Here's the ldap-servers.yml file!
Luciano ________________________________ De: Michael Jumper <[email protected]> Enviado: terça-feira, 8 de agosto de 2023 18:02 Para: [email protected] <[email protected]> Assunto: Re: LDAP - Multiple domains Can you provide an exact copy of the YAML that is being used, redacted as needed? - Mike On 8/8/2023 9:22 AM, Luciano Oliveira wrote: > Thanks, Mike! > > The original file is correct! > Just a CTRL+C, CTRL+V on this email > > > ***Luciano* > > ------------------------------------------------------------------------ > *De:* Michael Jumper <[email protected]> > *Enviado:* terça-feira, 8 de agosto de 2023 12:56 > *Para:* [email protected] <[email protected]> > *Assunto:* Re: LDAP - Multiple domains > Watch out for your indentation. As-written, the YAML below is malformed > due to misaligned indentation of properties and would fail to parse. > There may be errors to that effect in your logs. > > - Mike > > On 8/8/2023 8:48 AM, Luciano Oliveira wrote: >> Looked this: >> >> My ldap-servers.yml to login in [email protected] or >> [email protected] >> >> $cat /etc/guacamole/ldap-servers.yml >> - hostname: dc.domain.local >> port: 636 >> encryption-method: ssl >> user-base-dn: dc=domain,dc=local >> match-usernames: >> - LOCAL\\(.*) >> - (.*)@domain\.local >> username-attribute: sAMAccountName >> search-bind-dn: cn=srv_gcd,ou=ServicesAuth,dc=domain,dc=local >> search-bind-password: passwordXsds224e >> user-search-filter: >> (&(&(objectClass=user)(objectCategory=person))(memberof=cn=acess_guacd,ou=Groups,dc=domain,dc=local)) >> >> - hostname: dc.sub.domain.local >> port: 636 >> encryption-method: ssl >> user-base-dn: dc=sub,dc=domain,dc=local >> match-usernames: >> - SUBDOM\\(.*) >> - (.*)@sub\.domain\.local >> username-attribute: sAMAccountName >> search-bind-dn: cn=srv_sub_gcd,ou=ServicesAuth,dc=sub,dc=domain,dc=local >> search-bind-password: passwordXX5485 >> user-search-filter: >> (&(&(objectClass=user)(objectCategory=person))(memberof=cn=accesso_guaca_sub,ou=Groups,dc=sub,dc=domain,dc=local)) >> >> >> ***Luciano*/ >> /** >> * >> * >> >> ------------------------------------------------------------------------ >> *De:* Michael Jumper <[email protected]> >> *Enviado:* terça-feira, 8 de agosto de 2023 12:39 >> *Para:* [email protected] <[email protected]> >> *Assunto:* Re: LDAP - Multiple domains >> On 8/8/2023 12:41 AM, Molina de la Iglesia, Manuel wrote: >>> Hello, >>> >>> Following with the challenge of authenticate users from two different >>> domains, I'm applying the following settings because could be users >>> and/or groups with exactly the same sAMAccountName on both domains: >>> >>> username-attribute: userPrincipalName (will be something like >>> [email protected]) >>> match-username: (.*@domain\.local) >>> >>> This regex make sense to me because I want to capture user@domain to >>> match with userPrincipalName but the authentication fails with the >>> following errors: >>> >>> Note that "ldap-user-base-dn" is properly defined because before use >>> this regex works properly. >> >> This suggests that something else has changed to cause >> "ldap-user-base-dn" to no longer be defined, but there really is no >> other possible cause of that error. >> >>> ... >>> Aug 8 07:34:58 guacamole tomcat9[8489]: 07:34:58.924 >>> [https-openssl-nio-443-exec-3] ERROR o.a.g.rest.RESTExceptionMapper - >>> Request could not be processed: Property ldap-user-base-dn is required. >>> >> >> This error really does indicate exactly what it says: you have (somehow) >> not specified the "ldap-user-base-dn" property that is required for LDAP >> to be used. You must either specify this property or include the >> "user-base-dn" property for each of the servers defined in your >> "ldap-servers.yml". >> >> If you have specified "ldap-user-base-dn" in your guacamole.properties >> but are still seeing this error, that suggests that the >> guacamole.properties file in question is either not the file that >> Guacamole is reading (this will be logged at startup) or possibly cannot >> be read due to permissions (this should also be logged). It may also be >> the case that there is a typo in your property name, or that it was >> inadvertently commented out. >> >> - Mike >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
ldap-servers.yml
Description: ldap-servers.yml
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
