[
https://issues.apache.org/jira/browse/GUACAMOLE-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper updated GUACAMOLE-1881:
-----------------------------------
Description:
As per
[documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
for example we are configuring guacamole to use multiple LDAP's in
{{ldap-servers.yaml}} like below, with `match-usernames` option
{code:none}
- hostname: dc1.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYA\\(.*)
- hostname: dc2.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYB\\(.*)
{code}
In this case, to login i have to use {{domain\username}}. So after successful
login ${GUAC_USERNAME} => {{domain/username}}.
Whereas for single LDAP configuration in {{guacamole.properties}}
${GUAC_USERNAME} => {{username}}.
This is causing us to use ${GUAC_USERNAME} as username in RDP session
connection.
How about doing, when user log-in into Guacamole extract domain name and
username from DOMAIN\username, load into new variables:
* Put username into ${GUAC_USERNAME_ID}
* Domain name into ${GUAC_USERNAME_DOMAIN}
So we can use different variables when multiple LDAP's enabled.
I can able to fetch username using configuration in guacamole.properties
{{ldap-user-attributes: sAMAccountName}} into ${LDAP_SAMACCOUNTNAME}
So proposing just extract domain name into ${LDAP_DOMAIN_NAME} is enough. I
have raised pull request for this
https://github.com/apache/guacamole-client/pull/931
was:
As per
[documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
for example we are configuring guacamole to use multiple LDAP's in
`ldap-servers.yaml` like below, with `match-usernames` option
{code:java}
- hostname: dc1.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYA\\(.*)
- hostname: dc2.example.net
user-base-dn: ou=Users,dc=example,dc=net
username-attribute: sAMAccountName
search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
search-bind-password: SomePassword!
match-usernames: COMPANYB\\(.*){code}
In this case, to login i have to use `domain\username`. so after successful
login ${GUAC_USERNAME} => `domain/username`.
Where as for single LDAP configuration in `guacamole.properties`
${GUAC_USERNAME} => `username`.
This is causing us to use ${GUAC_USERNAME} as username in RDP session
connection.
-How about doing, when user log-in into Guacamole extract domain name and
username from DOMAIN\username, load into new variables-
#
## -Put username into ${GUAC_USERNAME_ID}-
## -Domain name into ${GUAC_USERNAME_DOMAIN}-
s{-}o we can use different variables when multiple LDAP's enabled.{-}
I can able to fetch username using configuration in guacamole.properties
`ldap-user-attributes: sAMAccountName` into ${LDAP_SAMACCOUNTNAME}
So proposing just extract domain name into ${LDAP_DOMAIN_NAME} is enough. I
have raised pull request for this
https://github.com/apache/guacamole-client/pull/931
> ${GUAC_USERNAME} name become domainname\username multiple LDAPS
> ---------------------------------------------------------------
>
> Key: GUACAMOLE-1881
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1881
> Project: Guacamole
> Issue Type: Improvement
> Components: Documentation, guacamole-auth-ldap, guacamole-client
> Reporter: Josna Battula
> Priority: Minor
> Fix For: 1.6.0
>
> Attachments: image-2023-11-15-12-03-22-508.png
>
>
> As per
> [documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
> for example we are configuring guacamole to use multiple LDAP's in
> {{ldap-servers.yaml}} like below, with `match-usernames` option
> {code:none}
> - hostname: dc1.example.net
> user-base-dn: ou=Users,dc=example,dc=net
> username-attribute: sAMAccountName
> search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
> search-bind-password: SomePassword!
> match-usernames: COMPANYA\\(.*)
> - hostname: dc2.example.net
> user-base-dn: ou=Users,dc=example,dc=net
> username-attribute: sAMAccountName
> search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
> search-bind-password: SomePassword!
> match-usernames: COMPANYB\\(.*)
> {code}
> In this case, to login i have to use {{domain\username}}. So after successful
> login ${GUAC_USERNAME} => {{domain/username}}.
> Whereas for single LDAP configuration in {{guacamole.properties}}
> ${GUAC_USERNAME} => {{username}}.
> This is causing us to use ${GUAC_USERNAME} as username in RDP session
> connection.
> How about doing, when user log-in into Guacamole extract domain name and
> username from DOMAIN\username, load into new variables:
> * Put username into ${GUAC_USERNAME_ID}
> * Domain name into ${GUAC_USERNAME_DOMAIN}
> So we can use different variables when multiple LDAP's enabled.
> I can able to fetch username using configuration in guacamole.properties
> {{ldap-user-attributes: sAMAccountName}} into ${LDAP_SAMACCOUNTNAME}
> So proposing just extract domain name into ${LDAP_DOMAIN_NAME} is enough. I
> have raised pull request for this
> https://github.com/apache/guacamole-client/pull/931
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
