Deploying latest docker images (as of 07/13/2017) of guacamole, guacd, and postgres with LDAP enabled in an Active Directory environment but getting "Invalid Login" at login page and logs throwing the following:
04:06:02.351 [http-nio-8080-exec-10] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bi nd using search DN "CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com" 04:06:02.352 [http-nio-8080-exec-10] WARN o.a.g.r.auth.AuthenticationService - Authentication at tempt from 192.168.1.223 for user "tuser" failed. Yep, those users exist and that is the correct DN double and triple checked in ADUAC. Ditto for passwords. Don't think it's anything to do with DB as I can login successfully with default 'guacadmin' account. But any attempt to login with a valid (in any other context) AD/LDAP user fails with the aforementioned errors. Not a port a network issue as the docker box can nc to 389. Tried IP instead of FQDN as well, no diff. It shouldn't be necessary but I also made the LDAP_SEARCH_BIND_DN account a domain admin. Should be able to search ldap tree as regular domain user but tried it anyway. Here is the full docker run command being used: sudo docker run --name guacamole --link guacd:guacd \ --link postgres:postgres \ -e POSTGRES_DATABASE=guacamole_db \ -e POSTGRES_USER=guacamole_user \ -e POSTGRES_PASSWORD=*** \ -e LDAP_USER_BASE_DN=OU=Guacamole,DC=corp,DC=contoso,DC=com \ -e LDAP_SEARCH_BIND_DN=CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com \ -e LDAP_SEARCH_BIND_PASSWORD=*** \ -e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \ -e LDAP_HOSTNAME=dc-1.corp.contoso.com \ -e LDAP_PORT=389 \ -e LDAP_ENCRYPTION_METHOD=none -d -p 8080:8080 guacamole/guacamole Any ideas? Maybe somewhere to get more detailed error feedback? Thanks -- View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Docker-LDAP-Active-Directory-tp1296.html Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
