Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-957

Add support for querying multiple LDAP servers

    XMLWordPrintableJSON

Details

    Description

      Hello,

      we have configured guacamole with postgresql (for configuration) and LDAP (for authentication only) in version 1.0.0. The LDAP server are 3 Windows AD servers.

      We have configured guacamole LDAP auth with

      ldap-hostname: SERVER1 SERVER2 SERVER3
      

      During authentication, guacamole connects to first server. If the connection fails, it connectes to seconds server and if this connection fails to, it connects to the third server. It works great in guacamole 1.0.0. But the version 1.0.0 has problem with LDAP groups.

      So we have updated to 1.1.0. But in this configuration the multiple LDAP hosts are incorrectly parsed and login does not work with "Invalid login" on login page and following error message in the log

      13:21:24.339 [http-nio-8080-exec-16] ERROR o.a.g.a.ldap.LDAPConnectionService - Binding with the LDAP server at "SERVER1 SERVER2 SERVER3" as user "bind-dn" failed: ERR_04121_CANNOT_RESOLVE_HOSTNAME Cannot connect to the server, Hostname 'SERVER1 SERVER2 SERVER3' could not be resolved.
      13:21:24.340 [http-nio-8080-exec-16] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN "bind-dn"
      13:21:24.342 [http-nio-8080-exec-16] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from [10.0.48.1, 127.0.0.1] for user "ad.user@domain" failed.
      

      Could you verify this issue? Is there some other possible format for multiple hostnames in ldap-hostname attribute? I have already tried to use "," (comma) instead of space and to use LDAP URI format, but nothing works.

      Thank you for you answer.

      Regards,

      Robert Wolf.

      Attachments

        Activity

          People

            mjumper Mike Jumper
            wolfaba Robert Wolf
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: