RE: ldap question

[Angel Elena]

Hi!!!

I upgrade from 0.9.9 to 0.9.14, but I have the same issue:

/etc/guacamole/guacamole.properties

# Hostname and port of guacamole proxy
guacd-hostname: localhost
guacd-port: 4822

# Auth provider class (authenticates user/pass combination, needed if using the 
provided login screen)
auth-provider: 
net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
auth-provider: 
net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
lib-directory: extensions
basic-user-mapping: GUACAMOLE_HOME/user-mapping.xml
# user-mapping: /etc/guacamole/ --> rename
GUACAMOLE_HOME/user-mapping.xml

# LDAP properties
ldap-hostname: 192.168.2.5
ldap-port: 389
ldap-user-base-dn: DC=craem,DC=net
ldap-search-bind-dn: CN=admin,DC=craem,DC=net
ldap-search-bind-password: 
ldap-username-attribute: uid


Restarting tomcat8, the log:

 java.lang.Object.wait(Native Method)
 java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:144)
 java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:165)
 com.google.inject.internal.util.$Finalizer.run(Finalizer.java:114)
22-Oct-2018 16:20:30.139 INFO [Thread-4] 
org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler 
["http-nio-8080"]
22-Oct-2018 16:20:30.141 INFO [Thread-4] 
org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler 
["http-nio-8080"]
22-Oct-2018 16:20:43.260 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version:
Apache Tomcat/8.5.14 (Debian)
22-Oct-2018 16:20:43.265 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server built:  
Aug 24 2018 19:44:12 UTC
22-Oct-2018 16:20:43.265 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server number: 
8.5.14.0
22-Oct-2018 16:20:43.265 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Name:   
Linux
22-Oct-2018 16:20:43.265 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Version:
4.9.0-8-amd64
22-Oct-2018 16:20:43.266 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Architecture:  
amd64
22-Oct-2018 16:20:43.266 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Java Home: 
/usr/lib/jvm/java-8-openjdk-amd64/jre
22-Oct-2018 16:20:43.266 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:   
1.8.0_181-8u181-b13-1~deb9u1-b13
22-Oct-2018 16:20:43.266 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:
Oracle Corporation
22-Oct-2018 16:20:43.267 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: 
/var/lib/tomcat8
22-Oct-2018 16:20:43.267 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: 
/usr/share/tomcat8
22-Oct-2018 16:20:43.267 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.util.logging.config.file=/var/lib/tomcat8/conf/logging.properties
22-Oct-2018 16:20:43.268 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
22-Oct-2018 16:20:43.268 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.awt.headless=true
22-Oct-2018 16:20:43.269 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-XX:+UseConcMarkSweepGC
22-Oct-2018 16:20:43.275 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djdk.tls.ephemeralDHKeySize=2048
22-Oct-2018 16:20:43.276 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
22-Oct-2018 16:20:43.276 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dcatalina.base=/var/lib/tomcat8
22-Oct-2018 16:20:43.276 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Dcatalina.home=/usr/share/tomcat8
22-Oct-2018 16:20:43.276 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line argument: 
-Djava.io.tmpdir=/tmp/tomcat8-tomcat8-tmp
22-Oct-2018 16:20:43.277 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based 
Apache Tomcat Native library 1.2.12 using APR version 1.5.2.
22-Oct-2018 16:20:43.277 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: 
IPv6 [true], sendfile [true], accept filters [false], random [true].
22-Oct-2018 16:20:43.277 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL 
configuration: useAprConnector [false], useOpenSSL [true]
22-Oct-2018 16:20:43.282 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized (OpenSSL 1.0.2l  25 May 2017)
22-Oct-2018 16:20:43.417 INFO [

Re: ldap question

[Mike Jumper]

On Mon, Oct 22, 2018, 07:23 Angel Elena  wrote:

> Hi!!!
>
> I upgrade from 0.9.9 to 0.9.14, but I have the same issue:
>
> /etc/guacamole/guacamole.properties
>
> # Hostname and port of guacamole proxy
> guacd-hostname: localhost
> guacd-port: 4822
>
> # Auth provider class (authenticates user/pass combination, needed if
> using the provided login screen)
> auth-provider:
> net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
> auth-provider:
> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
>

The auth-provider property has been deprecated since 0.9.7 and was finally
removed in 0.9.10-incubating:

http://guacamole.apache.org/releases/0.9.10-incubating/#deprecation--compatibility-notes

Using that property will have no effect. You should remove it.

lib-directory: extensions
>

The lib-directory property has been deprecated since 0.9.7 and was finally
removed in 0.9.10-incubating:

http://guacamole.apache.org/releases/0.9.10-incubating/#deprecation--compatibility-notes

Using that property will have no effect. You should remove it.

basic-user-mapping: GUACAMOLE_HOME/user-mapping.xml
>

The basic-user-mapping property has been deprecated since
0.9.10-incubating. You should cease using this property. It will stop
having any effect after 1.0.0.

Please see also the definition in the manual of GUACAMOLE_HOME. The warning
you see is not telling you to rename the directory containing the file, nor
to manually specify a name that contains the literal text "GUACAMOLE_HOME".
It is telling you to stop using the property in question, and instead place
user-mapping.xml within GUACAMOLE_HOME as defined here:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-home

If unsure where this is, your logs will further clarify things:

16:20:47.314 [localhost-startStop-1] INFO
o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is
"/var/lib/tomcat8/.guacamole"

The location differs from /etc/guacamole in your case because you have
overridden the default:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#overriding-guacamole-home

- Mike

RE: ldap question

[Angel Elena]

Hi Mike, thanks for the info.

I removed the config lines and local auth works now and the openLdap auth works 
also, but when i logging with the username angel (ldap), no servers displayed.


16:54:13.737 [http-nio-8080-exec-3] INFO  o.a.g.r.auth.AuthenticationService - 
User "angel" successfully 
authenticated from 10.138.4.10.






Para:   user@guacamole.apache.org; 
> On Mon, Oct 22, 2018, 07:23 Angel Elena   > wrote:
> Hi!!!
> 
> I upgrade from 0.9.9 to 0.9.14, but I have the same issue:
> 
> /etc/guacamole/guacamole.properties
> 
> # Hostname and port of guacamole proxy
> guacd-hostname: localhost
> guacd-port: 4822
> 
> # Auth provider class (authenticates user/pass combination, needed if using 
> the 
> provided login screen)
> auth-provider: 
> net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
> auth-provider: 
> net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
> 
> 
> The auth-provider property has been deprecated since 0.9.7 and was finally 
> removed in 0.9.10-incubating:
> 
> http://guacamole.apache.org/releases/0.9.10-incubating/#deprecation--compatibili
> ty-notes 
>  ity-notes> 
> 
> Using that property will have no effect. You should remove it.
> 
> lib-directory: extensions
> 
> 
> The lib-directory property has been deprecated since 0.9.7 and was finally 
> removed in 0.9.10-incubating:
> 
> http://guacamole.apache.org/releases/0.9.10-incubating/#deprecation--compatibili
> ty-notes 
>  ity-notes> 
> 
> Using that property will have no effect. You should remove it.
> 
> basic-user-mapping: GUACAMOLE_HOME/user-mapping.xml
> 
> 
> The basic-user-mapping property has been deprecated since 0.9.10-incubating. 
> You should cease using this property. It will stop having any effect after 
> 1.0.0.
> 
> Please see also the definition in the manual of GUACAMOLE_HOME. The warning 
> you 
> see is not telling you to rename the directory containing the file, nor to 
> manually specify a name that contains the literal text "GUACAMOLE_HOME". It 
> is 
> telling you to stop using the property in question, and instead place 
> user-mapping.xml within GUACAMOLE_HOME as defined here:
> 
> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-home 
> 
>  
> 
> If unsure where this is, your logs will further clarify things:
> 
> 16:20:47.314 [localhost-startStop-1] INFO  o.a.g.environment.LocalEnvironment 
> - 
> GUACAMOLE_HOME is "/var/lib/tomcat8/.guacamole"
> 
> The location differs from /etc/guacamole in your case because you have 
> overridden the default:
> 
> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#overriding-guacam
> ole-home 
>  mole-home> 
> 
> - Mike
> 
>

Re: ldap question

[Mike Jumper]

On Mon, Oct 22, 2018, 07:57 Angel Elena  wrote:

> Hi Mike, thanks for the info.
>
> I removed the config lines and local auth works now and the openLdap auth
> works also, but when i logging with the username angel (ldap), no servers
> displayed.
>

Where are your connections stored? In LDAP? In a database?

- Mike

Handling of simultaneous key-down and mouse-button events

[Felix Wolfheimer]

I'm using an application on a remote desktop served by Guacamole 0.9.14
(Remote side: CentOS 7.5, MATE Desktop, TurboVNC 2.2, VirtualGL 2.6). The
application uses the following workflow:
If pressing the Spacebar (and holding it down) it shows an overlay on an
OpenGL window it renders. This overlay has three buttons. Each button
selects a different action for the 3D view (rotate, zoom, pan). So while
the spacebar is pressed, I'm moving the mouse to this overlay, press the
left mouse button to select the action, and then move the mouse (spacebar
and left mouse button still pressed at the same time) to perform the action
on the 3D view.

While a normal TurboVNC+VirtualGL connection works for this workflow, the
behavior gets weird when guacamole is on top of it. The overlay flickers
once I start moving the mouse (mouse button and spacebar pressed) and the
3D view doesn't perform the expected action. I suppose that guacamole has
some difficulty passing the events to the remote session. It seems like it
sends a series of key-down and key-release events instead of a single
key-down event at the start and a key-release event at the end (at least
the behavior of the remote application looks like this). Has anyone seen
such a behavior?

RE: ldap question

[Angel Elena]

-Mensaje original-
De: Mike Jumper 
Enviado:Lun 22-10-2018 16:59
Asunto: Re: ldap question
Para:   user@guacamole.apache.org; 
> On Mon, Oct 22, 2018, 07:57 Angel Elena   > wrote:
> Hi Mike, thanks for the info.
> 
> I removed the config lines and local auth works now and the openLdap auth 
> works 
> also, but when i logging with the username angel (ldap), no servers displayed.
> 
> 
> Where are your connections stored? In LDAP? In a database?
> 
> - Mike
> 
> 

The connections are stored in ldap server:

root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net" 

.
.
.
.

# zeus, craem.net
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
cn: zeus
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus
guacConfigParameter: port=22
member: cn=angel,ou=zarafa-users,dc=craem,dc=net

.
.
.
.
.

# Angel Elena, zarafa-users, craem.net
dn: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
givenName:: .z
sn: Elena
uid: angel
uidNumber: 1001
gidNumber: 500
zarafaAccount: 1
dialupAccess: 1
zarafaAdmin: 1
mobile: 616028799
homeDirectory: /home/angel
radiusFramedProtocol: PPP
radiusServiceType: Framed-User
radiusFramedCompression: Van-Jacobsen-TCP-IP
zarafaQuotaHard: 3000
zarafaQuotaWarn: 2000
zarafaQuotaSoft: 2500
zarafaQuotaOverride: 0
mail: cr...@craem.net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: zarafa-user
objectClass: radiusprofile
objectClass: zarafa-group
objectClass: person
objectClass: organizationalPerson
cn: Angel Elena
cn: angel


.
.
.
.



And the schema:

root@asterisk:~# ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b 
cn=schema,cn=config dn
dn: cn=schema,cn=config

dn: cn={0}core,cn=schema,cn=config

dn: cn={1}cosine,cn=schema,cn=config

dn: cn={2}nis,cn=schema,cn=config

dn: cn={3}inetorgperson,cn=schema,cn=config

dn: cn={4}zarafa,cn=schema,cn=config

dn: cn={5}radius,cn=schema,cn=config

dn: cn={6}guacConfigGroup,cn=schema,cn=config

root@asterisk:~#

No LDAP user mappings in Guacamole database

[Adams, Christopher]

Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap
Affects Versions: 0.9.14
Environment: OS: Ubuntu 16.04.5
Guacamole Version: 0.9.14
Web server: Apache Tomcat 8

 We have Apache Guacamole 0.9.14 installed on an Ubuntu 16.04.5 server.
It's bound to an Active Directory security group. Members of that group are
able to log in but have no connections. When we log in as an admin we can't
see the AD users listed. Not sure where to go from here. We'd like to
authenticate users in multiple groups to various connections in Guacamole.
How should we proceed?

Thanks in advance for any assistance you would offer!

Re: Handling of simultaneous key-down and mouse-button events

[Mike Jumper]

On Mon, Oct 22, 2018, 08:02 Felix Wolfheimer 
wrote:

> I'm using an application on a remote desktop served by Guacamole 0.9.14
> (Remote side: CentOS 7.5, MATE Desktop, TurboVNC 2.2, VirtualGL 2.6). The
> application uses the following workflow:
> If pressing the Spacebar (and holding it down) it shows an overlay on an
> OpenGL window it renders. This overlay has three buttons. Each button
> selects a different action for the 3D view (rotate, zoom, pan). So while
> the spacebar is pressed, I'm moving the mouse to this overlay, press the
> left mouse button to select the action, and then move the mouse (spacebar
> and left mouse button still pressed at the same time) to perform the action
> on the 3D view.
>
> While a normal TurboVNC+VirtualGL connection works for this workflow, the
> behavior gets weird when guacamole is on top of it. The overlay flickers
> once I start moving the mouse (mouse button and spacebar pressed) and the
> 3D view doesn't perform the expected action. I suppose that guacamole has
> some difficulty passing the events to the remote session. It seems like it
> sends a series of key-down and key-release events instead of a single
> key-down event at the start and a key-release event at the end (at least
> the behavior of the remote application looks like this). Has anyone seen
> such a behavior?
>

Yes. Unfortunately, this isn't a bug per se, but a platform- and
browser-specific aspect of how key events are fired. The key events of
printable keys may autorepeat while held.

To unify things across platforms, as not all do this (or even reliably
report keyup), Guacamole also has its own autorepeat timer within the
keyboard handling. Automatically debouncing with client-side heuristics
would be another approach which could conceivably be implemented (and that
would be compatible with your intentions), but exactly how to do this
without breaking the expectations of protocols and applications which rely
on automatic key repeat would be tricky.

- Mike

Re: ldap question

[Mike Jumper]

On Mon, Oct 22, 2018 at 8:04 AM Angel Elena  wrote:

> -Mensaje original-
> De:Mike Jumper 
> Enviado:Lun 22-10-2018 16:59
> Asunto:Re: ldap question
> Para:user@guacamole.apache.org;
> > On Mon, Oct 22, 2018, 07:57 Angel Elena  >  > wrote:
> > Hi Mike, thanks for the info.
> >
> > I removed the config lines and local auth works now and the openLdap
> auth works
> > also, but when i logging with the username angel (ldap), no servers
> displayed.
> >
> >
> > Where are your connections stored? In LDAP? In a database?
> >
> > - Mike
> >
> >
>
> The connections are stored in ldap server:
>
> root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
>
> .
> .
> .
> .
>
> # zeus, craem.net
> dn: cn=zeus,dc=craem,dc=net
> objectClass: guacConfigGroup
> objectClass: groupOfNames
> cn: zeus server
> cn: zeus
> guacConfigProtocol: ssh
> guacConfigParameter: hostname=zeus
> guacConfigParameter: port=22
> member: cn=angel,ou=zarafa-users,dc=craem,dc=net
>
>
According to what you've posted, the DN of this user is "cn=Angel
Elena,cn=zarafa-users,dc=craem,dc=net", not "cn=angel,ou=...". The DN
specified in the member attribute here will not match.

- Mike

RE: ldap question

[Angel Elena]

-Mensaje original-
De: Mike Jumper 
Enviado:Lun 22-10-2018 17:49
Asunto: Re: ldap question
Para:   user@guacamole.apache.org; 
> On Mon, Oct 22, 2018 at 8:04 AM Angel Elena   > wrote:
> -Mensaje original-
> De:    Mike Jumper mailto:mjum...@apache.org> >
> Enviado:    Lun 22-10-2018 16:59
> Asunto:    Re: ldap question
> Para:    user@guacamole.apache.org  ; 
> > On Mon, Oct 22, 2018, 07:57 Angel Elena   
> >  > > wrote:
> > Hi Mike, thanks for the info.
> > 
> > I removed the config lines and local auth works now and the openLdap auth 
> works 
> > also, but when i logging with the username angel (ldap), no servers 
> > displayed.
> > 
> > 
> > Where are your connections stored? In LDAP? In a database?
> > 
> > - Mike
> > 
> > 
> 
> The connections are stored in ldap server:
> 
> root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net" 
> 
> .
> .
> .
> .
> 
> # zeus, craem.net  
> dn: cn=zeus,dc=craem,dc=net
> objectClass: guacConfigGroup
> objectClass: groupOfNames
> cn: zeus server
> cn: zeus
> guacConfigProtocol: ssh
> guacConfigParameter: hostname=zeus
> guacConfigParameter: port=22
> member: cn=angel,ou=zarafa-users,dc=craem,dc=net
> 
> 
> 
> According to what you've posted, the DN of this user is "cn=Angel 
> Elena,cn=zarafa-users,dc=craem,dc=net", not "cn=angel,ou=...". The DN 
> specified 
> in the member attribute here will not match.
> 
> - Mike
> 
> 

Ok, I try with another user:

root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"

# convidat, zarafa-users, craem.net
dn: cn=convidat,cn=zarafa-users,dc=craem,dc=net
givenName: convidat
sn: guifi
cn: convidat
uid: convidat
uidNumber: 1027
gidNumber: 500
homeDirectory: /home/users/convidat
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: radiusprofile
dialupAccess: 1


# zeus, craem.net
dn: cn=zeus,dc=craem,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: zeus server
cn: zeus
guacConfigProtocol: ssh
guacConfigParameter: hostname=zeus
guacConfigParameter: port=22
member: cn=convidat,cn=zarafa-users,dc=craem,dc=net
member: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net


With the same result no servers displayed, but i can login.

dn (distinguised name) = convidat  I think that all data is correct.


Thanks

Re: ldap question

[Mike Jumper]

On Mon, Oct 22, 2018 at 11:46 AM Angel Elena  wrote:

> ...
> >
> > # zeus, craem.net 
> > dn: cn=zeus,dc=craem,dc=net
> > objectClass: guacConfigGroup
> > objectClass: groupOfNames
> > cn: zeus server
> > cn: zeus
> > guacConfigProtocol: ssh
> > guacConfigParameter: hostname=zeus
> > guacConfigParameter: port=22
> > member: cn=angel,ou=zarafa-users,dc=craem,dc=net
> >
> >
> >
> > According to what you've posted, the DN of this user is "cn=Angel
> > Elena,cn=zarafa-users,dc=craem,dc=net", not "cn=angel,ou=...". The DN
> specified
> > in the member attribute here will not match.
> >
> > - Mike
> >
> >
>
> Ok, I try with another user:
>
> root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
>
> # convidat, zarafa-users, craem.net
> dn: cn=convidat,cn=zarafa-users,dc=craem,dc=net
> givenName: convidat
> sn: guifi
> cn: convidat
> uid: convidat
> uidNumber: 1027
> gidNumber: 500
> homeDirectory: /home/users/convidat
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: radiusprofile
> dialupAccess: 1
>
>
> # zeus, craem.net
> dn: cn=zeus,dc=craem,dc=net
> objectClass: guacConfigGroup
> objectClass: groupOfNames
> cn: zeus server
> cn: zeus
> guacConfigProtocol: ssh
> guacConfigParameter: hostname=zeus
> guacConfigParameter: port=22
> member: cn=convidat,cn=zarafa-users,dc=craem,dc=net
> member: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
>
>
> With the same result no servers displayed, but i can login.
>
> dn (distinguised name) = convidat  I think that all data is correct.
>
>
You will also need to specify the "ldap-config-base-dn" property. I don't
see this property in your earlier posts of your guacamole.properties. From
the section of the Guacamole manual covering installation and configuration
of LDAP support:

"ldap-config-base-dn
The base of the DN for all Guacamole configurations. This property is
optional. If omitted, the configurations of Guacamole connections will
simply not be queried from the LDAP directory. ..."

See: http://guacamole.apache.org/doc/gug/ldap-auth.html

- Mike

RE: ldap question

[Angel Elena]

-Mensaje original-
De: Mike Jumper 
Enviado:Lun 22-10-2018 21:01
Asunto: Re: ldap question
Para:   user@guacamole.apache.org; 
> On Mon, Oct 22, 2018 at 11:46 AM Angel Elena   > wrote:
> ...
> > 
> > # zeus, craem.net   > 
> > dn: cn=zeus,dc=craem,dc=net
> > objectClass: guacConfigGroup
> > objectClass: groupOfNames
> > cn: zeus server
> > cn: zeus
> > guacConfigProtocol: ssh
> > guacConfigParameter: hostname=zeus
> > guacConfigParameter: port=22
> > member: cn=angel,ou=zarafa-users,dc=craem,dc=net
> > 
> > 
> > 
> > According to what you've posted, the DN of this user is "cn=Angel 
> > Elena,cn=zarafa-users,dc=craem,dc=net", not "cn=angel,ou=...". The DN 
> specified 
> > in the member attribute here will not match.
> > 
> > - Mike
> > 
> > 
> 
> Ok, I try with another user:
> 
> root@asterisk:~# ldapsearch -h localhost -p 389 -x -b "dc=craem,dc=net"
> 
> # convidat, zarafa-users, craem.net  
> dn: cn=convidat,cn=zarafa-users,dc=craem,dc=net
> givenName: convidat
> sn: guifi
> cn: convidat
> uid: convidat
> uidNumber: 1027
> gidNumber: 500
> homeDirectory: /home/users/convidat
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: top
> objectClass: radiusprofile
> dialupAccess: 1
> 
> 
> # zeus, craem.net  
> dn: cn=zeus,dc=craem,dc=net
> objectClass: guacConfigGroup
> objectClass: groupOfNames
> cn: zeus server
> cn: zeus
> guacConfigProtocol: ssh
> guacConfigParameter: hostname=zeus
> guacConfigParameter: port=22
> member: cn=convidat,cn=zarafa-users,dc=craem,dc=net
> member: cn=Angel Elena,cn=zarafa-users,dc=craem,dc=net
> 
> 
> With the same result no servers displayed, but i can login.
> 
> dn (distinguised name) = convidat  I think that all data is correct.
> 
> 
> 
> You will also need to specify the "ldap-config-base-dn" property. I don't see 
> this property in your earlier posts of your guacamole.properties. From the 
> section of the Guacamole manual covering installation and configuration of 
> LDAP 
> support:
> 
> "ldap-config-base-dn
> The base of the DN for all Guacamole configurations. This property is 
> optional. 
> If omitted, the configurations of Guacamole connections will simply not be 
> queried from the LDAP directory. ..."
> 
> See: http://guacamole.apache.org/doc/gug/ldap-auth.html 
>  
> 
> - Mike
> 

OMG !! Works !!!

added ldap-config-base-dn: DC=craem,DC=net and works fine!


Thanks Mike for your time ;)

Re: Handling of simultaneous key-down and mouse-button events

[Felix Wolfheimer]

Hi Mike,

thanks for confirming that this is a kind of known behavior. Is there a
way to tweak the auto-repeat timer in Guacamole? I suppose that setting
it to a high value might give the behavior I'd need for the application
although this might lead to unexpected behavior (?) for other
applications. 

signature.asc
Description: This is a digitally signed message part

Re: Handling of simultaneous key-down and mouse-button events

[Mike Jumper]

On Mon, Oct 22, 2018 at 1:47 PM Felix Wolfheimer 
wrote:

> Hi Mike,
>
> thanks for confirming that this is a kind of known behavior. Is there a
> way to tweak the auto-repeat timer in Guacamole? I suppose that setting
> it to a high value might give the behavior I'd need for the application
> although this might lead to unexpected behavior (?) for other
> applications.


Yes. You'd be better off looking into developing some sort of autorepeat
debouncing heuristic within Guacamole.Keyboard and contributing that, as it
is something which would make sense to have even though the general case
should probably assume client-side autorepeat. The main issue is making
things work identically across the board (all browsers/platforms) and
avoiding breaking the expectations of applications and remote desktop
servers.

I wouldn't recommend just setting the timer interval to a high value.
Besides not working across all platforms, it's a nasty hack. ;)

- Mike