The problem was that one AD had the uid attribute, and the other didn't. Problem solved, sorry about the noise.
- Pål -----Original Message----- From: Pål Hjelmeseth Myklebust <[email protected]> Sent: Monday, December 11, 2023 1:29 PM To: [email protected] Subject: RE: LDAP problem Looks like the problem is that "List<Dn> userDNs = userService.getUserDNs(config, searchConnection, username);" return nothing, but I don’t understand why since ldapsearch with the same search-bind-dn returns the correct DN. - Pål -----Original Message----- From: Pål Hjelmeseth Myklebust <[email protected]> Sent: Monday, December 11, 2023 12:40 PM To: [email protected] Subject: RE: LDAP problem Thank you, but in this case the user only exists in the second AD. - Pål -----Original Message----- From: Molina de la Iglesia, Manuel <[email protected]> Sent: Monday, December 11, 2023 12:33 PM To: [email protected] Subject: Re: LDAP problem Hello, Note that you have to provide user@domain format instead of sAMAccountName to avoid collisions with identical usernames on both domains. Manel Molina [email protected] <mailto:[email protected]> Dirección de Ciberseguridad Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://lh6.googleusercontent.com/NQV9u40gljVwEqEKuehJa7RKmmfRae8z2UYjOxr5GVL5ok2fdqBmZzcVbk0umI01LS-Mgfv2KWX2S5LJBd23DohY8J-I8ztlXhure-9MAOCXJC8pWplfaaMxikBt7GS2csFWIjlEXNc> El lun, 11 dic 2023 a las 12:30, Pål Hjelmeseth Myklebust (<[email protected] <mailto:[email protected]> >) escribió: Hello, We have configured Guacamole against two AD's. Authentication against the first AD works great, but the second gives this error: INFO o.a.g.a.l.AuthenticationProviderService - Unable to determine DN of user "<username>" using LDAP server "ad.kiosk.educloud.no <http://ad.kiosk.educloud.no> ". Proceeding with next server... Ldapsearch from the guacamole server returns the user with the correct DN, and the user-base-dn, search-bind-dn and search-bind-password in the ldap-servers.yml is correct. Any idea what could be wrong? - Paul --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] <mailto:[email protected]> For additional commands, e-mail: [email protected] <mailto:[email protected]> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
