Not sure if this will help. But here are my working settings. This is how I set mine up on Centos 7 to get AD working. I don't use the schema's because I don't want them embedded in my AD.
<------ Believe it or not.. The spacing makes a difference on this file... /etc/guacamole # Hostname and port of guacamole proxy guacd-hostname: localhost guacd-port: 4822 ldap-hostname: dc01.DOMAINNAME.org ldap-port: 3268 <----------I required this port for server 2012<remove this comment> ldap-user-base-dn: DC=DOMAINNAME, DC=org ldap-search-bind-dn: CN=lookup, CN=Users, DC= DOMAINNAME, DC=org ldap-search-bind-password: BINDPASSWORD ldap-username-attribute: sAMAccountName # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guac_db mysql-username: guacadmin mysql-password: SQLPASSWORD mysql-default-max-connections-per-user: 0 mysql-default-max-group-connections-per-user: 0 ___________________________________________________________________ Inside of /var/lib/guacamole drwxr-xr-x. 4 root root 4096 Dec 15 04:56 . drwxr-xr-x. 34 root root 4096 Dec 28 10:05 .. drwxr-xr-x. 2 root root 4096 Dec 15 03:29 extensions -rw-r--r--. 1 root root 8004327 Dec 3 20:02 guacamole-0.9.10-incubating.war drwxr-xr-x. 2 root root 48 Oct 5 17:38 lib Inside of extensions drwxr-xr-x. 2 root root 4096 Dec 15 03:29 . drwxr-xr-x. 4 root root 4096 Dec 15 04:56 .. -rw-r--r--. 1 root root 3934673 Dec 14 14:22 guacamole-auth-jdbc-mysql-0.9.10-incubating.jar -rw-r--r--. 1 root root 1196799 Dec 14 14:22 guacamole-auth-ldap-0.9.10-incubating.jar Inside of /var/lib/tomcat/webapps drwxrwxr-x. 3 root tomcat 58 Dec 19 00:22 . drwxr-xr-x. 3 root tomcat 20 Nov 5 20:57 .. drwxr-xr-x. 11 tomcat tomcat 4096 Dec 28 10:24 guacamole lrwxrwxrwx. 1 root root 50 Dec 15 04:59 guacamole.war -> /var/lib/guacamole/guacamole-0.9.10-incubating.war <----- Notice this is a link<REMOVE THIS COMMENT> -rw-r--r--. 1 root root 2264 Oct 6 03:17 .keystore Commands: service tomcat restart tail -f /var/log/messages Also, You have to login as a domain user to see the domain users but you will have to setup that admin user inside of Guac first. -----Original Message----- From: BeardFace [mailto:[email protected]] Sent: Friday, January 06, 2017 6:24 AM To: [email protected] Subject: LDAP Active Directory Good afternoon, Have followed many guides (starting from the official documentation) and I am struggling to get LDAP Authentication with Active Directory working. The server itself can connect to LDAP via ldapsearch. The MySQL authentication is working a treat, but would like the LDAP working too with MySQL storing the connection information so I don't have to change the schemas. This comes up in the Catalina log. DEBUG o.a.g.a.l.AuthenticationProviderService - Anonymous bind is not currently allowed by the LDAP authentication provider. and the guacamole.properties file is as follows: # Hostname and port of guacamole proxy guacd-hostname: localhost guacd-port: 4822 # Location to read extra .jar's from #lib-directory: /var/lib/tomcat8/webapps/guacamole/WEB-INF/classes #lib-directory: /etc/guacamole/extensions # Authentication provider class #auth-provider: org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider # Properties used by BasicFileAuthenticationProvider #basic-user-mapping: /etc/guacamole/user-mapping.xml # LDAP properties ldap-hostname: <IP_Address> ldap-port: 389 ldap-user-base-dn: OU=Staff,OU=Domain Users,DC=MyDomain,DC=com ldap-serach-bind-dn: CN=Administrator,OU=Admins,OU=Domain Users,DC=MyDomain,DC=com ldap-search-bind-password: SetPassword ldap-username-attribute: sAMAccountName # MySQL properties mysql-hostname: localhost mysql-port: 3306 mysql-database: guacamole mysql-username: guacamole mysql-password: SetPassword Any help would be appreciated. -- View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/LDAP-Acti ve-Directory-tp222.html Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
