Hi, seeing you had released a new version of Guacamole, I figured I should try it and see if it solves my problem. So I scrapped the VM and reinstalled from scratch, including Debian buster and Tomcat 9. Unfortunately, it hasn't changed a thing.
With the almost empty database (there are just guacadmin and two other admin accounts authenticating against LDAP), I create a new connection group "salle_0e03" and add an RDP connexion "p03e01" to it. The result is disappointing: Then I try to add it again, and receive the same error as last year: All this done in the web UI only: no direct database tampering or testing this time. I still suppose I may have done something wrong during installation, but don't see what it could be. Could it have something to do with the MariaDB connector for instance? I simply used the one coming with debian, and linked to it in guacamole home with: ln -s /usr/share/java/mariadb-java-client.jar /etc/guacamole/lib/ All the best, --- Olivier Chaudet Service informatique du LMO - UMR 8628 Bureau 2R1, bât 307 Faculté des Sciences 91405 ORSAY (33)1.69.15.31.67. De: "Nick Couchman" <[email protected]> À: "user" <[email protected]> Envoyé: Vendredi 25 Décembre 2020 13:45:59 Objet: Re: sub-elements not displayed in the web interface On Fri, Dec 18, 2020 at 8:08 AM Olivier Chaudet < [ mailto:[email protected] | [email protected] ] > wrote: Hello, this is the user I've created and managed everything else with. It's my account, in fact, and everything is checked in the "Permissions" area (and "guacamole_connection_permission" countains the corresponding read, update, delete and administer rows). A colleague with the same priviledges has the same problems. Those accounts authenticate through LDAP, their guacamole passwords beeing dummies. That said, we get the same result with the "guacadmin" SQL-only account. I'll try to spend some time seeing if I can reproduce the behavior you're seeing. I can't say that I've noticed it in any of my experience, but it seems like there's a very specific set of circumstances that produces it, and I don't know that I've been down that path, yet. BQ_BEGIN By the way, I just noticed that this account can't see LDAP users until they have an entry in the SQL db, which is weird but isn't a real problem for us as long as we use LDAP accounts to administrate Guacamole. BQ_END This is normal/intended behavior. The LDAP extension is designed to use the security of the user who is logging in via LDAP in order to query the LDAP. The search user that is configured in guacamole.properties only does the initial lookup for the user who is logging in, at which point LDAP re-binds with the user logging in and performs all other operations as that user. If the user logging in does not exist in LDAP, or fails to authenticate to LDAP, then communication with LDAP will stop and no further operations will be performed. Also, Guacamole does not synchronize user accounts between LDAP and database, and only creates them for you if you enable the auto-create parameter for the database extensions. BQ_BEGIN Thanks for making Guacamole! BQ_END Thanks for using it and participating in the community. -Nick
