On 11/18/2023 12:16 AM, Remush wrote:
Hey!
Im trying to set a LDAP for the guacamole.
Im trying to set all the variables and when setting the :
'ldap-user-search-filter' with the vaule of:
'uid=$userid'
But I'm getting "is not a valid LDAP filter."
Now it is valid. We use it in many places including many Cisco services
and many other stuff.
No, this is not a valid LDAP filter. The valid string representation of
any LDAP filter will always have at least one level of parenthesis, for
example:
(uid=someUserId)
The "$userid" in the filter you provided looks like it's intended for
substitution of some kind. That is not standard behavior of LDAP and
looks more like configuration specific to how some other application
handles LDAP auth. Guacamole handles LDAP authentication more
declaratively - you describe how your LDAP tree is structured, and
Guacamole uses your description to produce its own queries. If you do
provide a user search filter, that filter is included in addition to the
criteria of these queries, not in place of them.
If the intent here is to configure Guacamole to translate usernames to
LDAP DNs by including the supplied username as the "uid" attribute, then
this is already the default behavior, as dictated by the
"ldap-username-attribute" property.
See the documentation for "ldap-user-base-dn" and "ldap-username-attribute":
https://guacamole.apache.org/doc/gug/ldap-auth.html#configuring-guacamole-for-ldap
You may also need "ldap-search-bind-dn" and "ldap-search-bind-password"
if your users are nested beneath the base DN in various OUs.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
