How to authenticate to Apache Guacamole using Active Directory authentication by LDAP?

2
votes

After I configured the configuration below, it doesn't connect to the Active Directory. I can't login with a account of the Active Directory. What could be the problem?

I have a Ubuntu server 18.04 with Apache Guacamole v1.0.0. installed. I want to use LDAP-authentication to authenticate users. I have downloaded the guacamole-auth-ldap-1.0.0.jar and jldap-4.3.jar extensions.

ldap-hostname: 10.10.10.21, 10.10.10.22

ldap-port: 389

ldap-user-base-dn: OU=Users,DC=zoz,DC=lan

ldap-username-attribute: CN

ldap-config-base-dn: OU=Users,DC=zoz,DC=lan

ldap-encryption-method: none

I expect it should connect to the domain controller. But when I use the command "ldapsearch" it gives me the error that it can't contact the LDAP-server.

1
active-directoryldapubuntu-18.04guacamole
It seems like a network issue (not an ldap issue). What is the output of telnet 10.10.10.21 389 on the machine that runs Guacamole ?EricLavault
The output of telnet 10.10.10.21 389> on my server is: Trying 10.10.10.21... Connected to 10.10.10.21. Escape character is '^]'.Jurre
Ok so it's not a network issue. Did you try to set just 1 host ldap-hostname: 10.10.10.21 ? Please provide any logs/error output.EricLavault
Sorry for my late reaction. In the meanwhile I added the following statements to guacamole.properties: ldap-search-bind-dn: CN=Jurre de Vries,OU=Students,OU=Users,DC=zoz,DC=lan followed by ldap-search-bind-password: ******. When I authenticate in Guacamole with username Jurre de Vries and password ******. The error I get in Guacamole is: Unable to query list of objects from LDAP directory. While catalina.out says: [http-nio-8080-exec-1] INFO o.a.g.r.auth.AuthenticationService - User "Jurre de Vries" succesfully authenticated from 10.70.247.171.Jurre

1 Answers

0
votes

Please try this

ldap-hostname: 
ldap-port:
ldap-username-attribute: sAMAccountName
ldap-encryption-method: none
ldap-search-bind-dn: [email protected]
ldap-search-bind-password: password
ldap-config-base-dn: dc=domain,dc=local
ldap-user-base-dn: OU=myou,DC=domain,DC=local
ldap-user-search-filter:(objectClass=user)(!(objectCategory=computer))
ldap-max-search-results:400

Restart Tomcat and gucad