Hello again, Going through the logs I found that sometimes I get 21:33:16.456 [NioProcessor-21] WARN o.a.d.l.c.api.LdapNetworkConnection - Connection reset by peer . Is there a way I can adjust ldap related settings for better performance? Also, how can I configure multiple LDAP servers? (One way would be to load balance them, but I think that’s not that desirable).
Regards, Bogdan > On 10 Mar 2020, at 23:34, Stefan Bogdan Cimpeanu <[email protected]> wrote: > > Hello Mike, > > I understand your point about no caching. > About debugging, yes I have, and it gives me something like: > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : ‘' > > My guess is that indeed the LDAP is not in a consistent state at that point. > > Thanks! > Bogdan > >> On 10 Mar 2020, at 23:30, Mike Jumper <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Tue, Mar 10, 2020, 14:16 Stefan Bogdan Cimpeanu <[email protected] >> <mailto:[email protected]>> wrote: >> Hello all, >> >> I’m using Azure Active Directory Domain Services as my ldap source for >> Guacamole. The main use is for RDP with domain joined machines. >> I sometimes experience two (I think related issues): >> - some of the user accounts are not able to login to guacamole even though >> supplied user/password are correct (the user can RDP to the VM directly, but >> not login to guacamole). Error in logs don’t say much except "Authentication >> attempt from [ IP ] for user xxxx failed” >> - sometimes it takes few hours or even a server restart to see newly created >> AADDS users in guacamole >> >> Is there a way I can “force” an ldap sync so that users are added to >> guacamole? >> >> There is no sync. When using LDAP, Guacamole authenticates against LDAP >> directly. The relevant users and groups do not need to exist in the database >> except where you are granting those users/groups permissions for connections >> stored on the database, however the web interface is organized such that >> attempting to do so would result in their creation. >> >> If you are seeing inconsistencies in whether users/groups exist, I don't >> believe that inconsistency would be on the Guacamole side. There's no cache >> between sessions, nothing stored from LDAP. Data from LDAP is queried >> directly as needed. It may be that the LDAP server takes time to become >> consistent, and that the correlation with server restarts is a coincidence. >> >> Regarding the login failures, have you tried enabling debug-level logging in >> for the webapp? >> >> - Mike >> >
