On 2020-09-11 17:22, Niubbo75 wrote:
Hello all, I'm getting troubles trying to bind guacamole using ldap extension to a Synology Directory Service running as Active Directory, I got this error: BindSimple: Transport encryption required. I've googled a lot but w/out any goals, anyone has experienced something similar and know how to set it up the correct encryption method and port? Thanks to all who will help, cheers, Alessandro
Hi!Synology LDAP Servers use standard ports. AFAIK, they support unencrypted LDAP via port 389 and LDAPS via port 636.
In the guacamole config, the two things to set in guacamole.properties are ldap-port: 636 (not actually needed, since we choose ssl and it is default) ldap-encryption-method: sslThere is one more pickle, you are in. I do not suppose that the LDAP-Server uses a certificate that is known to the tomcat server of guacamole and I never found an option to ignore checking it in the config.
Therefore, you will have to "teach" tomcat to accept the certificate by making a truststore and telling tomcat to use that one. If you use a certitificate of a known CA, it should just work.
I am not sure if the synology DS can be configured to talk "unencrypted". If yes, you should only do that if the traffic is confined to a private, unrouted network. And even then, only if you are desperate to get it working.
In that case, you can try ldap-port: 389 ldap-encryption-method: none Best regards, Sven Specker -- __________________________________________________________________ *** Sven Specker -- University of Frankfurt Computing Center *** *********** UNIX System Administration (Auth/IDM) **************** ***** [email protected] [Phone (+49)-69-798-15188] ***** ****************************************************************** __________________________________________________________________ Johann Wolfgang Goethe Universitaet - Hochschulrechenzentrum - Theodor W. Adorno-Platz 1 (PA-1P16) D-60323 Frankfurt/Main __________________________________________________________________ ______________ TeX-users do it in {groups}________________________
smime.p7s
Description: S/MIME Cryptographic Signature
