Am 16.02.21 um 14:26 schrieb Thomas Besser:
Am 16.02.21 um 09:45 schrieb Mike Jumper:2) Make sure Guacamole is configured to retrieve user groups from LDAP.Yes, I forgot that I read about that a few days ago. I tried once without success to retrieve groups from LDAP. But that may be based on the complex situation regarding LDAP here. It's a centralized LDAP server, I can access all relevant users and groups (according to LDAP_SEARCH_BIND_DN, like cn=admin,dc=example,dc=org), but this account is not within LDAP_USER_BASE_DN or LDAP_GROUP_BASE_DN. So it is not possible to login to guacamole web interface with this account. If I read https://guacamole.apache.org/doc/gug/ldap-auth.html correct, it should be possible, to create that LDAP group manually in database with the same name!? Adding a user (without a password) and configure connections to this does work. But creating a group with the same name as in LDAP does not. The according ldap group is of type "posixGroup" with "memberUid" as "ldap-member-attribute" and "uid" as "ldap-member-attribute-type". Probably that is the reaseon. https://guacamole.apache.org/doc/gug/guacamole-docker.html#guacamole-docker-ldap does not mention anything to configure this with "optional environment variables" I tried to set environment variables for docker: -e LDAP_MEMBER_ATTRIBUTE=memberUid \ -e LDAP_MEMBER_ATTRIBUTE_TYPE=uid \ But did not work.
A look into the docker container "guacamole" shows that the environment variables above found the way into the file "guacamole.properties". There now exists two lines with...
ldap-member-attribute: memberUid ldap-member-attribute-type: uidBut still no connections are shown when I login with a ldap account which is member of the configured group.
Am I missing something else? Regards Thomas -- Karlsruher Institut für Technologie (KIT) archIT [IT-Management der Fakultät Architektur] Dipl.-Ing. Thomas Besser Gebäude 11.40, Raum 010 | Fon +49 721 608 46024 http://www.arch.kit.edu/fakultaet/it-management.php KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
smime.p7s
Description: S/MIME Cryptographic Signature
