[jira] [Commented] (GUACAMOLE-1881) ${GUAC_USERNAME} name become domainname\username multiple LDAPS

Wed, 15 Nov 2023 07:41:46 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17786410#comment-17786410
 ] 

Nick Couchman commented on GUACAMOLE-1881:
------------------------------------------

FWIW, my experience with RDP - at least of the Windows variety - is that it is 
tolerant of the domain name as part of the username field. I'm able to log onto 
a server via RDP using any of the following username formats:
* John_Smith
* john_sm...@domain.com
* DOMAIN\John_Smith

On Linux, depending on how you configure authentication, either via Winbind or 
SSSD, it is also possible to use multiple username formats and have 
authentication be accepted.

> ${GUAC_USERNAME} name become domainname\username multiple LDAPS
> ---------------------------------------------------------------
>
>                 Key: GUACAMOLE-1881
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1881
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap, guacamole-client
>            Reporter: Josna Battula
>            Priority: Minor
>         Attachments: image-2023-11-15-12-03-22-508.png
>
>
> As per 
> [documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
>  for example we are configuring guacamole to use multiple LDAP's  in 
> `ldap-servers.yaml` like below, with `match-usernames` option
> {code:java}
> - hostname: dc1.example.net
>   user-base-dn: ou=Users,dc=example,dc=net
>   username-attribute: sAMAccountName
>   search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
>   search-bind-password: SomePassword!
>   match-usernames: COMPANYA\\(.*)
> - hostname: dc2.example.net
>   user-base-dn: ou=Users,dc=example,dc=net
>   username-attribute: sAMAccountName
>   search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
>   search-bind-password: SomePassword! 
>   match-usernames: COMPANYB\\(.*){code}
> In this case, to login i have to use `domain\username`. so after successful 
> login ${GUAC_USERNAME} =>  `domain/username`.
> Where as for single LDAP configuration in `guacamole.properties` 
> ${GUAC_USERNAME} => `username`.
> This is causing us to use ${GUAC_USERNAME}  as username in RDP session 
> connection.
>  
>  
> How about doing, when user log-in into Guacamole extract domain name and 
> username from DOMAIN\username, load into new variables
>  # 
>  ## Put username into  ${GUAC_USERNAME_ID}
>  ## Domain name into ${GUAC_USERNAME_DOMAIN}
> so we can use different variables when multiple LDAP's enabled.
>  
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to