly ambiguous user account: "Jon > Moen". > > Dec 1 13:34:36 access server: 13:34:36.122 [http-bio-8080-exec-6] WARN > o.a.g.auth.ldap.user.UserService - Possibly ambiguous user account: > "Steve Smith". > > Dec 1 13:34:36 access server: 13:34:36.146 [http-bio-8080-exec-6] WARN > o.a.g.auth.ldap.user.UserService - Could not query list of all users for > attribute "cn": Error while querying users. > > Guacamole is warning you that you have multiple users which map to the same username. Those users will likely be unable to log in, as Guacamole will not be able to determine with certainty which DN corresponds to those usernames.
You need to double-check your LDAP directory structure with respect to the configuration within guacamole.properties to determine why multiple users (multiple, distinct DNs) map to the same username. Something within the LDAP directory structure, the configuration, or both, is causing sanity checks for username uniqueness to fail, and the underlying problem needs to be corrected for things to work as expected. - Mike
