Hi Nick, Yes, I created the same guacadmin user on ldap also with the same password, just like an account on mysql.
In version 1.0.0, I see all my users through the guacadmin account without any problems. What configuration is missing in the configuration file to list all users, groups and / or settings available in LDAP, and thus appear in the guacadmin user list? I believe that this detail is the big difference that was in the versions and that it is causing a misunderstanding. What can be done so that the guacadmin user can perform these operations and list users and groups, in order to assign the connections that we want for each user ? Thanks ! Henri Em ter., 30 de jun. de 2020 às 21:44, Nick Couchman < [email protected]> escreveu: > On Tue, Jun 30, 2020 at 19:07 Henri Alves de Godoy > <[email protected]> wrote: > >> Hi Nick, thanks for reply ! >> >> My configuration: >> >> guacd-hostname: localhost >> guacd-port: 4822 >> >> auth-provider: >> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider >> auth-provider: >> net.sourceforge.guacamole.net.auth.mysql.MySQLAuthenticationProvider >> > > This option is not valid and will have no effect. > > >> ldap-hostname: server >> ldap-port: 389 >> ldap-encryption-method: none >> ldap-user-base-dn: >> ou=Users,ou=ADM,ou=FCA,dc=fca,dc=unicamp,dc=br >> ldap-search-bind-dn: cn=userldap,ou=FCA,dc=fca,dc=unicamp,dc=br >> ldap-search-bind-password: pass >> ldap-username-attribute: sAMAccountName >> ldap-follow-referrals: true >> > > Unless you need referrals enabled for traversing your LDAP directory you > might try turning this option off. > > >> mysql-hostname: localhost >> mysql-port: 3306 >> mysql-database: guacamole_db >> mysql-username: guacadmin >> mysql-password: pass >> >> And the log not show anything or error, but not binding with AD LDAP >> > >> Jun 30 20:28:41 remoto server: 20:28:41.435 [localhost-startStop-1] DEBUG >> o.a.g.extension.ExtensionModule - [2] Binding AuthenticationProvider >> "org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider". >> Jun 30 20:28:41 remoto server: 20:28:41.627 [localhost-startStop-1] INFO >> o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" loaded. >> Jun 30 20:30:58 remoto server: 20:30:58.633 [localhost-startStop-1] DEBUG >> o.a.g.extension.ExtensionModule - [2] Binding AuthenticationProvider >> "org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider". >> Jun 30 20:30:58 remoto server: 20:30:58.815 [localhost-startStop-1] INFO >> o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" loaded. >> >> Jun 30 20:34:00 remoto server: Loading class `com.mysql.jdbc.Driver'. >> This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver'. The >> driver is automatically registered via the SPI and manual loading of the >> driver class is generally unnecessary. >> Jun 30 20:34:01 remoto server: 20:34:01.082 [http-bio-8443-exec-1] DEBUG >> o.a.g.a.f.FileAuthenticationProvider - User mapping file >> "/etc/guacamole/user-mapping.xml" does not exist and will not be read. >> Jun 30 20:34:01 remoto server: 20:34:01.082 [http-bio-8443-exec-1] DEBUG >> o.a.g.r.auth.AuthenticationService - Anonymous authentication attempt from >> [143.106.230.18, 143.106.231.10] failed. >> Jun 30 20:34:07 remoto server: 20:34:07.391 [http-bio-8443-exec-3] DEBUG >> o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.65. >> Jun 30 20:34:07 remoto server: 20:34:07.494 [http-bio-8443-exec-3] INFO >> o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully >> authenticated from [143.106.230.18, 143.106.231.10]. >> Jun 30 20:34:07 remoto server: 20:34:07.539 [http-bio-8443-exec-3] DEBUG >> o.a.g.a.f.FileAuthenticationProvider - User mapping file >> "/etc/guacamole/user-mapping.xml" does not exist and will not be read. >> Jun 30 20:34:07 remoto server: 20:34:07.563 [http-bio-8443-exec-3] DEBUG >> o.a.g.r.auth.AuthenticationService - Login was successful for user >> "guacadmin". >> Jun 30 20:34:07 remoto server: 20:34:07.810 [http-bio-8443-exec-7] DEBUG >> o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.65. >> Jun 30 20:34:07 remoto server: 20:34:07.828 [http-bio-8443-exec-7] DEBUG >> o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.65. >> Jun 30 20:34:08 remoto server: 20:34:08.076 [http-bio-8443-exec-3] DEBUG >> o.a.g.a.mysql.conf.MySQLEnvironment - Database recognized as MySQL 5.5.65. >> > > Does the guacadmin user also exist in your LDAP directory? It looks from > these like you’re authenticating with guacadmin successfully and the JDBC > user is logging that user in. What happens when you attempt to > authenticate with a user from your LDAP directory? > > Keep in mind that, unless the guacadmin user exists in your LDAP directory > and has the same password as the database user you won’t be able to see any > of the LDAP users with the guacadmin user. The search user that you > specify in the configuration file is only ever used to attempt to locate > the user logging in - it is *not* used to enumerate all available users, > groups, and/or configurations from LDAP. Those operations are done as the > user who actually logs in. > > -Nick > -- -- Henri Alves Godoy Tecnologia da Informação e Comunicação Faculdade de Ciências Aplicadas - FCA Universidade Estadual de Campinas - UNICAMP Fone: (19) 3701-6682
