Authenticate ldap for different OU in AD Neth nethserver

Hi everyone, I use an ubuntu server with guacamole. I installed the ldap module to authenticate users on neth 7 and everything works!
Noin I am able to authenticate users who are on additional OUs eg. OU = employees OU = guests etc.
If I connect windows linux machines to log into the whole AD tree including the OU it works. Unfortunately on the guacamole server I am limited only to OU users.
The bind diu guacamole is this:
ldap-user-base-dn: CN = Users, DC = ad, DC = internal2, DC = lan
ldap-search-bind-dn: CN = admin, CN = Users, DC = ad, DC = internal2, DC = lan
ldap-search-bind-password: pwd

How do I add the other OUs ??

Did you try without Users like

DC=ad,DC=internal2,DC=lan ?

I think it’s also possible to set more OUs with ldap-user-search-filter but I didn’t test…

1 Like

I tried as you told me and restart of guacd, without systemctl daemon reload. You see all the groups and users alike but those belonging to the other OUs nothing to do …

Check if any of these examples help:

You can still choose who should have access and who shouldn’t by using an ldap filter via the file with something like:

ldap-user-search-filter:(memberOf=CN=GuacUsers,OU=Security Groups,OU=SomeOtherContainer,DC=companydomain,DC=local)

That’s effectively limiting login to only members of that group by only searching against that group’s membership.


Another example.


Thanks for your directions, I’ll try to see if I can get user queries to work in other OUs

If you keep your LDAP search 1 level up then LDAPsearch should find any other OU’s, right? (more or less what @mrmarkuz suggested.

1 Like

The windows, linux client stations accredited on AD neth server login username from different OUs without any problem. On the ubuntu server only the User of the server, the OUs are ignored.
I don’t understand why the entire tree including the additional OUs is not processed.Also I noticed that my pfsense also has the same problem regarding the other OUs.
Here is the basic cfg:
If as of Markuz I can actually see and select all OUs:
However, if I select all the context of the OU, the authentic ones don’t work !!!

hi Markuz I have tried the user base dn only with the domino (ad.internal2.lan). I had to leave the rest for the binding. Users of other OUs are now authenticated.

1 Like