You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by avocado <jd...@nmcourts.gov> on 2019/02/27 20:43:56 UTC
LDAP Cannot Find Specific User
I have had Apache Guacamole running with LDAP + MySQL for quite some time
now. I have not had many issues, but I have come across a new one. When I
search for users, I am unable to find a certain user. I have
*ldap-user-base-dn:* at the very root of my domain, so I know that OU isn't
an issue. I use *ldap-user-search-filter:* to filter for a certain group
membership, but I have removed and re-added the user to the group.
Typically, once I add a user to the group, log out, and log in the user
appears. I have ~100 users, and have never seen this before. Does anyone
know where I can even look for a log that might point me in the direction of
the problem?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: LDAP Cannot Find Specific User
Posted by avocado <jd...@nmcourts.gov>.
Thanks for your help - I found the issue. Someone had disabled permissions
inheritance on the sub OU. The lack of system permissions being applied was
creating issues. I hope this helps someone in the future.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: LDAP Cannot Find Specific User
Posted by Paul Cantle <pa...@cantle.me>.
Does it work if you use the global catalogue port instead of standard LDAP/LDAPS?
Port 3268/3269 (non-secure / secure respectively)
Rgds
Paul
> On 27 Feb 2019, at 21:21, avocado <jd...@nmcourts.gov> wrote:
>
> I found this in the log:
>
> [https-openssl-apr-443-exec-10] WARN o.a.g.auth.ldap.ObjectQueryService -
> Given a referral, but referrals are disabled. Er
> ror was: Referral
>
>
> I also moved the user to a different OU, and was able to find the user. This
> tells me it is an issue with the OU after all. I looked at the permissions
> for the problem OU for 'Authenticated Users', but I can't find a difference
> from any of the other OUs. Any other input would be appreciated.
>
>
>
> --
> Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: LDAP Cannot Find Specific User
Posted by avocado <jd...@nmcourts.gov>.
I found this in the log:
[https-openssl-apr-443-exec-10] WARN o.a.g.auth.ldap.ObjectQueryService -
Given a referral, but referrals are disabled. Er
ror was: Referral
I also moved the user to a different OU, and was able to find the user. This
tells me it is an issue with the OU after all. I looked at the permissions
for the problem OU for 'Authenticated Users', but I can't find a difference
from any of the other OUs. Any other input would be appreciated.
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: LDAP Cannot Find Specific User
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Feb 27, 2019 at 3:44 PM avocado <jd...@nmcourts.gov> wrote:
> I have had Apache Guacamole running with LDAP + MySQL for quite some time
> now. I have not had many issues, but I have come across a new one. When I
> search for users, I am unable to find a certain user. I have
> *ldap-user-base-dn:* at the very root of my domain, so I know that OU isn't
> an issue. I use *ldap-user-search-filter:* to filter for a certain group
> membership, but I have removed and re-added the user to the group.
> Typically, once I add a user to the group, log out, and log in the user
> appears. I have ~100 users, and have never seen this before. Does anyone
> know where I can even look for a log that might point me in the direction
> of
> the problem?
>
>
Check the catalina.out file from Tomcat to see if there are any errors. If
not, try bumping up logging (
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging)
and see if it provides any additional information.
-Nick