OK, I was able to get it working better now. In our system, cn is the Common Name, but the user id is retrieved by the uid property. Once I set it to that, I was able to get in fine. Now onto trying to get port 636 to work.
Thanks, Harry From: Mike Jumper [mailto:[email protected]] Sent: Friday, December 01, 2017 2:59 PM To: [email protected] Subject: Re: Configuring LDAP On Fri, Dec 1, 2017 at 10:37 AM, <[email protected]<mailto:[email protected]>> wrote: OK I was able to get it to log in. Here’s what I changed in my guacamole.properties to make it work: ldap-search-bind-dn:cn=”Directory Manager” ldap-user-base-dn:cn=users,cn=accounts,dc=example,dc=com So the user logs in fine, but in /var/log/messages, I get the following errors that I’m not sure are relevant or not: Dec 1 13:34:34 access server: 13:34:34.157 [http-bio-8080-exec-6] INFO o.a.g.r.auth.AuthenticationService - User "harry.devine" successfully authenticated from 172.31.26.216. Dec 1 13:34:35 access server: 13:34:35.644 [http-bio-8080-exec-6] WARN o.a.g.auth.ldap.user.UserService - Possibly ambiguous user account: "Jon Moen". Dec 1 13:34:36 access server: 13:34:36.122 [http-bio-8080-exec-6] WARN o.a.g.auth.ldap.user.UserService - Possibly ambiguous user account: "Steve Smith". Dec 1 13:34:36 access server: 13:34:36.146 [http-bio-8080-exec-6] WARN o.a.g.auth.ldap.user.UserService - Could not query list of all users for attribute "cn": Error while querying users. Guacamole is warning you that you have multiple users which map to the same username. Those users will likely be unable to log in, as Guacamole will not be able to determine with certainty which DN corresponds to those usernames. You need to double-check your LDAP directory structure with respect to the configuration within guacamole.properties to determine why multiple users (multiple, distinct DNs) map to the same username. Something within the LDAP directory structure, the configuration, or both, is causing sanity checks for username uniqueness to fail, and the underlying problem needs to be corrected for things to work as expected. - Mike
