On Fri, Jun 14, 2019, 14:35 sciUser wrote:
> Yes, you are correct this is because Guacamole is Linux based, if you force
> non-case sensitive on the Linux system for LDAP, this will break the
> security of the box. I have found it best to have a parse interpreter
> taking upper case make them lo
Yes, you are correct this is because Guacamole is Linux based, if you force
non-case sensitive on the Linux system for LDAP, this will break the
security of the box. I have found it best to have a parse interpreter
taking upper case make them lower when talking to Linux.
Thank You
-
A Cyb
Yes, but my point was that when guacamole reads the username from the login
form and does the LDAP query against AD, the marching is done case
sensitively, and will fail if your AD sAMAccountName or cn is in mixed case.
For example: AD user JoeUser can login to their Windows workstation as
"joeuse
Windows usernames by default are not case sensitive, Active directory is case
aware, unless you enable it to be case sensitive.
Thank You
-
A Cybersecurity Enablement Company
We don't just run you through the motions, Our labs teach you how to think!
Known good Guacamole installations
Since I see that the OP is authenticating against AD via LDAP, I just want
to throw this out there: AD stores the cn or sAMAccountName attribute
case-sensitively. Guacamole doesn't do a case-insensitive match (whereas
Windows login does), so I had to make sure that my sAMAccountName / cn
attributes
On Fri, Jun 14, 2019, 07:06 Zer0Cool wrote:
> Pardon my ignorance, but let me make sure I follow.
>
> So you are saying that the ldap filter (and thus results) are likely
> up-to-date but that the database side of the account does not get
> deleted/removed from the database when there is no longe
Pardon my ignorance, but let me make sure I follow.
So you are saying that the ldap filter (and thus results) are likely
up-to-date but that the database side of the account does not get
deleted/removed from the database when there is no longer a matching LDAP
account to go with it?
So I would as
On Tue, Jun 11, 2019 at 5:34 AM Zer0Cool wrote:
> Guac: 1.0.0
> OS: CentOS 7.6
>
> Using the LDAP extension to connect with a pretty simple AD and using a
> mariaDB database for authentication/users (aka not changing the AD/LDAP
> side) with LDAPS.
>
> Using the following filter via "ldap-user-se
Guac: 1.0.0
OS: CentOS 7.6
Using the LDAP extension to connect with a pretty simple AD and using a
mariaDB database for authentication/users (aka not changing the AD/LDAP
side) with LDAPS.
Using the following filter via "ldap-user-search-filter" in
guacamole.properties:
(&(objectCategory=person)