Hi Nick, ok it's work. Thank you again for your great support. -Fouad
________________________________ De : Nick Couchman <[email protected]> Envoyé : vendredi 4 septembre 2020 13:09 À : [email protected] <[email protected]> Objet : Re: don't see ldap users On Fri, Sep 4, 2020 at 3:27 AM fou fe <[email protected]<mailto:[email protected]>> wrote: Hello, I have fresh guacamole 1.2.0 installed in latest buster with mysql and ldap extensions. Everything is good except that i don't see ldap users in gui. I already create user with admin system in guacamole that belong in ldap. I used thar user but i don't see ldap users. In tomcat logs with debug there is no errors and jars are loaded. -Mysql extensions work . -ldapsearch work Generally speaking this tends to happen when you've created the LDAP admin user in Guacamole and have set the password to the same thing in the JDBC module as your LDAP password. If the password for the user in the JDBC module is set to the same as LDAP, when the authentication system processes the logins it will succeed on the JDBC login and never make it to the LDAP login, which will result in the behavior you're seeing. The solution is to either not set a password at all when you create that user in JDBC (it will actually auto-generate a random, complex password for the user), or change it in the JDBC module to something other than what it is in LDAP and log in with the *LDAP* password. There is tomcat log and my guacamole.propreties [2020-09-04 09:12:34] [info] [email protected]/java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:155) [2020-09-04 09:12:34] [info] [email protected]/java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:176) [2020-09-04 09:12:34] [info] com.google.inject.internal.util.$Finalizer.run(Finalizer.java:114) [2020-09-04 09:12:34] [warning] L'application web [guacamole] semble avoir démarré un thread nommé [com.google.inject.internal.util.$Finalizer] mais ne l'a pas arrêté, ce qui va probablement créer une fuite de mémoire; la trace du thread est: [2020-09-04 09:12:34] [info] [email protected]/java.lang.Object.wait(Native Method) [2020-09-04 09:12:34] [info] [email protected]/java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:155) [2020-09-04 09:12:34] [info] [email protected]/java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:176) [2020-09-04 09:12:34] [info] com.google.inject.internal.util.$Finalizer.run(Finalizer.java:114) [2020-09-04 09:12:34] [info] Arrêt du gestionnaire de protocole ["http-nio-8080"] [2020-09-04 09:12:34] [info] Destruction du gestionnaire de protocole ["http-nio-8080"] [2020-09-04 09:12:55] [info] NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io<http://java.io>=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED [2020-09-04 09:12:55] [info] Version du serveur: Apache Tomcat/9.0.31 (Debian) [2020-09-04 09:12:55] [info] Serveur compilé: Jul 15 2020 11:43:33 UTC [2020-09-04 09:12:55] [info] Version du serveur: 9.0.31.0 [2020-09-04 09:12:55] [info] Nom de l'OS: Linux [2020-09-04 09:12:55] [info] Version de l'OS: 4.19.0-10-amd64 [2020-09-04 09:12:55] [info] Architecture: amd64 [2020-09-04 09:12:55] [info] Répertoire de Java: /usr/lib/jvm/java-11-openjdk-amd64 [2020-09-04 09:12:55] [info] Version de la JVM: 11.0.8+10-post-Debian-1deb10u1 [2020-09-04 09:12:55] [info] Fournisseur de la JVM: Debian [2020-09-04 09:12:55] [info] CATALINA_BASE: /var/lib/tomcat9 [2020-09-04 09:12:55] [info] CATALINA_HOME: /usr/share/tomcat9 [2020-09-04 09:12:55] [info] Argument de la ligne de commande: --add-opens=java.base/java.lang=ALL-UNNAMED [2020-09-04 09:12:55] [info] Argument de la ligne de commande: --add-opens=java.base/java.io<http://java.io>=ALL-UNNAMED [2020-09-04 09:12:56] [info] Argument de la ligne de commande: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djava.awt.headless=true [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djdk.tls.ephemeralDHKeySize=2048 [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Dignore.endorsed.dirs= [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Dcatalina.base=/var/lib/tomcat9 [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Dcatalina.home=/usr/share/tomcat9 [2020-09-04 09:12:56] [info] Argument de la ligne de commande: -Djava.io.tmpdir=/tmp [2020-09-04 09:12:56] [info] Un version ancienne [1.2.21] de la bibliothèque Apache Tomcat Native basée sur APR est installée, alors que Tomcat recommande au minimum la version [1.2.23] [2020-09-04 09:12:56] [info] Chargement de la librairie Apache Tomcat Native [1.2.21] en utilisant APR version [1.6.5] [2020-09-04 09:12:56] [info] Fonctionnalités d'APR: IPv6 [true], sendfile [true], accept filters [false], random [true] [2020-09-04 09:12:56] [info] Configuration de APR/OpenSSL: useAprConnector [false], useOpenSSL [true] [2020-09-04 09:12:56] [info] OpenSSL a été initialisé avec succès [OpenSSL 1.1.1d 10 Sep 2019] [2020-09-04 09:12:56] [info] Initialisation du gestionnaire de protocole ["http-nio-8080"] [2020-09-04 09:12:56] [info] L'initialisation du serveur a pris [1 115] millisecondes [2020-09-04 09:12:56] [info] Démarrage du service [Catalina] [2020-09-04 09:12:56] [info] Démarrage du moteur de Servlets: [Apache Tomcat/9.0.31 (Debian)] [2020-09-04 09:12:56] [info] Déploiement du descripteur de configuration [/etc/tomcat9/Catalina/localhost/host-manager.xml] [2020-09-04 09:12:56] [warning] L'attribut path avec la valeur [/host-manager] dans le descripteur de déploiement [/etc/tomcat9/Catalina/localhost/host-manager.xml] a été ignoré [2020-09-04 09:12:58] [info] Au moins un fichier JAR a été analysé pour trouver des TLDs mais il n'en contenait pas, le mode "debug" du journal peut être activé pour obtenir une liste complète de JAR scannés sans succès; éviter d'analyser des JARs inutilement peut améliorer sensiblement le temps de démarrage et le temps de compilation des JSPs [2020-09-04 09:12:58] [info] Le traitement du descripteur de déploiement [/etc/tomcat9/Catalina/localhost/host-manager.xml] a pris [2 072] ms [2020-09-04 09:12:58] [info] Déploiement du descripteur de configuration [/etc/tomcat9/Catalina/localhost/manager.xml] [2020-09-04 09:12:58] [warning] L'attribut path avec la valeur [/manager] dans le descripteur de déploiement [/etc/tomcat9/Catalina/localhost/manager.xml] a été ignoré [2020-09-04 09:12:59] [info] Au moins un fichier JAR a été analysé pour trouver des TLDs mais il n'en contenait pas, le mode "debug" du journal peut être activé pour obtenir une liste complète de JAR scannés sans succès; éviter d'analyser des JARs inutilement peut améliorer sensiblement le temps de démarrage et le temps de compilation des JSPs [2020-09-04 09:12:59] [info] Le traitement du descripteur de déploiement [/etc/tomcat9/Catalina/localhost/manager.xml] a pris [765] ms [2020-09-04 09:12:59] [info] Déploiement de l'archive [/var/lib/tomcat9/webapps/guacamole.war] de l'application web [2020-09-04 09:13:01] [info] Au moins un fichier JAR a été analysé pour trouver des TLDs mais il n'en contenait pas, le mode "debug" du journal peut être activé pour obtenir une liste complète de JAR scannés sans succès; éviter d'analyser des JARs inutilement peut améliorer sensiblement le temps de démarrage et le temps de compilation des JSPs [2020-09-04 09:13:01] [info] 09:13:01.863 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". [2020-09-04 09:13:01] [info] 09:13:01.989 [main] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity. [2020-09-04 09:13:02] [info] 09:13:02.089 [main] INFO org.apache.guacamole.log.LogModule - Loading logback configuration from "/etc/guacamole/logback.xml". [2020-09-04 09:13:02] [info] 09:13:02.152 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "cs" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "nl" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "en" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "zh" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "fr" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "ru" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "de" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "ja" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "no" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "es" [2020-09-04 09:13:02] [info] 09:13:02.153 [main] DEBUG o.a.g.e.LanguageResourceService - Added language: "it" [2020-09-04 09:13:02] [info] 09:13:02.155 [main] DEBUG o.a.g.extension.ExtensionModule - Loading extension: "guacamole-auth-jdbc-mysql-1.2.0.jar" [2020-09-04 09:13:02] [info] 09:13:02.208 [main] DEBUG o.a.g.extension.ExtensionModule - [0] Binding AuthenticationProvider "org.apache.guacamole.auth.mysql.MySQLAuthenticationProvider". [2020-09-04 09:13:02] [info] 09:13:02.218 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". [2020-09-04 09:13:03] [info] 09:13:03.797 [main] DEBUG o.a.g.extension.ExtensionModule - [1] Binding AuthenticationProvider "org.apache.guacamole.auth.mysql.MySQLSharedAuthenticationProvider". [2020-09-04 09:13:03] [info] 09:13:03.859 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "es" [2020-09-04 09:13:03] [info] 09:13:03.874 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "ru" [2020-09-04 09:13:03] [info] 09:13:03.878 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "de" [2020-09-04 09:13:03] [info] 09:13:03.882 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "fr" [2020-09-04 09:13:03] [info] 09:13:03.887 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "ja" [2020-09-04 09:13:03] [info] 09:13:03.898 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "en" [2020-09-04 09:13:03] [info] 09:13:03.899 [main] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" loaded. [2020-09-04 09:13:03] [info] 09:13:03.899 [main] DEBUG o.a.g.extension.ExtensionModule - Loading extension: "guacamole-auth-ldap-1.2.0.jar" [2020-09-04 09:13:03] [info] 09:13:03.908 [main] DEBUG o.a.g.extension.ExtensionModule - [2] Binding AuthenticationProvider "org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider". [2020-09-04 09:13:03] [info] 09:13:03.909 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". [2020-09-04 09:13:04] [info] 09:13:04.199 [main] WARN o.a.g.e.LanguageResourceService - Overlay language resource "de" does not exist. [2020-09-04 09:13:04] [info] 09:13:04.201 [main] DEBUG o.a.g.e.LanguageResourceService - Merged strings with existing language: "en" [2020-09-04 09:13:04] [info] 09:13:04.201 [main] INFO o.a.g.extension.ExtensionModule - Extension "LDAP Authentication" loaded. [2020-09-04 09:13:04] [info] 09:13:04.202 [main] DEBUG o.a.g.extension.ExtensionModule - [3] Binding AuthenticationProvider "org.apache.guacamole.auth.file.FileAuthenticationProvider". [2020-09-04 09:13:04] [info] 09:13:04.203 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". [2020-09-04 09:13:04] [info] 09:13:04.331 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support... [2020-09-04 09:13:04] [info] 09:13:04.356 [main] DEBUG o.a.guacamole.tunnel.TunnelModule - WebSocket module loaded: org.apache.guacamole.tunnel.websocket.WebSocketTunnelModule [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.RESTExceptionMapper as a provider class [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.extension.ExtensionRESTService as a root resource class [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.language.LanguageRESTService as a root resource class [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.patch.PatchRESTService as a root resource class [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.auth.TokenRESTService as a root resource class [2020-09-04 09:13:04] [info] Registering org.apache.guacamole.rest.session.SessionRESTService as a root resource class [2020-09-04 09:13:04] [info] Registering org.codehaus.jackson.jaxrs.JacksonJsonProvider as a provider class [2020-09-04 09:13:04] [info] Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM' [2020-09-04 09:13:04] [info] Binding org.apache.guacamole.rest.RESTExceptionMapper to GuiceManagedComponentProvider with the scope "Singleton" [2020-09-04 09:13:04] [info] Binding org.codehaus.jackson.jaxrs.JacksonJsonProvider to GuiceManagedComponentProvider with the scope "Singleton" [2020-09-04 09:13:05] [info] Binding org.apache.guacamole.rest.extension.ExtensionRESTService to GuiceManagedComponentProvider with the scope "PerRequest" [2020-09-04 09:13:05] [info] Binding org.apache.guacamole.rest.language.LanguageRESTService to GuiceManagedComponentProvider with the scope "PerRequest" [2020-09-04 09:13:05] [info] Binding org.apache.guacamole.rest.patch.PatchRESTService to GuiceManagedComponentProvider with the scope "PerRequest" [2020-09-04 09:13:05] [info] Binding org.apache.guacamole.rest.auth.TokenRESTService to GuiceManagedComponentProvider with the scope "PerRequest" [2020-09-04 09:13:05] [info] Binding org.apache.guacamole.rest.session.SessionRESTService to GuiceManagedComponentProvider with the scope "PerRequest" [2020-09-04 09:13:05] [info] WebjarsServlet initialization completed [2020-09-04 09:13:05] [info] Le déploiement de l'archive de l'application web [/var/lib/tomcat9/webapps/guacamole.war] s'est terminé en [5 967] ms [2020-09-04 09:13:05] [info] Déploiement du répertoire d'application web [/var/lib/tomcat9/webapps/ROOT] [2020-09-04 09:13:06] [info] Au moins un fichier JAR a été analysé pour trouver des TLDs mais il n'en contenait pas, le mode "debug" du journal peut être activé pour obtenir une liste complète de JAR scannés sans succès; éviter d'analyser des JARs inutilement peut améliorer sensiblement le temps de démarrage et le temps de compilation des JSPs [2020-09-04 09:13:06] [info] Le déploiement du répertoire [/var/lib/tomcat9/webapps/ROOT] de l'application web s'est terminé en [720] ms [2020-09-04 09:13:06] [info] Démarrage du gestionnaire de protocole ["http-nio-8080"] [2020-09-04 09:13:06] [info] Le démarrage du serveur a pris [9 693] millisecondes The logs here stop after the application is loaded and do not show the actual login attempt. If you look at the logs past this, when you're actually logging in, you should see messages related to the admin user being logged in, and this will indicate what module has authenticated the user. ----------- #propreties auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider guacd-hostname: localhost guacad-port: 4822 #ldap ldap-hostname: ldapserver ldap-port: 389 ldap-encryption-method: none #ldap-search-bind-dn: ou=people,dc=firm,dc=fr ldap-user-base-dn: ou=people,dc=firm,dc=fr ldap-max-search-results: 5000 #mysql mysql-hostname: localhost mysql-port: 3306 mysql-database: guaca_db mysql-username: guaca_user mysql-password: password ------------------- This also could be an issue. If you do not specify the "ldap-search-bind-dn" property, Guacamole will not search for users - it will, instead, derive the user DN from the combination of login attribute (ldap-username-attribute), the username entered, and then the ldap-user-base-dn field. It has been a while since I tried using that configuration (it doesn't work in my AD environment), so I cannot remember exactly how it behaves, but if the solution above doesn't work it may be worth setting the ldap-search-bind-dn and password to see if that helps. -Nick
