Nico, I am trying to latter. When a user is trying to log into Guac I want that users credentials presented to AD to see if they can. If they can then allow them to login. At least based on the documentation I assume this is how I have it setup.
Brian -----Original Message----- From: Nico Schottelius <[email protected]> Sent: Tuesday, March 19, 2019 11:57 AM To: [email protected] Cc: Fertig, Brian <[email protected]> Subject: Re: LDAP Questions Hey Brion, you usually have two different methods for LDAP authentication: - binding with a specfic system user - binding (login) with the user that wants to login I am not fluent on how AD works, but in case of OpenLDAP, you will need to grant the binding access to the user(s) that you want to be able to bind (just being a user that can "login" to other apps is not enough). HTH, Nico Fertig, Brian <[email protected]> writes: > Greetings! > > I just setup ldap integration with Guac.. I try to login and it keeps > telling me it can't bind. The configuration I am using is below. This is > against Active Directory. > > ldap-user-base-dn: OU=Users,OU=code2,DC=code2,DC=philips,DC=com > ldap-username-attribute: sAMAccountName > > I notice it's trying to bind with the DN of sAMAccountName=XX, > OU=Users,OU=code2,DC=code2,DC=philips,DC=com From what I can tell reading > up on how binding to ldap you need to use a DN of a user which this isn't. > What am I doing wrong? > > Brian Fertig > MATC Tools Solutions Design Architect > Tools Program and Innovations > Monitoring Analytics & Therapeutic Care Customer Service Operations > > > ________________________________ > The information contained in this message may be confidential and legally > protected under applicable law. The message is intended solely for the > addressee(s). If you are not the intended recipient, you are hereby notified > that any use, forwarding, dissemination, or reproduction of this message is > strictly prohibited and may be unlawful. If you are not the intended > recipient, please contact the sender by return e-mail and destroy all copies > of the original message. -- Your Swiss, Open Source and IPv6 Virtual Machine. Now on https://eur01.safelinks.protection.outlook.com/?url=www.datacenterlight.ch&data=02%7C01%7C%7Cd65da866866e401d2c1608d6ac837948%7C1a407a2d76754d178692b3ac285306e4%7C0%7C1%7C636886078023933150&sdata=k7dv3L4ktn6EqyrO%2F%2FEbicHZezRCok2HT%2FRIBt1QZgc%3D&reserved=0.
