Thanks, Mike! The original file is correct! Just a CTRL+C, CTRL+V on this email
Luciano ________________________________ De: Michael Jumper <[email protected]> Enviado: terça-feira, 8 de agosto de 2023 12:56 Para: [email protected] <[email protected]> Assunto: Re: LDAP - Multiple domains Watch out for your indentation. As-written, the YAML below is malformed due to misaligned indentation of properties and would fail to parse. There may be errors to that effect in your logs. - Mike On 8/8/2023 8:48 AM, Luciano Oliveira wrote: > Looked this: > > My ldap-servers.yml to login in [email protected] or > [email protected] > > $cat /etc/guacamole/ldap-servers.yml > - hostname: dc.domain.local > port: 636 > encryption-method: ssl > user-base-dn: dc=domain,dc=local > match-usernames: > - LOCAL\\(.*) > - (.*)@domain\.local > username-attribute: sAMAccountName > search-bind-dn: cn=srv_gcd,ou=ServicesAuth,dc=domain,dc=local > search-bind-password: passwordXsds224e > user-search-filter: > (&(&(objectClass=user)(objectCategory=person))(memberof=cn=acess_guacd,ou=Groups,dc=domain,dc=local)) > > - hostname: dc.sub.domain.local > port: 636 > encryption-method: ssl > user-base-dn: dc=sub,dc=domain,dc=local > match-usernames: > - SUBDOM\\(.*) > - (.*)@sub\.domain\.local > username-attribute: sAMAccountName > search-bind-dn: cn=srv_sub_gcd,ou=ServicesAuth,dc=sub,dc=domain,dc=local > search-bind-password: passwordXX5485 > user-search-filter: > (&(&(objectClass=user)(objectCategory=person))(memberof=cn=accesso_guaca_sub,ou=Groups,dc=sub,dc=domain,dc=local)) > > > ***Luciano*/ > /** > * > * > > ------------------------------------------------------------------------ > *De:* Michael Jumper <[email protected]> > *Enviado:* terça-feira, 8 de agosto de 2023 12:39 > *Para:* [email protected] <[email protected]> > *Assunto:* Re: LDAP - Multiple domains > On 8/8/2023 12:41 AM, Molina de la Iglesia, Manuel wrote: >> Hello, >> >> Following with the challenge of authenticate users from two different >> domains, I'm applying the following settings because could be users >> and/or groups with exactly the same sAMAccountName on both domains: >> >> username-attribute: userPrincipalName (will be something like >> [email protected]) >> match-username: (.*@domain\.local) >> >> This regex make sense to me because I want to capture user@domain to >> match with userPrincipalName but the authentication fails with the >> following errors: >> >> Note that "ldap-user-base-dn" is properly defined because before use >> this regex works properly. > > This suggests that something else has changed to cause > "ldap-user-base-dn" to no longer be defined, but there really is no > other possible cause of that error. > >> ... >> Aug 8 07:34:58 guacamole tomcat9[8489]: 07:34:58.924 >> [https-openssl-nio-443-exec-3] ERROR o.a.g.rest.RESTExceptionMapper - >> Request could not be processed: Property ldap-user-base-dn is required. >> > > This error really does indicate exactly what it says: you have (somehow) > not specified the "ldap-user-base-dn" property that is required for LDAP > to be used. You must either specify this property or include the > "user-base-dn" property for each of the servers defined in your > "ldap-servers.yml". > > If you have specified "ldap-user-base-dn" in your guacamole.properties > but are still seeing this error, that suggests that the > guacamole.properties file in question is either not the file that > Guacamole is reading (this will be logged at startup) or possibly cannot > be read due to permissions (this should also be logged). It may also be > the case that there is a typo in your property name, or that it was > inadvertently commented out. > > - Mike > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
