Thanks David, The only obvious thing was that I do not have the alias option defined. I tried adding it and restarting Gucamole but still the same thing.
Here are my settings: #LDAP settings: ldap-hostname: myADserver.mydomain.io ldap-port: 636 ldap-encryption-method: ssl ldap-search-bind-dn: CN=bind_user,OU=Infrastructure,OU=ServiceAccounts,OU=UAG,DC=mydomain,dc=io ldap-search-bind-password: mypassword ldap-user-base-dn: OU=UAG,dc=mydomain,dc=io ldap-user-search-filter: (&(objectClass=person)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=my_user_group,OU=Resource,OU=SecurityGroups,OU=UAG,DC=mydomain,DC=io)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) ldap-group-base-dn: OU=Customer,OU=User,OU=SecurityGroups,OU=UAG,DC=mydomain,DC=io ldap-group-name-attribute: cn ldap-group-search-filter: (&(objectClass=group)(sAMAccountName=*)(memberOf:1.2.840.113556.1.4.1941:=CN=my_user_group,OU=Resource,OU=SecurityGroups,OU=UAG,DC=mydomain,DC=io)) ldap-username-attribute: sAMAccountName ldap-member-attribute: member ldap-max-search-results: 3000 ldap-follow-referrals: true # PostgreSQL properties postgresql-hostname: localhost postgresql-port: 5432 postgresql-database: guacamole_db postgresql-username: guacamole_user postgresql-password: my_password postgresql-auto-create-accounts: true On Fri, Jul 8, 2022 at 1:25 PM David Haukeness <[email protected]> wrote: > For reference, here is my sanitized AD LDAP config. Do you notice any > obvious differences from yours? I’m running 1.4.0 on Ubuntu LTS 20.04.3 > > auth-provider: net.sourceforge.guacamole.net > .auth.ldap.LDAPAuthenticationProvider > > ### LDAP properties > ldap-hostname: contoso.com > ldap-port: 636 > ldap-encryption-method: ssl > ldap-user-base-dn: OU=Users,DC=contoso,DC=com > ldap-username-attribute: sAMAccountName > ldap-search-bind-dn: CN=LDAP Query User,OU=Service > Accounts,DC=contoso,DC=com > ldap-search-bind-password: correcthorsebatterystaple > ldap-group-base-dn: OU=Guacamole Groups,DC=contoso,DC=com > ldap-follow-referrals: true > ldap-dereference-aliases: always > > # Postgres > postgresql-hostname: localhost > postgresql-port: 5432 > postgresql-database: guacamole_db > postgresql-username: guacamole_user > postgresql-password: correcthorsebatterystaple > postgresql-auto-create-accounts: true > > > David Haukeness > Sent from my iPhone > > > On Jul 8, 2022, at 10:47 AM, Kevin Cameron <[email protected]> > wrote: > > > > > > I have 6 different instances of Guacamole setup connected to MS Active > Directory with a Postgres background DB. > > > > They all have a similar guacamole.properties and when I verify my group > and user search filter strings with ldapsearch I get consistent and > expected results. > > > > Problem: > > In the catalina.out I can see LDAP search results showing the users > and AD groups that are expected but they sometimes update in Guacamole, > sometimes not. If I sign into guacamole with an AD user the user can > authenticate and the user does show up in the Guacamole Gui BUT at the top > of the page they don't have the tabs that reflect that they are LDAP / > Postgres users. > > > > At the same time the AD groups don't populate the groups list. > > > > postgresql-auto-create-accounts is set to true. > > > > Sometimes if I manually create a random user then all of a sudden the > lists populate on the next user login but not always. And then any future > updates do not show. Restarting the application does not seem to make a > difference. > > > > Instance 1 > > > > vs > > > > Instance2: > > > > > > My logback is setup to debug so I get a lot of log activity but is there > something I can add to the logback to focus on the LDAP process. > > > > I have spent a lot of time on this and could use help. I really need > the AD groups to import correctly so that we can tie connections to them > > Thanks, > > Kevin > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
