For reference, here is my sanitized AD LDAP config. Do you notice any obvious differences from yours? I’m running 1.4.0 on Ubuntu LTS 20.04.3
auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider ### LDAP properties ldap-hostname:�����������contoso.com ldap-port:���������������636 ldap-encryption-method: ssl ldap-user-base-dn:�������OU=Users,DC=contoso,DC=com ldap-username-attribute: sAMAccountName ldap-search-bind-dn: CN=LDAP Query User,OU=Service Accounts,DC=contoso,DC=com ldap-search-bind-password: correcthorsebatterystaple ldap-group-base-dn: OU=Guacamole Groups,DC=contoso,DC=com ldap-follow-referrals: true ldap-dereference-aliases: always # Postgres postgresql-hostname: localhost postgresql-port: 5432 postgresql-database: guacamole_db postgresql-username: guacamole_user postgresql-password: correcthorsebatterystaple postgresql-auto-create-accounts: true David Haukeness Sent from my iPhone > On Jul 8, 2022, at 10:47 AM, Kevin Cameron <[email protected]> wrote: > > > I have 6 different instances of Guacamole setup connected to MS Active > Directory with a Postgres background DB. > > They all have a similar guacamole.properties and when I verify my group and > user search filter strings with ldapsearch I get consistent and expected > results. > > Problem: > In the catalina.out I can see LDAP search results showing the users and AD > groups that are expected but they sometimes update in Guacamole, sometimes > not. If I sign into guacamole with an AD user the user can authenticate and > the user does show up in the Guacamole Gui BUT at the top of the page they > don't have the tabs that reflect that they are LDAP / Postgres users. > > At the same time the AD groups don't populate the groups list. > > postgresql-auto-create-accounts is set to true. > > Sometimes if I manually create a random user then all of a sudden the lists > populate on the next user login but not always. And then any future updates > do not show. Restarting the application does not seem to make a difference. > > Instance 1
> > vs > > Instance2:
> > > My logback is setup to debug so I get a lot of log activity but is there > something I can add to the logback to focus on the LDAP process. > > I have spent a lot of time on this and could use help. I really need the AD > groups to import correctly so that we can tie connections to them > Thanks, > Kevin
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
