Are there any characters in the value for LDAP_SEARCH_BIND_PASSWORD which might be being interpreted by your shell, and thus might not make it into the environment variables of the Docker container as expected?
- Mike On Thu, Jul 13, 2017 at 9:19 PM, lfzamora <[email protected]> wrote: > Deploying latest docker images (as of 07/13/2017) of guacamole, guacd, and > postgres with LDAP enabled in an Active Directory environment but getting > "Invalid Login" at login page and logs throwing the following: > > 04:06:02.351 [http-nio-8080-exec-10] ERROR > o.a.g.a.l.AuthenticationProviderService - Unable to bi > nd using search DN "CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com" > 04:06:02.352 [http-nio-8080-exec-10] WARN > o.a.g.r.auth.AuthenticationService - Authentication at > tempt from 192.168.1.223 for user "tuser" failed. > > Yep, those users exist and that is the correct DN double and triple checked > in ADUAC. Ditto for passwords. Don't think it's anything to do with DB as I > can login successfully with default 'guacadmin' account. But any attempt to > login with a valid (in any other context) AD/LDAP user fails with the > aforementioned errors. > > Not a port a network issue as the docker box can nc to 389. Tried IP instead > of FQDN as well, no diff. > > It shouldn't be necessary but I also made the LDAP_SEARCH_BIND_DN account a > domain admin. Should be able to search ldap tree as regular domain user but > tried it anyway. > > Here is the full docker run command being used: > > sudo docker run --name guacamole --link guacd:guacd \ > --link postgres:postgres \ > -e POSTGRES_DATABASE=guacamole_db \ > -e POSTGRES_USER=guacamole_user \ > -e POSTGRES_PASSWORD=*** \ > -e LDAP_USER_BASE_DN=OU=Guacamole,DC=corp,DC=contoso,DC=com \ > -e > LDAP_SEARCH_BIND_DN=CN=svc_Guacamole,OU=Guacamole,DC=corp,DC=contoso,DC=com > \ > -e LDAP_SEARCH_BIND_PASSWORD=*** \ > -e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \ > -e LDAP_HOSTNAME=dc-1.corp.contoso.com \ > -e LDAP_PORT=389 \ > -e LDAP_ENCRYPTION_METHOD=none -d -p 8080:8080 guacamole/guacamole > > Any ideas? Maybe somewhere to get more detailed error feedback? > > Thanks > > > > -- > View this message in context: > http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Docker-LDAP-Active-Directory-tp1296.html > Sent from the Apache Guacamole (incubating) - Users mailing list archive at > Nabble.com.
