[
https://issues.apache.org/jira/browse/GUACAMOLE-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17950389#comment-17950389
]
sbcbus edited comment on GUACAMOLE-2051 at 5/8/25 11:00 PM:
------------------------------------------------------------
So I have tried adding some logging statements to
{{AuthenticationProviderService.java}} to maybe help me figure out what's going
on. I am not proficient in Java so not sure if I am printing out a "Map" right,
but tried this section:
{code:java}
...
private Map<String, String> getUserTokens(ConnectedLDAPConfiguration config,
Credentials credentials)
throws GuacamoleException { // Get attributes from
configuration information
logger.info("LDAP: Getting user attributes...");
Collection<String> attrList = config.getAttributes(); // If
there are no attributes there is no reason to search LDAP
if (attrList.isEmpty())
{
logger.error("LDAP: there are no attributes found or configured.");
return Collections.<String, String>emptyMap();
} // Build LDAP query parameters
String[] attrArray = attrList.toArray(new String[attrList.size()]);
logger.info("LDAP: \"{}\" ", Arrays.toString(attrArray));
Map<String, String> tokens = new HashMap<>();
try { // Get LDAP attributes by querying LDAP
Entry userEntry =
config.getLDAPConnection().lookup(config.getBindDN(), attrArray);
if (userEntry == null) {
logger.info("LDAP: userEntry is null");
return Collections.<String, String>emptyMap();
} Collection<Attribute> attributes =
userEntry.getAttributes();
if (attributes == null)
{
logger.info("LDAP: no attributes found");
return Collections.<String, String>emptyMap();
} // Convert each retrieved attribute into a
corresponding token
for (Attribute attr : attributes) {
logger.info("LDAP: found attributes...");
logger.info("LDAP: LDAP ATTRIBUTE: \"{}\" - LDAP VALUE:
\"{}\".", attr.getId(), attr.getString());
tokens.put(TokenName.canonicalize(attr.getId(),
LDAP_TOKEN_PREFIX), attr.getString());
} String mapString = tokens.toString();
logger.info("LDAP: MAP: \"{}\" ", mapString);
for (Map.Entry entry : tokens.entrySet())
{
logger.info("key: " + entry.getKey() + "; value: " +
entry.getValue());
}
}
catch (LdapException e) {
throw new GuacamoleServerException("Could not query LDAP user
attributes.", e);
} // Extract the domain (ie: Windows / Active Directory domain)
from the
// user's credentials
String domainName = getUserDomain(credentials);
if (domainName != null)
tokens.put(LDAP_DOMAIN_TOKEN, domainName); return tokens;
}
...
{code}
And get the following output (sanitized). It shows the attributes being read,
but then the map is empty so any tips on how to show that or another method to
print out all the LDAP attributes?
{noformat}
22:53:23.798 [http-nio-8080-exec-10] DEBUG
o.a.g.a.l.AuthenticationProviderService - LDAP server "ldaps1.domain.edu"
matched username "sbarnhart" as "sbarnhart".
22:53:24.632 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - User "sbarnhart" was successfully
authenticated by LDAP server "ldaps.bcd.it.osu.edu".
22:53:25.917 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: Getting user attributes...
22:53:25.917 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP:
"[OSUrdpWS01,OSUrdpWS02,OSUrdpWS03,cn]"
22:53:25.937 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: MAP: "{}"
22:53:29.966 [http-nio-8080-exec-6] DEBUG
o.a.g.a.l.AuthenticationProviderService - LDAP server "ldaps2.domain.edu"
matched username "sbarnhart" as "sbarnhart".
22:53:30.166 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - User "sbarnhart" was successfully
authenticated by LDAP server "ldaps.bcd.it.osu.edu".
22:53:30.946 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: Getting user attributes...
22:53:30.946 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP:
"[OSUrdpWS01,OSUrdpWS02,OSUrdpWS03,cn]"
22:53:30.956 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: MAP: "{}" {noformat}
was (Author: JIRAUSER299297):
So I have tried adding some logging statements to
`AuthenticationProviderService.java` to maybe help me figure out what's going
on. I am not proficient in Java so not sure if I am printing out a "Map" right,
but tried this section:
{code:java}
...
private Map<String, String> getUserTokens(ConnectedLDAPConfiguration config,
Credentials credentials)
throws GuacamoleException { // Get attributes from
configuration information
logger.info("LDAP: Getting user attributes...");
Collection<String> attrList = config.getAttributes(); // If
there are no attributes there is no reason to search LDAP
if (attrList.isEmpty())
{
logger.error("LDAP: there are no attributes found or configured.");
return Collections.<String, String>emptyMap();
} // Build LDAP query parameters
String[] attrArray = attrList.toArray(new String[attrList.size()]);
logger.info("LDAP: \"{}\" ", Arrays.toString(attrArray));
Map<String, String> tokens = new HashMap<>();
try { // Get LDAP attributes by querying LDAP
Entry userEntry =
config.getLDAPConnection().lookup(config.getBindDN(), attrArray);
if (userEntry == null) {
logger.info("LDAP: userEntry is null");
return Collections.<String, String>emptyMap();
} Collection<Attribute> attributes =
userEntry.getAttributes();
if (attributes == null)
{
logger.info("LDAP: no attributes found");
return Collections.<String, String>emptyMap();
} // Convert each retrieved attribute into a
corresponding token
for (Attribute attr : attributes) {
logger.info("LDAP: found attributes...");
logger.info("LDAP: LDAP ATTRIBUTE: \"{}\" - LDAP VALUE:
\"{}\".", attr.getId(), attr.getString());
tokens.put(TokenName.canonicalize(attr.getId(),
LDAP_TOKEN_PREFIX), attr.getString());
} String mapString = tokens.toString();
logger.info("LDAP: MAP: \"{}\" ", mapString);
for (Map.Entry entry : tokens.entrySet())
{
logger.info("key: " + entry.getKey() + "; value: " +
entry.getValue());
}
}
catch (LdapException e) {
throw new GuacamoleServerException("Could not query LDAP user
attributes.", e);
} // Extract the domain (ie: Windows / Active Directory domain)
from the
// user's credentials
String domainName = getUserDomain(credentials);
if (domainName != null)
tokens.put(LDAP_DOMAIN_TOKEN, domainName); return tokens;
}
...
{code}
And get the following output (sanitized). It shows the attributes being read,
but then the map is empty so any tips on how to show that or another method to
print out all the LDAP attributes?
{noformat}
22:53:23.798 [http-nio-8080-exec-10] DEBUG
o.a.g.a.l.AuthenticationProviderService - LDAP server "ldaps1.domain.edu"
matched username "sbarnhart" as "sbarnhart".
22:53:24.632 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - User "sbarnhart" was successfully
authenticated by LDAP server "ldaps.bcd.it.osu.edu".
22:53:25.917 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: Getting user attributes...
22:53:25.917 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP:
"[OSUrdpWS01,OSUrdpWS02,OSUrdpWS03,cn]"
22:53:25.937 [http-nio-8080-exec-10] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: MAP: "{}"
22:53:29.966 [http-nio-8080-exec-6] DEBUG
o.a.g.a.l.AuthenticationProviderService - LDAP server "ldaps2.domain.edu"
matched username "sbarnhart" as "sbarnhart".
22:53:30.166 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - User "sbarnhart" was successfully
authenticated by LDAP server "ldaps.bcd.it.osu.edu".
22:53:30.946 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: Getting user attributes...
22:53:30.946 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP:
"[OSUrdpWS01,OSUrdpWS02,OSUrdpWS03,cn]"
22:53:30.956 [http-nio-8080-exec-6] INFO
o.a.g.a.l.AuthenticationProviderService - LDAP: MAP: "{}" {noformat}
> LDAP user attributes do not work when specified in ldap-servers.yml, at all
> with 1.6.0+
> ---------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-2051
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2051
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.5.5
> Environment: Docker
> Reporter: sbcbus
> Priority: Major
>
> 2 issues, but both related in the end. It made it a bit difficult to
> troubleshoot due to the variance.
> +In 1.5.5:+
> It seems "user-attributes:" does not work when specified in ldap-servers.yml.
> We recently had a change where we added an additional LDAP source so moved
> the entire config to there. Our connections that rely on custom attributes
> for the connection host name stopped working. *Uncommenting
> ldap-user-attributes: ... in guacamole.properties is a workaround.*
>
> +1.6.0:+
> The attributes do not seem to work *at all* in latest staging/1.6.0 branch.
> ldap-user-attributes: customAttributeName nor specifying it in ldap-users.yml
> as user-attributes: customAttributeName. Guacd logs shows the error as
> incorrect host name/dns error seemingly confirming it not being read.
> Reverting docker back to 1.5.5 results in case above.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
