RE: guacamole-auth-ldap Performance

[Niubbo75]

Hi Chris,
no, I do not use such parameters in my conf, exept for:

ldap-username-attribute: sAMAccountName

and the other basic parameters needed to bind, my AD is really simple, I
have my users in a single OU, after successful login I do not have your
warning, I get only 

$time [http-nio-8080-exec-4] o.a.r.g.auth.AuthenticationService - User
"$username" successfully authenticated from $user_IP_Address.

and I get the same message twice because I'm using TOTP.

If this can help, I'm using LDAP module from 1.0.0 on guacamole 1.1.0, with
LDAP module from 1.1.0 I had have lots of issue starting from seeing users
in guacamole and a lot of warning messages after each successfully logon.



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

RE: guacamole-auth-ldap Performance

[Chris Lee]

Hi Alessandro,

About AD 600 users.

Did you use setting like following:

ldap-username-attribute: sAMAccountName
ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))
ldap-max-search-results:400

Beside, do you got following msg after success auth

Apr 16 18:16:58 server[313781]: 18:16:58.663 [NioProcessor-98] WARN  
o.a.d.a.l.m.entry.DefaultAttribute - ERR_13207_VALUE_ALREADY_EXISTS The value 
'CN=ABC,OU=Domain Controllers,DC=example,DC=com' already exists in the 
attribute (msDS-RevealedDSAs)

Regards,
Chris

-Original Message-
From: Niubbo75 
Sent: Thursday, April 16, 2020 4:47 PM
To: user@guacamole.apache.org
Subject: Re: guacamole-auth-ldap Performance

Hi Chris,
we are using LDAP in our AD and we do not see any issue, our AD is quiet small 
(about 50 users), maybe that's why we do not see problem, how big is your AD?

For what I think to have understand, LDAP will query DB on every connection, 
but it still not querying AD DB during connection time (infact, if you try to 
add or remove users from AD and you check if there are changed on guacamole 
side, you do not see them untill you log off and log on again on guacamole).

Alessandro



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org



This message and its attachment (if any) are strictly confidential and sent to 
the designated recipient(s) only. If you are not the intended recipient, please 
notify the sender by e-mail and delete this message and its attachment (if any) 
from your computer system immediately . Century City International Holdings 
Limited, Paliburg Holdings Limited, Regal Hotels International Holdings 
Limited, its respective related subsidiaries, associated companies and 
affiliates do not guarantee this message and its attachment (if any) are free 
of computer virus and would not accept any liability whatsoever arising from 
Internet transmission.

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: guacamole-auth-ldap Performance

[Niubbo75]

Hi Chris,
we are using LDAP in our AD and we do not see any issue, our AD is quiet
small (about 50 users), maybe that's why we do not see problem, how big is
your AD?

For what I think to have understand, LDAP will query DB on every connection,
but it still not querying AD DB during connection time (infact, if you try
to add or remove users from AD and you check if there are changed on
guacamole side, you do not see them untill you log off and log on again on
guacamole).

Alessandro



--
Sent from: 
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org