Hi Mike,
First of All, special appreciate to Guac. team. After that:Our exact Active
Directory 2012 layout is as below:dc=test,dc=com
ou=dep1,OU=Accounts,dc=test,dc=comou=dep2,OU=Accounts,dc=test,dc=comou=serviceAccounts,OU=Accounts,dc=test,dc=com
And the settings in the file Guac.properties is as below:ldap-hostname:
172.24.3.24ldap-port: 389ldap-user-base-dn:
OU=Accounts,dc=test,dc=comldap-search-bind-dn:
CN=ldapUser,ou=serviceAccounts,OU=Accounts,dc=test,dc=comldap-search-bind-password:
P@ssw0rdldap-username-attribute: sAMAccountName
Also the iP Address of the Guac. is 172.24.3.23 (Which is directly connected to
AD, without any firewall in between).
The problem!!! is that, with the above configuration, no user can login.
But, when the change the ldap-user-base-dn to
ou=dep1,OU=Accounts,dc=test,dc=com, Users under OU dep1 can successfully login
while the users under ou=dep2,OU=Accounts,dc=test,dc=com can not login.
Looking forward for your kindly reply.Best Hopes
On Sunday, November 20, 2016 3:51 AM, Mike Jumper
<[email protected]> wrote:
Hi Amin,
Guacamole doesn't support multiple instances under the same servlet container.
That said, even if it did, I don't think that is a good solution to your
problem.
If the current LDAP support does not properly map users within your Active
Directory, then the best way forward would be to identify what needs to change
in the LDAP auth to support the way your users are organized.
If you can guarantee that the username are unique, even if they are within
different OU's, you can probably get things working as-is by simply choosing an
"ldap-user-base-dn" which is common to the DN's of all users (even if they are
otherwise technically within different OU's) and using "ldap-search-bind-dn",
"ldap-search-bind-password", and (if necessary) "ldap-username-attribute" to
define how AD should be queried to translate usernames to fully-qualified DN's.
If the above doesn't work, can you provide a more concrete example of how your
AD users are organized?
Thanks,
- Mike
On Wed, Nov 16, 2016 at 1:01 AM, Amin Joodaki <[email protected]> wrote:
Dear All,
I connect Guacamole to Database and Active Directory, but guacamole unable to
detect all OU in active and it understand just the OU that defined in path
properties file. then I want to set some guacamole.war ( Client) file in tomcat
to separate my department in login page for example :
http://192.168.1.1:8080/ departmen1
http://192.168.1.1:8080/ department2
...and assign specific guacamole.properties for each department.how can I set
different properties file and assign them to my guacamole.war files ?Best
Amin
