You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Angel Elena <cr...@craem.net> on 2018/10/21 16:41:19 UTC
ldap question
Hi, good afternoon.
I'm a new guacamole user.
I installed it in a debian 9 and 0.9.9 guacd version. The program works fine with local users mapping... my configuration:
/etc/guacamole/guacamole.properties
# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822
# Auth provider class (authenticates user/pass combination, needed if using the provided login screen)
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider: net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
auth-provider: net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
basic-user-mapping: /etc/guacamole/user-mapping.xml
lib-directory: /etc/guacamole/extensions
# LDAP properties
ldap-hostname: ldap.craem.net
ldap-port: 389
ldap-user-base-dn: DC=craem,DC=net
ldap-search-bind-dn: CN=admin,DC=craem,DC=net
ldap-search-bind-password: passwordtuyu
ldap-username-attribute: uid
And the user mapping: /etc/guacamole/user-mapping.xml
<user-mapping>
<authorize username="craem" password="passwordtuyu">
<connection name="kamailio">
<protocol>ssh</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">22</param>
</connection>
<connection name="chichi">
<protocol>ssh</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">22</param>
</connection>
<connection name="copiasVeeam">
<protocol>rdp</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
<param name="security">rdp</param>
</connection>
<connection name="copiasVeeam9">
<protocol>rdp</protocol>
<param name="hostname">10.XX.XX.XX</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
<param name="security">rdp</param>
</connection>
</authorize>
</user-mapping>
When I enter with the username "craem", I can view / enter in all hosts that I defined... the problem is with the open ldap authentication.
My Ldap server is an OpenLDAP. I added the openldap schema:
# ldapadd -Q -Y EXTERNAL -H ldapi:/// -f guacConfigGroup.ldif
And the schema is ready:
root@asterisk:/usr/src# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config dn
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}nis,cn=schema,cn=config
dn: cn={3}inetorgperson,cn=schema,cn=config
dn: cn={4}zarafa,cn=schema,cn=config
dn: cn={5}radius,cn=schema,cn=config
dn: cn={6}guacConfigGroup,cn=schema,cn=config
I add one server to test:
file: entrada.ldif
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus.craem.net
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net
add the file to my openldap:
# ldapadd -x -D cn=admin,dc=craem,dc=net -W -f entrada.ldif
And works fine
ldapsearch to view "angel" user:
# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
# Angel Elena, zarafa-users, craem.net
dn: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
givenName:: xxxxx
sn: Elena
uid: angel
uidNumber: 1001
gidNumber: 500
zarafaAccount: 1
dialupAccess: 1
zarafaAdmin: 1
mobile: xxxxxx
homeDirectory: /home/angel
radiusFramedProtocol: PPP
radiusServiceType: Framed-User
radiusFramedCompression: Van-Jacobsen-TCP-IP
zarafaQuotaHard: 3000
zarafaQuotaWarn: 2000
zarafaQuotaSoft: 2500
zarafaQuotaOverride: 0
mail: craem@craem.net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: zarafa-user
objectClass: radiusprofile
objectClass: zarafa-group
objectClass: person
objectClass: organizationalPerson
cn: Angel Elena
cn: angel
And the zeus "object"
# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
# zeus, craem.net
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
cn: zeus
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net
When I login with de "angel" user to the front-end, the user space is empty, without any machine, but I can login.
Any ideas ?
Thanks
--------------------------------
Ángel Elena Medina _o)
craem@craem.net / \\
http://blog.craem.net _(___V
@craem_
www.linkedin.com/in/angel-elena-medina
--------------------------------
Zarafa Webapp.
Re: ldap question
Posted by Nick Couchman <vn...@apache.org>.
On Sun, Oct 21, 2018 at 12:41 PM Angel Elena <cr...@craem.net> wrote:
> Hi, good afternoon.
>
> I'm a new guacamole user.
>
Welcome! :-)
>
> I installed it in a debian 9 and 0.9.9 guacd version. The program works
> fine with local users mapping... my configuration:
>
The first thing I'd start with is using a recent version of Guacamole -
0.9.14 is the current release, and 1.0.0 is on the way.
>
> When I login with de "angel" user to the front-end, the user space is
> empty, without any machine, but I can login.
>
Are there any errors in the Tomcat log file?
-Nick
>