Hi, I am trying to configure LDAP authentication with connection details within the LDAP directory. Actually, I'm using AD instead of standard LDAP, but I'm pretty sure the obects have been created properly on the AD server (guacConfigParameter, guacConfigProtocol, guacConfigGroup).
I created a test "telnet" group called AlcatelPBXtelnet (objectClass: guacConfigGroup, guacConfigProtocol: telnet, etc.), and added my user as a member. These are my config files: # cat guacd.conf [daemon] log_level = debug [server] bind_host = 10.215.144.124 # cat guacamole.properties guacd-hostname: 10.215.144.124 guacd-port: 4822 # LDAP # auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider ldap-hostname: 10.215.144.35 ldap-port: 389 ldap-encryption-method: none ldap-user-base-dn: cn=Users,dc=mydomain,dc=org ldap-username-attribute: cn ldap-user-search-filter: (&(objectClass=user)(sAMAccountName=*)(memberOf=cn=VPN,cn=Users,dc=mydomain,dc=org)) ldap-max-search-results: 4000 # ls extensions/ guacamole-auth-ldap-1.0.0.jar I can log into the Guacamole web UI, but I cannot see my configured connection (telnet). I'm totally new to Tomcat so please bear with me. My /var/log/tomcat has several files: catalina.*.log localhost.*.log localhost_access_log.*.txt host-manager.*.log manager.*.log I'm expecting to see LDAP debug messages in catalina.*.log files, but I see none. I enabled a few things in /etc/tomcat/logging.properties, but it doesn't seem to make any difference regarding the LDAP extension. Anyway, I resorted to grabbing a tcpdump on port 389 to see what guacamole was doing. I can see a successful bindResponse, followed by a searchRequest wholeSubtree. I can then see a list of all the users who actually belong to the VPN group. One of these is my user (CN=myuser,CN=Users,DC=mydomain,DC=org). After the searchResEntry results I get an unbindRequest, and the connection finishes. I'm guessing Guacamole is not finding the guac* objects. I then added this to my guacamole.properties: ldap-config-base-dn: cn=Schema,cn=Configuration,dc=mydomain,dc=org The tcpdump shows a searchRequest on cn=Schema,cn=Configuration,dc=mydomain,dc=org and a searchResDone with 30 results. However, when my user enters the Guacamole web UI there's no connection available. A quick manual search shows this: # ldapsearch -b 'cn=Schema,cn=Configuration,dc=mydomain,dc=org' -x -D admin-w passwd -x -h10.215.144.35 | grep guac # guacConfigParameter, Schema, Configuration, mydomain.org dn: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydomain,DC=or cn: guacConfigParameter distinguishedName: CN=guacConfigParameter,CN=Schema,CN=Configuration,DC=mydoma adminDisplayName: guacConfigParameter adminDescription: guacConfigParameter lDAPDisplayName: guacConfigParameter name: guacConfigParameter # guacConfigProtocol, Schema, Configuration, mydomain.org dn: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomain,DC=org cn: guacConfigProtocol distinguishedName: CN=guacConfigProtocol,CN=Schema,CN=Configuration,DC=mydomai adminDisplayName: guacConfigProtocol adminDescription: guacConfigProtocol lDAPDisplayName: guacConfigProtocol name: guacConfigProtocol # guacConfigGroup, Schema, Configuration, mydomain.org dn: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain,DC=org cn: guacConfigGroup distinguishedName: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydomain mustContain: guacConfigProtocol mayContain: guacConfigParameter adminDisplayName: guacConfigGroup adminDescription: guacConfigGroup lDAPDisplayName: guacConfigGroup name: guacConfigGroup defaultObjectCategory: CN=guacConfigGroup,CN=Schema,CN=Configuration,DC=mydoma # ldapsearch -b 'cn=Users,dc=mydomain,dc=org' -x -D admin -w passwd -x -h10.215.144.35 | grep telnet # AlcatelPBXtelnet, Users, mydomain.org dn: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org cn: AlcatelPBXtelnet distinguishedName: CN=AlcatelPBXtelnet,CN=Users,DC=mydomain,DC=org name: AlcatelPBXtelnet guacConfigProtocol: telnet What can I try? Thanks, Vieri
