guacamole LDAP seeAlso group

[Vieri <re...@yahoo.com>]

Hi,

I have set up the guacConfigGroup configurations in my Directory.

Whenever a user logs into Guacamole UI (user1), the match is made on the "member" attribute, as expected. The user can thus properly see the authorized connection.

However, if I change the "member" attribute to, say, "cn=user2...." and add "cn=group1..." to the "seeAlso" attribute (user1 is a member of group1), then when user1 logs into Guacamole, the connection configuration is not detected/loaded.
It's as if Guacamole were not looking up the seeAlso attribute.

It must be an error in my configuration.

ldap-hostname: 10.215.144.35
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
ldap-username-attribute: cn
ldap-user-search-filter: (|(&(objectClass=user)(memberOf=cn=group1,cn=Users,dc=mydomain,dc=org))(objectClass=guac*)(cn=group1))
ldap-max-search-results: 15000

I always get an "Unable to query list of ojects from LDAP diretcory" message.

Any ideas?

Vieri

Re: guacamole LDAP seeAlso group

[Vieri <re...@yahoo.com>]

On Thursday, May 2, 2019, 5:04:54 PM GMT+2, Vieri <re...@yahoo.com> wrote: 
>
> ----- Forwarded Message -----
>
> I always get an "Unable to query list of ojects from LDAP diretcory" message.

Today I cloned guacamole-client with git. After installing both the war file and the ldap module, my user can finally successfully see all the connections, even those pointing to a group with seeAlso. So it seems that the LDAP code is now working fine in GIT as far as groups/seeAlso is concerned. However, as soon as I try to connect to any underlying systems, I get unusual behavior.

For instance, I have a telnet service I can connect to, but it's as if guacamole were sending ENTER keystrokes automatically (so I can't even log into the Telnet service).

Also, I can connect to a Windows Server 2003, and I see Windows's user login screen for a fraction of a second, but a pop-up shows up and immediately closes the session (I can't even log-in or even read this message -- granted I haven't searched the server's event log yet).

Finally, an RDP/LNA connection to a Windows 2012 R2 immediately fails (cannot log-in).

With Guacamole 1.0.0 release I can successfully connect to any one of the 3 examples above.  Only LDAP is misbehaving in 1.0.0.

If I try to use the GIT 1.1.0 LDAP module with Guacamole client 1.0.0 I get an invalid login.

Any ideas?

Thanks,

Vieri

guacamole LDAP seeAlso group

[Vieri <re...@yahoo.com>]

Hi,

For some strange reason, the message I'm forwarding below doesn't show up in the mailing list archive. I'm sending it again. If I'm mistakenly sending a dupe then please forgive me.

----- Forwarded Message -----
To: user@guacamole.apache.org <us...@guacamole.apache.org>
Sent: Saturday, April 27, 2019, 1:56:30 AM GMT+2

Hi,

I have set up the guacConfigGroup configurations in my Directory.

Whenever a user logs into Guacamole UI (user1), the match is made on the "member" attribute, as expected. The user can thus properly see the authorized connection.

However, if I change the "member" attribute to, say, "cn=user2...." and add "cn=group1..." to the "seeAlso" attribute (user1 is a member of group1), then when user1 logs into Guacamole, the connection configuration is not detected/loaded.
It's as if Guacamole were not looking up the seeAlso attribute.

It must be an error in my configuration.

ldap-hostname: 10.215.144.35
ldap-port: 389
ldap-encryption-method: none
ldap-user-base-dn: cn=Users,dc=mydomain,dc=org
ldap-config-base-dn: cn=Users,dc=mydomain,dc=org
ldap-group-base-dn: cn=Users,dc=mydomain,dc=org
ldap-username-attribute: cn
ldap-user-search-filter: (|(&(objectClass=user)(memberOf=cn=group1,cn=Users,dc=mydomain,dc=org))(objectClass=guac*)(cn=group1))
ldap-max-search-results: 15000

I always get an "Unable to query list of ojects from LDAP diretcory" message.

Any ideas?

Vieri