Hi, good afternoon. I'm a new guacamole user.
I installed it in a debian 9 and 0.9.9 guacd version. The program works fine with local users mapping... my configuration: /etc/guacamole/guacamole.properties # Hostname and port of guacamole proxy guacd-hostname: localhost guacd-port: 4822 # Auth provider class (authenticates user/pass combination, needed if using the provided login screen) user-mapping: /etc/guacamole/user-mapping.xml auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider basic-user-mapping: /etc/guacamole/user-mapping.xml lib-directory: /etc/guacamole/extensions # LDAP properties ldap-hostname: ldap.craem.net ldap-port: 389 ldap-user-base-dn: DC=craem,DC=net ldap-search-bind-dn: CN=admin,DC=craem,DC=net ldap-search-bind-password: passwordtuyu ldap-username-attribute: uid And the user mapping: /etc/guacamole/user-mapping.xml <user-mapping> <authorize username="craem" password="passwordtuyu"> <connection name="kamailio"> <protocol>ssh</protocol> <param name="hostname">10.XX.XX.XX</param> <param name="port">22</param> </connection> <connection name="chichi"> <protocol>ssh</protocol> <param name="hostname">10.XX.XX.XX</param> <param name="port">22</param> </connection> <connection name="copiasVeeam"> <protocol>rdp</protocol> <param name="hostname">10.XX.XX.XX</param> <param name="port">3389</param> <param name="ignore-cert">true</param> <param name="security">rdp</param> </connection> <connection name="copiasVeeam9"> <protocol>rdp</protocol> <param name="hostname">10.XX.XX.XX</param> <param name="port">3389</param> <param name="ignore-cert">true</param> <param name="security">rdp</param> </connection> </authorize> </user-mapping> When I enter with the username "craem", I can view / enter in all hosts that I defined... the problem is with the open ldap authentication. My Ldap server is an OpenLDAP. I added the openldap schema: # ldapadd -Q -Y EXTERNAL -H ldapi:/// -f guacConfigGroup.ldif And the schema is ready: root@asterisk:/usr/src# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn dn: cn=schema,cn=config dn: cn={0}core,cn=schema,cn=config dn: cn={1}cosine,cn=schema,cn=config dn: cn={2}nis,cn=schema,cn=config dn: cn={3}inetorgperson,cn=schema,cn=config dn: cn={4}zarafa,cn=schema,cn=config dn: cn={5}radius,cn=schema,cn=config dn: cn={6}guacConfigGroup,cn=schema,cn=config I add one server to test: file: entrada.ldif dn: cn=zeus,dc=craem,dc=net objectClass: guacConfigGroup objectClass: groupOfNames cn: zeus server guacConfigProtocol: ssh guacConfigParameter: hostname=zeus.craem.net guacConfigParameter: port=22 member: cn=angel,ou=zarafa-users,dc=craem,dc=net add the file to my openldap: # ldapadd -x -D cn=admin,dc=craem,dc=net -W -f entrada.ldif And works fine ldapsearch to view "angel" user: # ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net" # Angel Elena, zarafa-users, craem.net dn: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net givenName:: xxxxx sn: Elena uid: angel uidNumber: 1001 gidNumber: 500 zarafaAccount: 1 dialupAccess: 1 zarafaAdmin: 1 mobile: xxxxxx homeDirectory: /home/angel radiusFramedProtocol: PPP radiusServiceType: Framed-User radiusFramedCompression: Van-Jacobsen-TCP-IP zarafaQuotaHard: 3000 zarafaQuotaWarn: 2000 zarafaQuotaSoft: 2500 zarafaQuotaOverride: 0 mail: cr...@craem.net objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: zarafa-user objectClass: radiusprofile objectClass: zarafa-group objectClass: person objectClass: organizationalPerson cn: Angel Elena cn: angel And the zeus "object" # ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net" # zeus, craem.net dn: cn=zeus,dc=craem,dc=net objectClass: guacConfigGroup objectClass: groupOfNames cn: zeus server cn: zeus guacConfigProtocol: ssh guacConfigParameter: hostname=zeus guacConfigParameter: port=22 member: cn=angel,ou=zarafa-users,dc=craem,dc=net When I login with de "angel" user to the front-end, the user space is empty, without any machine, but I can login. Any ideas ? Thanks -------------------------------- Ángel Elena Medina _o) cr...@craem.net / \\ http://blog.craem.net _(___V @craem_ www.linkedin.com/in/angel-elena-medina -------------------------------- Zarafa Webapp.