Hi Nick—I have a follow-up question if you're able to point me in the right
direction. Java is not my forte at all, but I'm having a _little_ success
replacing the LDAP extension with something based on the auth extension
tutorial. I can get the supplied credentials and test those against our
proprietary back end, but I can't figure out how to create a
GuacamoleConfiguration which returns just the user group, as the LDAP
service did in the end following your advice before. I was assuming it
would be something like `config.setParameter("group", "test");` but I can't
find anywhere what the expected parameter names are. Is that documented?What I'm seeing right now is a successful authentication and then the client displaying "An internal error occurred" with options to reconnect or log out, and this below in the logs. I presume because it's a badly formed configuration that I'm returning... guacamole_compose | 11:46:05.032 [http-nio-8080-exec-8] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at guacd:4822. guacamole_compose | 28-May-2024 11:46:05.035 SEVERE [http-nio-8080-exec-8] org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error reading request, ignored guacamole_compose | java.lang.NullPointerException guacamole_compose | at org.apache.guacamole.protocol.GuacamoleInstruction.appendElement(GuacamoleInstruction.java:107) guacamole_compose | at org.apache.guacamole.protocol.GuacamoleInstruction.toString(GuacamoleInstruction.java:135) guacamole_compose | at org.apache.guacamole.io.WriterGuacamoleWriter.writeInstruction(WriterGuacamoleWriter.java:78) guacamole_compose | at org.apache.guacamole.protocol.ConfiguredGuacamoleSocket.<init>(ConfiguredGuacamoleSocket.java:220) guacamole_compose | at org.apache.guacamole.net.auth.simple.SimpleConnection.connect(SimpleConnection.java:231) guacamole_compose | at org.apache.guacamole.net.auth.simple.SimpleConnection.connect(SimpleConnection.java:273) guacamole_compose | at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:216) guacamole_compose | at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:352) guacamole_compose | at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) guacamole_compose | at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) guacamole_compose | at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:131) guacamole_compose | at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:976) guacamole_compose | at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1698) guacamole_compose | at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) guacamole_compose | at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) guacamole_compose | at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) guacamole_compose | at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) guacamole_compose | at java.lang.Thread.run(Thread.java:750) guacamole_compose | 11:46:05.080 [http-nio-8080-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at guacd:4822. Many thanks, David On Sat, 25 May 2024 at 01:33, Nick Couchman <[email protected]> wrote: > On Thu, May 23, 2024 at 6:32 AM David Lomas <[email protected]> > wrote: > >> Thanks Nick—I got this working using your second method by not sending a >> 'guacConfigParameter' object at all, but just returning the group name as >> the cn. I also had to add LDAP_GROUP_BASE_DN into the guacamole >> configuration. I do still see a warning in the logs about a missing >> required attribute: >> >> 09:55:37.571 [http-nio-8080-exec-3] WARN o.a.g.a.l.c.ConnectionService - >> guacConfigGroup "test" is missing the required "guacConfigProtocol" >> attribute. >> >> But that doesn't seem to stop the authentication working. >> >> > Thanks for posting back, David - glad it is working for you. Yes, the > guacConfigParameter LDAP attribute is not required at all for the > configuration you're running. > > -Nick > >>
