You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by rfaurevincent <rf...@xivo.solutions> on 2020/08/14 08:50:56 UTC
LDAP group membership not applied with a posixGroup RFC2307 scheme
Hi,
I'm trying to set a Guacamole portal up with my LDAP server, using those
guacamole.properties parameters :
LDAP_GROUP_NAME_ATTRIBUTE: cn
LDAP_MEMBER_ATTRIBUTE: memberUid
LDAP_MEMBER_ATTRIBUTE_TYPE: uid
from the documentation at
https://guacamole.apache.org/doc/gug/ldap-auth.html#guac-ldap-config :
dn: cn=group1,ou=Groups,dc=example,dc=net
objectClass: posixGroup
cn: group1
gidNumber: 12345
memberUid: user1
memberUid: user2
ldap-member-attribute is memberUid and ldap-member-attribute-type is uid
this works, I'm getting the users and groups correctly but they are not
matched properly.
Guacamole sends this query to the LDAP server to do the matching :
SRCH base="ou=groups,dc=avencall,dc=com" scope=2 deref=0
filter="(&(objectClass=*)(|(memberUid=uid=rfaurevincent,ou=people,dc=company,dc=com)))"
the correct query should be :
SRCH base="ou=groups,dc=avencall,dc=com" scope=2 deref=0
filter="(&(objectClass=*)(|(memberUid=rfaurevincent)))"
(objectClass could be posixGroup for performance but * works just as well)
how do I go about changing this query so I can get my users properly put in
the corresponding groups ?
thanks in advance,
Rémy.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: LDAP group membership not applied with a posixGroup RFC2307
scheme
Posted by rfaurevincent <rf...@xivo.solutions>.
I figured it out.
LDAP_MEMBER_ATTRIBUTE_TYPE: uid is passed to the docker container but not
put into guacamole.properties properly.
so I put ldap-member-attribute-type in the guacamole.properties override
through the GUACAMOLE_HOME envvar, and everything works now :)
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org