On Wed, Aug 10, 2022 at 4:21 AM Horn, Kai <[email protected]> wrote: > > So I've set up a guacamole server to connect to lxc containers running debian > 11 uis' via rdp. The authentication is handled by mysql and LDAP. > > Now I've run into two problems: > > > (not critical) > > I'm unable to associate the LDAP database with the mysql databas. If I've got > a user that is present within LDAP and mysql database and is a guacamole > admin and a LDAP admin it only logs this user as mysql user but doesn't show > the ldap users (if i check the user settings within the guacamole web-ui > there isn't a LDAP tab). >
Make sure that when you are logging in with the user that exists in both places, you are logging in with the user's LDAP password, and that the MySQL password for the user is *NOT* set to the same thing as the LDAP password. If the passwords are the same, then the user will likely be logged in by the MySQL (JDBC) authentication extension, and the LDAP extension will never be evaluated. Unless the LDAP extension is evaluated for the user (because it is evaluated first or the MySQL authentication for the user does not succeed), the system will not pull in any LDAP information for the user. > > (Critical) > > I've set up a test LDAP server via proxmox and turnkey-openLDAP image and > everything works fine. I get logged in and instantly redirected to the rdp > connection that I created on the LDAP-Server. Now I went testing it on the > production openLDAP server and used the same connection parameters that I > used within the test system (apart from the hostname of course). When I log > in via a LDAP user it will work but the rdp redirection won't fire and the > connection list provided in the guacamole web-ui is empty. > You said you're storing your connection in LDAP? Is the schema extended correctly for the "production" OpenLDAP server? Does the connection exist in the same OU on the production side, or have you set the LDAP configuration for Guacamole to point to the correct OU? What do the logs say? -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
