Well, I do understand your problem here. You are talking about your "ldap library". I do wonder if you are aware of openldap/slapd configuring like:
database shell suffix "dc=*" add /etc/openldap/shellauth.py bind /etc/openldap/shellauth.py compare /etc/openldap/shellauth.py delete /etc/openldap/shellauth.py modify /etc/openldap/shellauth.py modrdn /etc/openldap/shellauth.py search /etc/openldap/shellauth.py unbind /etc/openldap/shellauth.py naming a python script as a do-all. Of course you can call any script-type you like. This is a way to generate a guacamole auth hook script (a bad, bloated one, but still at least one). Still this leaves - you with an obvious problem in guacamoles ldap parsing (which is useless anyway as ldap is the bloatware interface here) - me with not having obvious parameters for authentication - anyone else with his special problem with a bottle-necked guacamole auth API. -- Regards, Stephan On Tue, 30 Apr 2024 22:47:28 +0100 David Lomas <d...@pale-eds.co.uk.INVALID> wrote: > No, we’re authenticating users against a proprietary back end, and a > generic auth hook would be _so_ convenient. We had to create the ldap > server for this as you say, but people can and do use an email address when > registering with us, so supporting any conceivable email address is quite > important. I was just using this one for testing and found the problem. > > I did wonder if it might be easier to make a custom auth extension rather > than an ldap server, but since we already had a library for ldap, we tried > that first. > > On Tue, 30 Apr 2024 at 22:30, Stephan von Krawczynski <skraw...@ithnet.com> > wrote: > > > On Tue, 30 Apr 2024 17:06:43 +0100 > > David Lomas <d...@pale-eds.co.uk.INVALID> wrote: > > > > > Hi, > > > [...] > > > but if we try to authenticate using a google email address of the form ' > > > gmail.user+te...@gmail.com', the LDAP server never sees a request from > > > Guacamole. > > > [...] > > > > And here we see another perfect example of something crushed with > > bloatware. > > Instead of being able to create an auth hook script in guacamole he must > > use > > LDAP (which has a hook script option) to perform some authentication that > > has > > absolutely nothing to do with LDAP. > > David: you are authenticating the gmail user really at gmail, don't you? > > > > -- > > Regards, > > Stephan > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > > For additional commands, e-mail: user-h...@guacamole.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
