On Sun, May 3, 2020 at 9:49 AM Fabio Corsi < [email protected]> wrote:
> Thanks Nick. > > Not sure what *above* would be in my case. > Can you suggest what kind of information should I be looking for in my log > file? > > Sorry, after looking at this, again, I see what the issue is. In your guacamole.properties, you are not specifying the ldap-search-bind-dn and ldap-search-bind-password parameters. This means that Guacamole is not actually searching for the user that is attempting to log in, it is just computing the DN of the username by taking the username attribute (uid), the username (user_not_in_guacusers) and the ldap-user-base-dn (ou=users,dc=my,dc=domain) and putting together a user DN (uid=user_not_in_guacusers,ou=users,dc=my,dc=domain) and then attempting to bind with that account - and succeeding. If you want successful LDAP logins to actually be limited to the items in ldap-user-search-filter, you'll need to specify a LDAP account that Guacamole will use to search the tree ahead of time and find the users, and then that filter will not only apply to the users that are enumerated within the admin interface, but also to the users trying to log in. -Nick
