On Wednesday, April 24, 2019, 8:56:20 PM GMT+2, Nick Couchman <[email protected]> wrote: > > In order for the LDAP module to load connections from LDAP you need to > specify the "ldap-config-base-dn" option in the guacamole.properties.file.
Hi Nick, You may not have seen the rest of my message as it appears truncated in yor reply, but I did specify the "ldap-config-base-dn" option. The problem was that I had two issues: 1) its value was wrong. I used cn=Schema,cn=Configuration,dc=mydomain,dc=org when it should have been cn=Users,dc=mydomain,dc=org 2) Since the AD tree is very big and the searchResults can lead to Guacamole client issuing the error "Unable to query list of objects from LDAP directory.", I had applied an excessively restrictive filter. I now apply the following, and it seems to work fine: ldap-user-search-filter: (|(&(objectClass=user)(sAMAccountName=*)(memberOf=cn=VPN,cn=Users,dc=mydomain,dc=org))(objectClass=guac*)) ldap-max-search-results: 4000 I can now properly authenticate *and* connect to RDP, telnet, ssh services by using LDAP/AD alone. Thanks for the great software, Vieri
