On Fri, Sep 4, 2020 at 5:41 PM sysjaj <[email protected]> wrote:
> Mike,
>
> I believe this is the requested info on both accounts, including DN's.
>
> "jaytest'
>
> objectClass top^person^organizationalPerson^user
> cn jaytest
> description Just a test account on domain.
> givenName jaytest
> *distinguishedName* CN=jaytest,OU=DomainUsers,DC=gccaz,DC=edu
> instanceType 4
> whenCreated 9/1/2020 8:45:44 AM
> whenChanged 9/4/2020 2:33:02 PM
> displayName jaytest
> uSNCreated 135359339
> uSNChanged 135594602
> nTSecurityDescriptor
>
> O:DAG:DAD:AI(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa0030...!
> name jaytest
> objectGUID {7D78751D-036A-4659-AB12-B9511A0C2E3E}
> userAccountControl 66048
> badPwdCount 0
> codePage 0
> countryCode 0
> badPasswordTime (None)
> lastLogoff (None)
> lastLogon (None)
> pwdLastSet 9/4/2020 2:33:02 PM
> primaryGroupID 513
> objectSid S-1-5-21-2877231372-3052491633-13629038-216149
> accountExpires Never
> logonCount 0
> sAMAccountName jaytest
> sAMAccountType 805306368
> userPrincipalName [email protected]
> lockoutTime (None)
> objectCategory CN=Person,CN=Schema,CN=Configuration,DC=gccaz,DC=edu
> dSCorePropagationData The parameter is incorrect.
>
>From the documentation for the "ldap-username-attribute" property [1], the
default LDAP attribute that will be used for users is "uid". In your case,
there is no such attribute, and "cn" or "sAMAccountName" look like they
would be the correct choices. Your original guacamole.properties already
has an "ldap-username-attribute" property set to "sAMAccountName", the most
common attribute for Active Directory, but this is commented out. I suggest
simply uncommenting it and restarting Tomcat.
- Mike
[1] http://guacamole.apache.org/doc/gug/ldap-auth.html#guac-ldap-config
