On Mon, Jul 1, 2019 at 9:20 PM Wuth, Antony <[email protected]> wrote:
> Hi all, > > > > I’ve got a (mostly) working install running, which I’m trying to move the > connection details into LDAP. > > > > It looks like authentication is working OK: > > INFO o.a.g.r.auth.AuthenticationService - User "xxx" successfully > authenticated from 10.x.x.x. > > > > However it appears the query for connections isn’t, as far as I can tell > it’s searching for the connections with the following query: > > 00:24:09.854 [http-nio-8080-exec-1] DEBUG > o.a.g.auth.ldap.ObjectQueryService - Searching > "OU=Groups,DC=xx,DC=xxx,DC=com" for objects matching > "(&(!(objectClass=guacConfigGroup))(member=CN=XXX,OU=XX,OU=Accounts,DC=xx,DC=xxx,DC=com))". > > > > Which if I’m reading it correctly will be searching for all objects where > the user is listed as a member and the objectClass isn’t guacConfigGroup. > Running this query manually with ldapsearch (predictably) produces a list > of groups the user is a member of – and not the guac config groups. Running > the query without the !( modifier does produce a list of connections. > My guess is that this is the query searching, not for configurations, but for user groups. What does your guacamole.properties file contain (minus sensitive information)? Do you have ldap-config-base-dn set? -Nick >
