Hi,
I'm testing Guacamole and I want to configure some extensions.
I already set up guacamole with docker-compose and TOTP Extension.
I have some troubles with the LDAP extension. In fact, I follow a lot of
tutorials that show me how I can set up this one.
I copy the .jar file in extension directory but after a restart I can't log in
with an AD user. I'va seen that a new directory called ldap was created (just
like totp) with .jar & .ldif file.
I also try to create a user with same AD name and blank password in guacamole,
I make sure to select create connection permission.
When I connect, Guacamole tell me wrong password but this is the correct one in
my AD.
I also see some forwarded communications (through firewall) from my Guacamole
server to my AD.
Can you help me to understand why I can't log with an AD account ?
Here is a part of my docker-compose file :
# guacamole
guacamole:
container_name: guacamole_compose
depends_on:
- guacd
- postgres
environment:
ACCEPT_EULA: "Y"
EXTENSIONS: auth-ldap,auth-totp
GUACD_HOSTNAME: guacd
POSTGRES_DATABASE: guacamole_db
POSTGRES_HOSTNAME: postgres
POSTGRES_PASSWORD: password
POSTGRES_USER: guacamole_user
TOTP_ENABLED: 'true'
LDAP_ENABLED: 'true'
# LDAP Connection
LDAP_HOSTNAME: 192.168.87.20
LDAP_PORT: 389
LDAP_ENCRYPTION_METHOD: "none"
# Mapping Guacamole usernames to LDAP DN's
LDAP_USER_BASE_DN: "dc=AMG,dc=LAN"
# Indirect Username Mapping
LDAP_SEARCH_BIND_DN: "CN=admin,CN=Users,DC=AMG,DC=lan"
LDAP_SEARCH_BIND_PASSWORD: "password"
# Mapping Guacamole groups to LDAP DN's
LDAP_USERNAME_ATTRIBUTE: "uid"
LDAP_USER_SEARCH_FILTER:
"(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Utilisateurs,DC=AMG,DC=LAN))"
LDAP_GROUP_BASE_DN: "dc=AMG,dc=LAN"
LDAP_GROUP_NAME_ATTRIBUTE: "cn"
image: guacamole/guacamole
links:
- guacd
networks:
guacnetwork_compose:
ports:
- 8080:8080/tcp
restart: always
privileged: true
volumes:
- NAS:/opt/guacamole/NAS
Cordialement,
T. RIVOIRE
