You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vieri <re...@yahoo.com.INVALID> on 2019/09/12 07:59:21 UTC
LDAP extension apparently broken
Hi,
Before filing a bug report, I'd like to get some feedback on this.
I have 2 guacamole-client installations on the same server -- one taken from GIT several months ago and another taken from GIT today.
I'm using the LDAP extension in both cases.
The older installation works fine except for a known bug related to how Firefox handles keystrokes (ie. if you hit ENTER right after inputing your username/password in the home page then subsequent attempts to connect to RDP/SSH/Telnet systems will behave oddly as if receiving ENTER keystrokes forever).
Since this "keystroke bug" was supposedly fixed, I got a fresh copy from git today. However, when a valid LDAP user logs into Guacamole, there are NO connections available (/etc/guacamole has been left untouched), eg. with the old installation, the user would see 2 RDP and 1 Telnet connections, whereas now there's absolutely nothing in the panel.
I'm attributing this "bug" to the LDAP extension because I can reproduce the same "no connection listed" scenario whether I place the "new" LDAP extension into /etc/guacamole/extensions when using either the new guacamole-client war or the older one.
Likewise, if I use the "old" LDAP extension with the "new" guacamole-client war (both 1.1.0 of course) then I do get a proper connection listing when the LDAP user logs in.
Incidentally however, I'm still seeing the Firefox ENTER keystroke bug here... Then I found https://issues.apache.org/jira/browse/GUACAMOLE-817 and noticed it's still in progress.
In any case, in order to file a proper/useful bug report, I need to understand the logs before sending them. I searched all of my log files, but I can't see anything related to the search of the guac* config settings in both the old and the new installation.
Catalina.out shows a successful LDAP user login, but I can't see anything related to grabbing the connection information.
What should I search for exactly?
My search filter is
ldap-user-search-filter: (|(objectClass=guac*)(cn=*mygroup*))
Any ideas?
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: LDAP extension apparently broken
Posted by Nick Couchman <vn...@apache.org>.
Can you retry this with the latest code from the git repo? Another person
reported a bug with LDAP filters that I recently fixed (
https://issues.apache.org/jira/browse/GUACAMOLE-893) and I'm curious if it
also resolves this issues.
-Nick
On Tue, Sep 24, 2019 at 5:21 AM Vieri <re...@yahoo.com.invalid> wrote:
> On Wednesday, September 18, 2019, 2:59:57 AM GMT+2, Nick Couchman <
> vnick@apache.org> wrote:
>
> >>> Can you post your entire guacamole.properties config file, minus any
> sensitive information?
> >>
> >> Sure.
> >>
> >> guacd-hostname: 10.215.246.15
> >>
> >> guacd-port: 4822
> >>
> >> ldap-hostname: 10.215.144.35
> >>
> >> ldap-port: 389
> >>
> >> ldap-encryption-method: none
> >>
> >> ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
> >>
> >> ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
> >>
> >> ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
> >>
> >> ldap-username-attribute: cn
> >>
> >> ldap-user-search-filter: (|(objectClass=guac*)(cn=TS Internet*))>
> >> ldap-max-search-results: 9959000
> >>
> >> (I know -- that max value is huge because of the way my AD is populated)
> >>
> >
> > Okay - can you post the output of the Tomcat log file to see if there's
> anything there? It looks like you've modified your AD schema
> > and are storing the connections in Active Directory? I'm guessing this
> search is failing somewhere...
>
>
> Sorry for the late reply.
> Catalina out is here:
>
> https://drive.google.com/file/d/1m6iwmyuwM4JnsiLJ5-pmTel0jjXyOXYw/view?usp=sharing
> Catalina err es here:
>
> https://drive.google.com/file/d/15yqdQyxnicBxF032iOW85KY6gbTiXVPc/view?usp=sharing
>
> Thanks,
>
> Vieri
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
Re: LDAP extension apparently broken
Posted by Vieri <re...@yahoo.com.INVALID>.
On Wednesday, September 18, 2019, 2:59:57 AM GMT+2, Nick Couchman <vn...@apache.org> wrote:
>>> Can you post your entire guacamole.properties config file, minus any sensitive information?
>>
>> Sure.
>>
>> guacd-hostname: 10.215.246.15
>>
>> guacd-port: 4822
>>
>> ldap-hostname: 10.215.144.35
>>
>> ldap-port: 389
>>
>> ldap-encryption-method: none
>>
>> ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
>>
>> ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
>>
>> ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
>>
>> ldap-username-attribute: cn
>>
>> ldap-user-search-filter: (|(objectClass=guac*)(cn=TS Internet*))>
>> ldap-max-search-results: 9959000
>>
>> (I know -- that max value is huge because of the way my AD is populated)
>>
>
> Okay - can you post the output of the Tomcat log file to see if there's anything there? It looks like you've modified your AD schema
> and are storing the connections in Active Directory? I'm guessing this search is failing somewhere...
Sorry for the late reply.
Catalina out is here:
https://drive.google.com/file/d/1m6iwmyuwM4JnsiLJ5-pmTel0jjXyOXYw/view?usp=sharing
Catalina err es here:
https://drive.google.com/file/d/15yqdQyxnicBxF032iOW85KY6gbTiXVPc/view?usp=sharing
Thanks,
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: LDAP extension apparently broken
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Sep 12, 2019 at 11:31 AM Vieri <re...@yahoo.com.invalid> wrote:
>
> On Thursday, September 12, 2019, 5:21:04 PM GMT+2, Nick Couchman <
> vnick@apache.org> wrote:
>
>
> > Can you post your entire guacamole.properties config file, minus any
> sensitive information?
>
> Sure.
>
> guacd-hostname: 10.215.246.15
>
> guacd-port: 4822
>
> ldap-hostname: 10.215.144.35
>
> ldap-port: 389
>
> ldap-encryption-method: none
>
> ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
>
> ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
>
> ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
>
> ldap-username-attribute: cn
>
> ldap-user-search-filter: (|(objectClass=guac*)(cn=TS Internet*))
>
> ldap-max-search-results: 9959000
>
> (I know -- that max value is huge because of the way my AD is populated)
>
>
Okay - can you post the output of the Tomcat log file to see if there's
anything there? It looks like you've modified your AD schema and are
storing the connections in Active Directory? I'm guessing this search is
failing somewhere...
-Nick
Re: LDAP extension apparently broken
Posted by Vieri <re...@yahoo.com.INVALID>.
On Thursday, September 12, 2019, 5:21:04 PM GMT+2, Nick Couchman <vn...@apache.org> wrote:
> Can you post your entire guacamole.properties config file, minus any sensitive information?
Sure.
guacd-hostname: 10.215.246.15
guacd-port: 4822
ldap-hostname: 10.215.144.35
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
ldap-username-attribute: cn
ldap-user-search-filter: (|(objectClass=guac*)(cn=TS Internet*))
ldap-max-search-results: 9959000
(I know -- that max value is huge because of the way my AD is populated)
Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: LDAP extension apparently broken
Posted by Nick Couchman <vn...@apache.org>.
On Thu, Sep 12, 2019 at 3:59 AM Vieri <re...@yahoo.com.invalid> wrote:
> Hi,
>
> Before filing a bug report, I'd like to get some feedback on this.
>
> I have 2 guacamole-client installations on the same server -- one taken
> from GIT several months ago and another taken from GIT today.
> I'm using the LDAP extension in both cases.
>
> The older installation works fine except for a known bug related to how
> Firefox handles keystrokes (ie. if you hit ENTER right after inputing your
> username/password in the home page then subsequent attempts to connect to
> RDP/SSH/Telnet systems will behave oddly as if receiving ENTER keystrokes
> forever).
>
> Since this "keystroke bug" was supposedly fixed, I got a fresh copy from
> git today. However, when a valid LDAP user logs into Guacamole, there are
> NO connections available (/etc/guacamole has been left untouched), eg. with
> the old installation, the user would see 2 RDP and 1 Telnet connections,
> whereas now there's absolutely nothing in the panel.
>
> I'm attributing this "bug" to the LDAP extension because I can reproduce
> the same "no connection listed" scenario whether I place the "new" LDAP
> extension into /etc/guacamole/extensions when using either the new
> guacamole-client war or the older one.
>
> Likewise, if I use the "old" LDAP extension with the "new"
> guacamole-client war (both 1.1.0 of course) then I do get a proper
> connection listing when the LDAP user logs in.
> Incidentally however, I'm still seeing the Firefox ENTER keystroke bug
> here... Then I found https://issues.apache.org/jira/browse/GUACAMOLE-817
> and noticed it's still in progress.
>
> In any case, in order to file a proper/useful bug report, I need to
> understand the logs before sending them. I searched all of my log files,
> but I can't see anything related to the search of the guac* config settings
> in both the old and the new installation.
> Catalina.out shows a successful LDAP user login, but I can't see anything
> related to grabbing the connection information.
>
> What should I search for exactly?
>
> My search filter is
> ldap-user-search-filter: (|(objectClass=guac*)(cn=*mygroup*))
>
Can you post your entire guacamole.properties config file, minus any
sensitive information?
-Nick