You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Zain <za...@clsa.com> on 2020/01/15 07:55:36 UTC
Unable to query list of objects from LDAP directory.
Hello I am trying to run docker image of guacamole with AD Authentications,
As per previous post i was able to get below entries into
guacamole.properties,
**************************************************************root@df642c6eb6c7:~/.guacamole#
cat guacamole.properties# guacamole.properties - generated Wed Jan 15
07:31:31 UTC 2020guacd-hostname: 172.0.0.1guacd-port: 4822mysql-hostname:
172.0.0.2mysql-port: 3306mysql-database: guacamole_dbmysql-username:
guacamole_usermysql-password: ******************ldap-hostname:
my.ldapserver.localldap-encryption-method: noneldap-user-base-dn:
OU=Cl,OU=CA,DC=my,DC=ldapserver,DC=localldap-username-attribute:
sAMAccountNameldap-user-search-filter:
(objectClass=user)(!(objectCategory=computer))ldap-max-search-results:
4000*************************************************************************however
i am not able to login as AD user,if i narrow down the base DN to a
specific OU like below, i can
loginOU=level1,OU=level2,OU=level3,OU=level4,OU=CA,DC=my,DC=ldapserver,DC=locali
have a large OU structure with minimum 12 Sub OU's under parent OU. is there
a limit in the extension for the search result ?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: Unable to query list of objects from LDAP directory.
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Jan 15, 2020 at 2:54 AM Zain <za...@clsa.com> wrote:
> Hello I am trying to run docker image of guacamole with AD
> Authentications, As per previous post i was able to get below entries into
> guacamole.properties,
> **************************************************************
> root@df642c6eb6c7:~/.guacamole# cat guacamole.properties #
> guacamole.properties - generated Wed Jan 15 07:31:31 UTC 2020
> guacd-hostname: 172.0.0.1 guacd-port: 4822 mysql-hostname: 172.0.0.2
> mysql-port: 3306 mysql-database: guacamole_db mysql-username:
> guacamole_user mysql-password: ****************** ldap-hostname:
> my.ldapserver.local ldap-encryption-method: none ldap-user-base-dn:
> OU=Cl,OU=CA,DC=my,DC=ldapserver,DC=local ldap-username-attribute:
> sAMAccountName ldap-user-search-filter:
> (objectClass=user)(!(objectCategory=computer)) ldap-max-search-results:
> 4000
> *************************************************************************
> however i am not able to login as AD user, if i narrow down the base DN to
> a specific OU like below, i can login
> OU=level1,OU=level2,OU=level3,OU=level4,OU=CA,DC=my,DC=ldapserver,DC=local
> i have a large OU structure with minimum 12 Sub OU's under parent OU. is
> there a limit in the extension for the search result ?
>
>
What version of Guacamole Client are you running? There are several known
issues in 0.9.14 and 1.0.0 that may prevent this. Referal following is one
of the things that can impact this at the root of an LDAP directory tree,
particularly AD, but this should be fixed in 1.0.0. Size of the tree could
also impact it - not the number of OUs under the parent, but the number of
actual results returned. Version 1.1.0, coming soon, uses a different LDAP
library and should support larger trees a little more robustly.
-Nick