[
https://issues.apache.org/jira/browse/GUACAMOLE-1294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287947#comment-17287947
]
Nick Couchman commented on GUACAMOLE-1294:
------------------------------------------
No, this is not a bug, this is intended behavior. The authentication modules
are loaded and evaluated in alphabetical order. This means that, if you copy
the JAR files with the expected names, you'll have:
# guacamole-auth-jdbc-mysql-1.3.0.jar
# guacamole-auth-ldap-1.3.0.jar
So, when you log in, if the password of the user in MySQL is the same as the
LDAP password, Guacamole will attempt the log in with MySQL, satisfy the
authentication, and log you in without evaluating the LDAP module. The solution
is either:
* What you've done, which is to make sure that the JDBC module and LDAP module
passwords do not match, or
* Change the order that the modules are loaded and evaluated in, so that LDAP
comes first. You can, for example, rename the LDAP extension to
"0-auth-ldap.jar" and the JDBC extension to "1-auth-jdbc.jar", which gives you
a good, quick indication on which is being evaluated first without having to
look through the entire name to figure it out :-).
> LDAP auth works, but the list of users is not updated
> -----------------------------------------------------
>
> Key: GUACAMOLE-1294
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1294
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.3.0
> Environment: Ubuntu 20.04
> Guacamole 1.3.0
> Tomcat 9
> MySQL 8
> Openjdk 8
> Reporter: Daniele
> Priority: Major
> Labels: ldap, list, login, users
> Attachments: Expected.jpg, Wrong.jpg
>
>
> I updated Guacamole step by step from version 0.9.14 to version 1.3.0.
> I use LDAP auth. This is the configuration:
> #LDAP properties
> ldap-hostname a.b.c.d
> ldap-port 389
> ldap-encryption-method none
> ldap-search-bind-dn CN=Administrator,CN=Users,DC=contoso,DC=com
> ldap-search-bind-password XXXXXXXXXXXXXXX
> ldap-user-base-dn DC=Users,DC=contoso,DC=com
> ldap-username-attribute sAMAccountName
> ldap-user-search-filter (objectClass=user)
> ldap-group-base-dn OU=Groups,DC=contoso,DC=com
> ldap-group-name-attribute cn
> I can login using LDAP credentials BUT ldap users does not appears in users
> management.
> I need to add MANUALLY the users with the same username in order to manage
> them.
> Besides when I enter the user configuration page I cannot see the expected
> authentication labels (see attachments)
> Apparently there are not errors in log files.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
