Using Nethserver's LDAP to authenticate users in Guacamole

MagicFab · January 18, 2018, 11:30pm

NethServer Version: 7.4.1708 (Final)
Module: Domain accounts

I am testing Nethserver with Guacamole 0.9.9 on Debian 9 (installed following this guide) and I’d like to authenticate Guacamole’s users against Nethserver LDAP directory.

Here is the relevant portion of /etc/guacamole/guacamole.properties:

#LDAP properties
 
ldap-hostname: 192.168.X.X
ldap-user-base-dn: ou=People,dc=directory,dc=nh

I’ve confirmed the Nethserver LDAP service is available from elsewhere in my network with Apache Directory Studio, but I always get an “Invalid Login” error from the Guacamole web UI. I can’t seem to find any useful information or relevant errors in any Nethserver logs.

How can I enable more detailed debug logging in Nethserver? Where should I look for LDAP authentication attempts/error details?

If anyone is using this (or similar) setup or authenticating from other application I’d appreciate any help.

robb · January 19, 2018, 2:13pm

Is your LDAP dn structure like you are trying to connect? IE: is the users dn called: People.directory.nh? What info do you see in NethServer webadmin page under Status/domain accounts?

MagicFab · February 16, 2018, 5:51pm

Sorry I didn’t reply earlier. For now we’re using MariaDB on the same server to authenticate users. We’re rebuilding our Nethserver test environment and I won’t be able to test this again before some time.

robb · February 16, 2018, 6:11pm

You can always dryrun in something like virtualbox…