You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Niubbo75 <a....@me.com.INVALID> on 2020/04/16 08:47:09 UTC
Re: guacamole-auth-ldap Performance
Hi Chris,
we are using LDAP in our AD and we do not see any issue, our AD is quiet
small (about 50 users), maybe that's why we do not see problem, how big is
your AD?
For what I think to have understand, LDAP will query DB on every connection,
but it still not querying AD DB during connection time (infact, if you try
to add or remove users from AD and you check if there are changed on
guacamole side, you do not see them untill you log off and log on again on
guacamole).
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: guacamole-auth-ldap Performance
Posted by Niubbo75 <a....@me.com.INVALID>.
Hi Chris,
no, I do not use such parameters in my conf, exept for:
ldap-username-attribute: sAMAccountName
and the other basic parameters needed to bind, my AD is really simple, I
have my users in a single OU, after successful login I do not have your
warning, I get only
$time [http-nio-8080-exec-4] o.a.r.g.auth.AuthenticationService - User
"$username" successfully authenticated from $user_IP_Address.
and I get the same message twice because I'm using TOTP.
If this can help, I'm using LDAP module from 1.0.0 on guacamole 1.1.0, with
LDAP module from 1.1.0 I had have lots of issue starting from seeing users
in guacamole and a lot of warning messages after each successfully logon.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
RE: guacamole-auth-ldap Performance
Posted by Chris Lee <ch...@centurycity.com.hk>.
Hi Alessandro,
About AD 600 users.
Did you use setting like following:
ldap-username-attribute: sAMAccountName
ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))
ldap-max-search-results:400
Beside, do you got following msg after success auth
Apr 16 18:16:58 server[313781]: 18:16:58.663 [NioProcessor-98] WARN o.a.d.a.l.m.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 'CN=ABC,OU=Domain Controllers,DC=example,DC=com' already exists in the attribute (msDS-RevealedDSAs)
Regards,
Chris
-----Original Message-----
From: Niubbo75 <a....@me.com.INVALID>
Sent: Thursday, April 16, 2020 4:47 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-ldap Performance
Hi Chris,
we are using LDAP in our AD and we do not see any issue, our AD is quiet small (about 50 users), maybe that's why we do not see problem, how big is your AD?
For what I think to have understand, LDAP will query DB on every connection, but it still not querying AD DB during connection time (infact, if you try to add or remove users from AD and you check if there are changed on guacamole side, you do not see them untill you log off and log on again on guacamole).
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
This message and its attachment (if any) are strictly confidential and sent to the designated recipient(s) only. If you are not the intended recipient, please notify the sender by e-mail and delete this message and its attachment (if any) from your computer system immediately . Century City International Holdings Limited, Paliburg Holdings Limited, Regal Hotels International Holdings Limited, its respective related subsidiaries, associated companies and affiliates do not guarantee this message and its attachment (if any) are free of computer virus and would not accept any liability whatsoever arising from Internet transmission.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org