[
https://issues.apache.org/jira/browse/GUACAMOLE-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josna Battula updated GUACAMOLE-1881:
-------------------------------------
Description:
As per
[documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
for example we are configuring guacamole to use multiple LDAP's in
`ldap-servers.yaml` like below, with `match-usernames` otption
{code:java}
- hostname: dc1.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYA\\(.*)
- hostname: dc2.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYB\\(.*){code}
In this case, to login i have to use `domain\username`. so after successful
login ${GUAC_USERNAME} => `domain/username`.
Where as for single LDAP configuration in `guacamole.properties`
${GUAC_USERNAME} => `username`.
This difference is causing us to use ${GUAC_USERNAME} as username in RDP
session connection.
was:
As per
[documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
we can configure guacamole to use multiple LDAP's in `ldap-servers.yaml` like
below
{code:java}
- hostname: dc1.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
- hostname: dc2.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword! {code}
For multiple LDAP connections, after successful log-in, ${GUAC_USERNAME}
becomes `domainname/username`, but for single LDAP configuration in
`guacamole.properties` ${GUAC_USERNAME} environment variable becomes just
`username`. which is causing us to use ${GUAC_USERNAME} in RDP session
connection.
> ${GUAC_USERNAME} name become domainname\username multiple LDAPS
> ---------------------------------------------------------------
>
> Key: GUACAMOLE-1881
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1881
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-ldap, guacamole-client
> Affects Versions: 1.5.0
> Reporter: Josna Battula
> Priority: Major
> Attachments: image-2023-11-15-12-03-22-508.png
>
>
> As per
> [documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
> for example we are configuring guacamole to use multiple LDAP's in
> `ldap-servers.yaml` like below, with `match-usernames` otption
> {code:java}
> - hostname: dc1.example.net
> user-base-dn: ou=Users,dc=example,dc=net
> username-attribute: sAMAccountName
> search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
> search-bind-password: SomePassword!
> match-usernames: COMPANYA\\(.*)
> - hostname: dc2.example.net
> user-base-dn: ou=Users,dc=example,dc=net
> username-attribute: sAMAccountName
> search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
> search-bind-password: SomePassword!
> match-usernames: COMPANYB\\(.*){code}
> In this case, to login i have to use `domain\username`. so after successful
> login ${GUAC_USERNAME} => `domain/username`.
> Where as for single LDAP configuration in `guacamole.properties`
> ${GUAC_USERNAME} => `username`.
> This difference is causing us to use ${GUAC_USERNAME} as username in RDP
> session connection.
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
