On Sun, Nov 28, 2021 at 9:18 AM Bryan Ohana <bryan.ohan...@me.com.invalid> wrote:
> Hi Mike ! > > > > Thanks for that I have connected my LDAPS with guacamole with the > following guacamole properties BUT when I log in I get the error “ERR_13207 > VALUE ALREADY EXIST” Already exists in the attribute. The error allow me to > log in but even as Global Administrator I have NO admin rights on > Guacamole… Any Insights ? > > Can you confirm that, when attempting to log in as an administrator: * You are logging in with LDAP credentials (the username matches the "sAMAccountName" attribute of an account in LDAP, and the password you are using is what has been set for that account in LDAP) * The username that you provide is also identical to the username of a database user having admin privileges, such as "guacadmin" * The password being provided is distinct from the password set for that user in MySQL, if any. (The MySQL extension has a filename that sorts earlier than the LDAP extension, and so will get the first shot at authenticating the user. If it's MySQL that successfully authenticates the user, the LDAP extension won't attempt to retrieve anything. The MySQL extension, on the other hand, will gladly trust the authentication result of the LDAP extension and provide additional data.) For example, if: 1) There is a user in your LDAP directory with "sAMAccountName" set to "guacadmin". 2) The "guacadmin" user exists in your MySQL database and has admin permissions. 3) You log in with the username "guacadmin" and the LDAP password of the LDAP user mentioned in #1 above. then you will have access to the admin UI of Guacamole (by virtue of having admin permissions granted within the database), and you will be able to see LDAP users within the overall user list as Guacamole will automatically unify the available users of both the LDAP and MySQL datasources. - Mike
