You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Anburaj Palraj <an...@gmail.com> on 2017/01/23 11:41:43 UTC
is it possible to use ldap-user-base-dn as like "ldap-user-base-dn:
dc=example,dc=net" in Guacamole ?
Hi Friends,
Currently i am using 0.9.10-incubating (Associating LDAP with a database)
and my guacamole property file is like below .
==
guacd-hostname: localhost
guacd-port: 4822
####LDAP properties optional for people with MS Active Directory / lDAP
environment
ldap-hostname: 192.168.207.48
ldap-port: 389
ldap-user-base-dn: dc=example,dc=net
ldap-search-bind-dn: CN=guacamole,ou=Technology,ou=
BLR-KSPs,ou=BLR-KSP-Platina,ou=Platina - BLR,dc=example,dc=net
ldap-search-bind-password: Welcome@123
ldap-username-attribute: sAMAccountName
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacadb
mysql-username: guacauser
mysql-password: guacauser@247
# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
mysql-disallow-duplicate-connections: false
===
Whereas if i use ldap-user-base-dn as like below , it is working fine .
but the problem here is users who all are under the main root directory
(not under any OU) they are not able to login
*ldap-user-base-dn: ou=Platina -BLR,DC=example,DC=net*
doc says "If a search DN is provided (via ldap-search-bind-dn), then
Guacamole users need only be somewhere within the subtree of the specified
user base DN."
so if i use "ldap-user-base-dn: dc=example,dc=net" also sould work right ?
Please help me to solve this issue ?
Re: is it possible to use ldap-user-base-dn as like
"ldap-user-base-dn: dc=example,dc=net" in Guacamole ?
Posted by Anburaj Palraj <an...@gmail.com>.
Thank you very much Paul , it is working fine now .
On Mon, Jan 23, 2017 at 5:21 PM, Paul Cantle <pa...@cantle.me> wrote:
> Hi,
>
>
>
> In modern versions of AD, to search from the root DN, you need to use port
> 3268 so you can use the global catalogue
>
>
> Try that instead of port 389
>
>
>
> Rgds
>
>
> paul
>
>
>
>
>
>
>
> *From: *Anburaj Palraj <an...@gmail.com>
> *Reply-To: *"user@guacamole.incubator.apache.org" <
> user@guacamole.incubator.apache.org>
> *Date: *Monday, 23 January 2017 at 11:41
> *To: *"user@guacamole.incubator.apache.org" <user@guacamole.incubator.
> apache.org>
> *Subject: *is it possible to use ldap-user-base-dn as like
> "ldap-user-base-dn: dc=example,dc=net" in Guacamole ?
>
>
> Hi Friends,
>
> Currently i am using 0.9.10-incubating (Associating LDAP with a database)
> and my guacamole property file is like below .
>
> ==
>
>
> guacd-hostname: localhost
> guacd-port: 4822
>
> ####LDAP properties optional for people with MS Active Directory / lDAP
> environment
>
> ldap-hostname: 192.168.207.48
> ldap-port: 389
> ldap-user-base-dn: dc=example,dc=net
> ldap-search-bind-dn: CN=guacamole,ou=Technology,ou=
> BLR-KSPs,ou=BLR-KSP-Platina,ou=Platina - BLR,dc=example,dc=net
> ldap-search-bind-password: Welcome@123
> ldap-username-attribute: sAMAccountName
>
> # MySQL properties
> mysql-hostname: localhost
> mysql-port: 3306
> mysql-database: guacadb
> mysql-username: guacauser
> mysql-password: guacauser@247
>
> # Additional settings
> mysql-default-max-connections-per-user: 0
> mysql-default-max-group-connections-per-user: 0
> mysql-disallow-duplicate-connections: false
>
> ===
>
> Whereas if i use ldap-user-base-dn as like below , it is working fine .
> but the problem here is users who all are under the main root directory
> (not under any OU) they are not able to login
>
>
> *ldap-user-base-dn: ou=Platina -BLR,DC=example,DC=net*
>
>
> doc says "If a search DN is provided (via ldap-search-bind-dn), then
> Guacamole users need only be somewhere within the subtree of the specified
> user base DN."
>
> so if i use "ldap-user-base-dn: dc=example,dc=net" also sould work right
> ?
>
> Please help me to solve this issue ?
>
Re: is it possible to use ldap-user-base-dn as like
"ldap-user-base-dn: dc=example,dc=net" in Guacamole ?
Posted by Paul Cantle <pa...@cantle.me>.
Hi,
In modern versions of AD, to search from the root DN, you need to use port 3268 so you can use the global catalogue
Try that instead of port 389
Rgds
paul
From: Anburaj Palraj <an...@gmail.com>
Reply-To: "user@guacamole.incubator.apache.org" <us...@guacamole.incubator.apache.org>
Date: Monday, 23 January 2017 at 11:41
To: "user@guacamole.incubator.apache.org" <us...@guacamole.incubator.apache.org>
Subject: is it possible to use ldap-user-base-dn as like "ldap-user-base-dn: dc=example,dc=net" in Guacamole ?
Hi Friends,
Currently i am using 0.9.10-incubating (Associating LDAP with a database) and my guacamole property file is like below .
==
guacd-hostname: localhost
guacd-port: 4822
####LDAP properties optional for people with MS Active Directory / lDAP environment
ldap-hostname: 192.168.207.48
ldap-port: 389
ldap-user-base-dn: dc=example,dc=net
ldap-search-bind-dn: CN=guacamole,ou=Technology,ou=BLR-KSPs,ou=BLR-KSP-Platina,ou=Platina - BLR,dc=example,dc=net
ldap-search-bind-password: Welcome@123
ldap-username-attribute: sAMAccountName
# MySQL properties
mysql-hostname: localhost
mysql-port: 3306
mysql-database: guacadb
mysql-username: guacauser
mysql-password: guacauser@247
# Additional settings
mysql-default-max-connections-per-user: 0
mysql-default-max-group-connections-per-user: 0
mysql-disallow-duplicate-connections: false
===
Whereas if i use ldap-user-base-dn as like below , it is working fine . but the problem here is users who all are under the main root directory (not under any OU) they are not able to login
ldap-user-base-dn: ou=Platina -BLR,DC=example,DC=net
doc says "If a search DN is provided (via ldap-search-bind-dn), then Guacamole users need only be somewhere within the subtree of the specified user base DN."
so if i use "ldap-user-base-dn: dc=example,dc=net" also sould work right ?
Please help me to solve this issue ?