Johnathan,
I will give it a try. It would be nice to know the logic/process Guacamole uses in this case.
Thanks
Jim
Sent: Wednesday, March 23, 2022 at 10:25 AM
From: "Hankins, Jonathan" <[email protected]>
To: [email protected]
Subject: Re: How To have multiple LDAP servers?
From: "Hankins, Jonathan" <[email protected]>
To: [email protected]
Subject: Re: How To have multiple LDAP servers?
Jim,
What LDAP server are you using? Are you wanting multiple LDAP servers for fault-tolerance / load balancing? If you are using AD LDAP, you can use the DNS name of the domain instead of individual DCs and you will get DNS round robin. I am not sure how the LDAP library that Guacamole uses handles this, and I don't know if it has any logic to, e.g., try the 2nd IP if the first one doesn't respond. You could probably also handle this kind of situation with a load balancer (like haproxy) in front of your LDAP.
If you are trying to authenticate against multiple, different LDAP domains (i.e., users in domain 1 OR users in domain 2), that'd be up to guacamole to support, and I don't see anything indicating that in the documentation.
If you are in an AD situation where you have multiple domains all in one forest and want to query across the forest, you can do that by querying the Global Catalog port instead of the normal LDAP port, and enabling following of referrals, I think. Your search filter would have to be permissive enough to work for both domains, but not over-match, since you only get one search filter.
Good luck!
On Tue, Mar 22, 2022 at 6:53 AM Jim Rx <[email protected]> wrote:
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]We came upon this requirement yesterday -- how to I configure guacamole.properties so that there are multiple LDAP servers available to query? Can I simply have more than one ldap-hostname entries?ThanksJim
Jonathan Hankins
Homewood City Schools
W: 205-877-4548
Homewood City Schools
W: 205-877-4548
This e-mail is intended only for the recipient and may contain confidential or proprietary information. If you are not the intended recipient, the review, distribution, duplication or retention of this message and its attachments are prohibited. Please notify the sender of this error immediately by reply e-mail, and permanently delete this message and its attachments in any form in which they may have been preserved.
