It’s a basic Windows Active Directory domain (Server 2012 functional level).
Root |-- Builtin |-- Office1 | |-- Users | | -- Computers | |-- Office2 | |-- Users | |-- Computers Clearly there is something the novell.ldap class doesn’t like … but I have no idea what. We have plenty of other tools that we specify the base DN as the root for searching and they work just fine (Openfire for example, which is Java also). The referral exception did make me think the domain controller I specified in .properties was the culprit, however, I tried 4 of our other domain controllers in total and they all produced the same results (this includes our PDC). There was an issue in Jira that came up when searching the error (https://glyptodon.org/jira/browse/GUAC-1473) However, it looks like it was closed and nothing came out of it … however, that person did do a network capture and verified that the request was returning a found user, but the exception was still thrown. I am almost positive if we did a similar capture we would see the same thing. That doesn’t really help the situation but there it is. If you need any other information or have any ideas for us to try please let me know. From: Mike Jumper [mailto:[email protected]] Sent: Thursday, May 26, 2016 8:14 PM To: [email protected] Subject: Re: LDAP - Error while query user DNs. On Thu, May 26, 2016 at 7:09 AM, Dawson Bessinger <[email protected]<mailto:[email protected]>> wrote: Hello, We have setup a test Guacamole server and are having an LDAP auth issue. If we list the root of our AD in ldap-user-base-dn, guacamole throws an exception: ~~~ org.glyptodon.guacamole.GuacamoleServerException: Error while query user DNs. at org.glyptodon.guacamole.auth.ldap.user.UserService.getUserDNs(UserService.java:271) ~[guacamole-auth-ldap-0.9.9.jar:na] ~~~ I enabled debug error level and this is at the bottom of the stack trace: ~~~ Caused by: com.novell.ldap.LDAPReferralException: Referral at com.novell.ldap.LDAPSearchResults.next(Unknown Source) ~[guacamole-auth-ldap-0.9.9.jar:na] at org.glyptodon.guacamole.auth.ldap.user.UserService.getUserDNs(UserService.java:262) ~[guacamole-auth-ldap-0.9.9.jar:na] ~~~ Can you describe in more detail how your LDAP server is set up? I've not seen this particular exception before. It's unfortunate that the error message itself is so artfully useless, but looking at the JavaDoc for that LDAPReferralException[1], the description reads: "Thrown when a server returns a referral and when a referral has not been followed. It contains a list of URL strings corresponding to the referrals or search continuation references received on an LDAP operation." Until today, I had no idea that "referrals" were a concept in LDAP. From the description, it sounds like LDAP deployments can potentially span multiple servers, with each server being somewhat aware of its relatives' contents. If that is the case, it seems the sort of thing that an LDAP library would want to abstract away from downstream users of said library ... but then again perhaps not. Thanks, - Mike [1] https://www.novell.com/documentation/developer/jldap/jldapenu/api/com/novell/ldap/LDAPReferralException.html
