[
https://issues.apache.org/jira/browse/GUACAMOLE-957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17432758#comment-17432758
]
Mike Jumper commented on GUACAMOLE-957:
---------------------------------------
If anyone is interested in testing my WIP changes for this, I've created a
draft PR:
https://github.com/apache/guacamole-client/pull/648
The above changes add support for defining multiple LDAP servers in a flexible
YAML file, relying on {{guacamole.properties}} for defaults and for the
single-server case only. The YAML file allows these multiple servers to provide
failover or to serve specific segments of users based on username patterns that
can be recognized prior to reaching out via LDAP (such as Active Directory
domain).
> Add support for querying multiple LDAP servers
> ----------------------------------------------
>
> Key: GUACAMOLE-957
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-957
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-ldap
> Reporter: Robert Wolf
> Assignee: Mike Jumper
> Priority: Minor
>
> Hello,
> we have configured guacamole with postgresql (for configuration) and LDAP
> (for authentication only) in version 1.0.0. The LDAP server are 3 Windows AD
> servers.
> We have configured guacamole LDAP auth with {noformat}
> ldap-hostname: SERVER1 SERVER2 SERVER3
> {noformat}
> During authentication, guacamole connects to first server. If the connection
> fails, it connectes to seconds server and if this connection fails to, it
> connects to the third server. It works great in guacamole 1.0.0. But the
> version 1.0.0 has problem with LDAP groups.
> So we have updated to 1.1.0. But in this configuration the multiple LDAP
> hosts are incorrectly parsed and login does not work with "Invalid login" on
> login page and following error message in the log {noformat}
> 13:21:24.339 [http-nio-8080-exec-16] ERROR o.a.g.a.ldap.LDAPConnectionService
> - Binding with the LDAP server at "SERVER1 SERVER2 SERVER3" as user "bind-dn"
> failed: ERR_04121_CANNOT_RESOLVE_HOSTNAME Cannot connect to the server,
> Hostname 'SERVER1 SERVER2 SERVER3' could not be resolved.
> 13:21:24.340 [http-nio-8080-exec-16] ERROR
> o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN
> "bind-dn"
> 13:21:24.342 [http-nio-8080-exec-16] WARN o.a.g.r.auth.AuthenticationService
> - Authentication attempt from [10.0.48.1, 127.0.0.1] for user
> "ad.user@domain" failed.
> {noformat}
> Could you verify this issue? Is there some other possible format for multiple
> hostnames in *ldap-hostname* attribute? I have already tried to use ","
> (comma) instead of space and to use LDAP URI format, but nothing works.
> Thank you for you answer.
> Regards,
> Robert Wolf.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
