Hello, if my experience is useful, I did this:
LDAP_HOSTNAME: "ip_addr_dc"
LDAP_PORT: "389"
LDAP_ENCRYPTION_METHOD: "none"
LDAP_SEARCH_BIND_DN: "CN = guacamoleadmin, OU = domaim, DC = local"
LDAP_SEARCH_BIND_PASSWORD: "password"
LDAP_USER_BASE_DN: "OU = NET, DC = domain, DC = local"
LDAP_USERNAME_ATTRIBUTE: "samAccountName"
LDAP_GROUP_BASE_DN: "OU = Group, DC = domain, DC = local"
LDAP_GROUP_NAME_ATTRIBUTE: "cn"
LDAP_FOLLOW_REFERRALS: "false"
LDAP_USER_SEARCH_FILTER: "(& (objectClass = *) (memberOf = CN =
rdp-user, OU = Group, DC = domain, DC = local))"
26.10.2021 05:31, Maik Heinelt пишет:
I am not getting LDAP authentication with my Windows 2019 server to work.
My guacamole.properties looks as following:
guacd-hostname: localhost
guacd-port: 4822
GUACAMOLE_HOME: /etc/guacamole
auth-provider:
net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider
# LDAP properties
ldap-hostname: MyWin2019Server
ldap-port: 389
ldap-encryption-method: none
ldap-username-attribute: sAMAccountName
ldap-user-base-dn: OU=Users,DC=mydomain,DC=local
ldap-search-bind-dn: CN=Administrator,CN=Users,DC=mydomain,DC=local
ldap-search-bind-password: GoodPassword
I got the ldap-search-bind-dn from the server LDAP admin properties >>
Attribute Editor >> distinguishedName , so I am pretty sure this should
be correct.
I am able to reach the LDAP without errors with using SSL or also no
encryption via Guacamole server command line using ldapsearch.
When looking at the catalina.out log file, there is no error or warning
shown when I try to authenticate via LDAP.
Just a "WARN o.a.g.r.auth.AuthenticationService - Authentication
attempt from153.156.182.53 <callto:153.156.182.53>for user "MyUser" failed."
Please correct me if I am wrong, but my understanding is, I should be
able to authenticate with every user with its account name who is at the
Users OU.
Maik
--
С уважением Голота С.В.
Администратор компьютерной сети
AO "Тургай-Петролеум"
e-mail:sgol...@turgai.kz
сот. +77772435230
раб. +77242261610