You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Daniel Brienza <da...@protonmail.com> on 2019/01/25 11:37:47 UTC
Unable to query list of objects from LDAP directory.
I'm trying to configure a container with LDAP authentication from my active directory domain but I'm receiving the error message below on web interface after login:
Unable to query list of objects from LDAP directory.
I don't see any error message on logs, it shows as it successfully authenticated:
1:13:28.610 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "my.user" successfully authenticated from 10.0.0.0.
Container configuration:
docker run --name my-guacamole --link my-guacd:guacd \
--link my-guaca-postgres:postgres \
-e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \
-e POSTGRES_PASSWORD=password \
-e LDAP_HOSTNAME=mydomain.aaa.com \
-e LDAP_PORT=389 \
-e LDAP_USER_BASE_DN=OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_DN=CN=BindUsers,OU=Infra,OU=IT,OU=Users,OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_PASSWORD=password \
-e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
-d -p 8080:8080 guacamole/guacamole
Re: AW: Unable to query list of objects from LDAP directory.
Posted by Daniel Brienza <da...@protonmail.com>.
Hi Christian,
Thank you but I receive the same error using a domain controller FQDN (dcserver.mydomain.aaa.com).
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
Em Sexta-feira, 25 de Janeiro de 2019 às 10:49, Christian Kraus <ch...@ckc-it.at> escreveu:
> Hi
>
> I think this setting is wrong :-e LDAP_HOSTNAME=mydomain.aaa.com \
>
> it should be -e LDAP_HOSTNAME=dcserver.mydomain.aaa.com \
>
> rg
>
> Christian
>
>> -----Ursprüngliche Nachricht-----
>> Von: Daniel Brienza <da...@protonmail.com>
>> Gesendet: Freitag 25 Januar 2019 12:38
>> An: user@guacamole.apache.org
>> Betreff: Unable to query list of objects from LDAP directory.
>>
>> I'm trying to configure a container with LDAP authentication from my active directory domain but I'm receiving the error message below on web interface after login:
>> Unable to query list of objects from LDAP directory.
>>
>> I don't see any error message on logs, it shows as it successfully authenticated:
>> 1:13:28.610 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "my.user" successfully authenticated from 10.0.0.0.
>>
>> Container configuration:
>>
>> docker run --name my-guacamole --link my-guacd:guacd \
>> --link my-guaca-postgres:postgres \
>> -e POSTGRES_DATABASE=guacamole_db \
>> -e POSTGRES_USER=guacamole_user \
>> -e POSTGRES_PASSWORD=password \
>> -e LDAP_HOSTNAME=mydomain.aaa.com \
>> -e LDAP_PORT=389 \
>> -e LDAP_USER_BASE_DN=OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
>> -e LDAP_SEARCH_BIND_DN=CN=BindUsers,OU=Infra,OU=IT,OU=Users,OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
>> -e LDAP_SEARCH_BIND_PASSWORD=password \
>> -e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
>> -d -p 8080:8080 guacamole/guacamole
RE: Unable to query list of objects from LDAP directory.
Posted by Brian Haskell <bt...@ams.org>.
I'm having this same issue with 1.0.0 on a full install (no docker)
I have an older 0.9.12 install running LDAP just fine using the following settings
ldap-hostname: adserver.aaa.org
ldap-port: 3268
ldap-encryption-method: none
ldap-search-bind-dn: binduser
ldap-search-bind-password: ********
ldap-user-base-dn: DC=aaa,DC=org
ldap-username-attribute: sAMAccountName
Same 'Unable to query list of objects from LDAP directory' in red at the top of the screen yet the catalina.out reads:
09:46:26.618 [http-nio-8080-exec-1] INFO o.a.g.r.auth.AuthenticationService - User "aaaaa" successfully authenticated from 10.xx.xx.xx.
I'm trying to stand up this instance clean (will import the database from our production guac server later) and am stuck here.
From: Christian Kraus <ch...@ckc-it.at>
Sent: Friday, January 25, 2019 7:50 AM
To: user@guacamole.apache.org
Subject: AW: Unable to query list of objects from LDAP directory.
Hi
I think this setting is wrong :-e LDAP_HOSTNAME=mydomain.aaa.com \
it should be -e LDAP_HOSTNAME=dcserver.mydomain.aaa.com \
rg
Christian
[cid:image001.jpg@01D4B494.B72A9E10]
-----Ursprüngliche Nachricht-----
Von: Daniel Brienza <da...@protonmail.com>>
Gesendet: Freitag 25 Januar 2019 12:38
An: user@guacamole.apache.org<ma...@guacamole.apache.org>
Betreff: Unable to query list of objects from LDAP directory.
I'm trying to configure a container with LDAP authentication from my active directory domain but I'm receiving the error message below on web interface after login:
Unable to query list of objects from LDAP directory.
I don't see any error message on logs, it shows as it successfully authenticated:
1:13:28.610 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "my.user" successfully authenticated from 10.0.0.0.
Container configuration:
docker run --name my-guacamole --link my-guacd:guacd \
--link my-guaca-postgres:postgres \
-e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \
-e POSTGRES_PASSWORD=password \
-e LDAP_HOSTNAME=mydomain.aaa.com \
-e LDAP_PORT=389 \
-e LDAP_USER_BASE_DN=OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_DN=CN=BindUsers,OU=Infra,OU=IT,OU=Users,OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_PASSWORD=password \
-e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
-d -p 8080:8080 guacamole/guacamole
RE: Unable to query list of objects from LDAP directory.
Posted by Brian Haskell <bt...@ams.org>.
I was just able to get it to work by adding the following lines to my guacamole.properties
ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))
ldap-max-search-results:4000
From: Christian Kraus <ch...@ckc-it.at>
Sent: Friday, January 25, 2019 7:50 AM
To: user@guacamole.apache.org
Subject: AW: Unable to query list of objects from LDAP directory.
Hi
I think this setting is wrong :-e LDAP_HOSTNAME=mydomain.aaa.com \
it should be -e LDAP_HOSTNAME=dcserver.mydomain.aaa.com \
rg
Christian
[cid:image001.jpg@01D4B49C.2A74C2E0]
-----Ursprüngliche Nachricht-----
Von: Daniel Brienza <da...@protonmail.com>>
Gesendet: Freitag 25 Januar 2019 12:38
An: user@guacamole.apache.org<ma...@guacamole.apache.org>
Betreff: Unable to query list of objects from LDAP directory.
I'm trying to configure a container with LDAP authentication from my active directory domain but I'm receiving the error message below on web interface after login:
Unable to query list of objects from LDAP directory.
I don't see any error message on logs, it shows as it successfully authenticated:
1:13:28.610 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "my.user" successfully authenticated from 10.0.0.0.
Container configuration:
docker run --name my-guacamole --link my-guacd:guacd \
--link my-guaca-postgres:postgres \
-e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \
-e POSTGRES_PASSWORD=password \
-e LDAP_HOSTNAME=mydomain.aaa.com \
-e LDAP_PORT=389 \
-e LDAP_USER_BASE_DN=OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_DN=CN=BindUsers,OU=Infra,OU=IT,OU=Users,OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_PASSWORD=password \
-e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
-d -p 8080:8080 guacamole/guacamole
AW: Unable to query list of objects from LDAP directory.
Posted by Christian Kraus <ch...@ckc-it.at>.
Hi
I think this setting is wrong :-e LDAP_HOSTNAME=mydomain.aaa.com \
it should be -e LDAP_HOSTNAME=dcserver.mydomain.aaa.com \
rg
Christian
Christian Kraus
Inhaber
CKC IT Consulting & Solutions e.U.
Kirschenallee 22
2120 OBERSDORF
Österreich
Telefon: +43 (0) 680 2062952
Fax: +43 820 220262992
E-mail: christian.kraus@ckc-it.at
-----Ursprüngliche Nachricht-----
Von: Daniel Brienza <da...@protonmail.com>
Gesendet: Freitag 25 Januar 2019 12:38
An: user@guacamole.apache.org
Betreff: Unable to query list of objects from LDAP directory.
I'm trying to configure a container with LDAP authentication from my active directory domain but I'm receiving the error message below on web interface after login:
Unable to query list of objects from LDAP directory.
I don't see any error message on logs, it shows as it successfully authenticated:
1:13:28.610 [http-nio-8080-exec-7] INFO o.a.g.r.auth.AuthenticationService - User "my.user" successfully authenticated from 10.0.0.0.
Container configuration:
docker run --name my-guacamole --link my-guacd:guacd \
--link my-guaca-postgres:postgres \
-e POSTGRES_DATABASE=guacamole_db \
-e POSTGRES_USER=guacamole_user \
-e POSTGRES_PASSWORD=password \
-e LDAP_HOSTNAME=mydomain.aaa.com \
-e LDAP_PORT=389 \
-e LDAP_USER_BASE_DN=OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_DN=CN=BindUsers,OU=Infra,OU=IT,OU=Users,OU=BU,DC=MYDOMAIN,DC=aaa,DC=com \
-e LDAP_SEARCH_BIND_PASSWORD=password \
-e LDAP_USERNAME_ATTRIBUTE=sAMAccountName \
-d -p 8080:8080 guacamole/guacamole
Re: Unable to query list of objects from LDAP directory.
Posted by Nick Couchman <vn...@apache.org>.
On Mon, Jan 28, 2019 at 7:29 AM Daniel Brienza <
daniel.brienza@protonmail.com> wrote:
> Yes, I think it's related to a large LDAP query, after changing the
> LDAP_USER_BASE_DN to an OU with less users the authentication works.
>
>
There are two or three JIRA issues in the works which might help this
situation out with larger directory trees:
https://issues.apache.org/jira/browse/GUACAMOLE-717
https://issues.apache.org/jira/browse/GUACAMOLE-234
Hopefully we'll have this resolved, soon.
-Nick
Re: Unable to query list of objects from LDAP directory.
Posted by Daniel Brienza <da...@protonmail.com>.
Yes, I think it's related to a large LDAP query, after changing the LDAP_USER_BASE_DN to an OU with less users the authentication works.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, 25 de January de 2019 às 14:01, JoelB <na...@joelbest.ca> wrote:
> Are you working with a large LDAP directory? I'm working on solving some
> similar problems where the LDAP search results contain > 1000 results.
>
> --
>
> Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: Unable to query list of objects from LDAP directory.
Posted by JoelB <na...@joelbest.ca>.
Are you working with a large LDAP directory? I'm working on solving some
similar problems where the LDAP search results contain > 1000 results.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/