After upgrading from 1.1.0 to 1.2.0, guacamole issues the error "Unable to query list of objects from LDAP directory"

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

After upgrading from 1.1.0 to 1.2.0, guacamole issues the error "Unable to query list of objects from LDAP directory"

ewithers
I originally reported this on the Apache JIRA
(https://issues.apache.org/jira/browse/GUACAMOLE-1119) per the instructions
at the bottom of the page https://hub.docker.com/r/guacamole/guacamole but I
was told I should report it here instead.

We run guacamole in a docker container on an Ubuntu Linux machine.  We use
Postgres for the database and secure LDAP for authentication connecting to
Azure Active Directory Domain Services.  We have been running this
configuration with version 1.1.0 of guacamole and guacd since at least last
August.  The update to 1.2.0 broke that integration.

Symptom: User attempts to log in, after entering username and password,
there is a long delay and then the error "Unable to query list of objects
from LDAP directory" appears at the top of the screen and the user remains
at the login page.  

docker logs show that the user successfully authenticated.  

tcpdump shows traffic flowing between the guacamole container and the LDAP
server.

Reverting back to version 1.1.0 "solved" the problem.

We suspect that the new LDAP configuration options changed a default
behavior to something that is incompatible with the Azure ADDS schema.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: After upgrading from 1.1.0 to 1.2.0, guacamole issues the error "Unable to query list of objects from LDAP directory"

Henri Alves de Godoy
Hi all

I have the same behavior that I posted on the list also on ldap 1.2.0

In addition to the 8 to 12 second delay to connect

I realized that the delay happens because he keeps trying to fetch ldap objects

I await some configuration solution to solve this problem.

Att
Henri

Em qui., 2 de jul. de 2020 às 10:49, ewithers <[hidden email]> escreveu:
I originally reported this on the Apache JIRA
(https://issues.apache.org/jira/browse/GUACAMOLE-1119) per the instructions
at the bottom of the page https://hub.docker.com/r/guacamole/guacamole but I
was told I should report it here instead.

We run guacamole in a docker container on an Ubuntu Linux machine.  We use
Postgres for the database and secure LDAP for authentication connecting to
Azure Active Directory Domain Services.  We have been running this
configuration with version 1.1.0 of guacamole and guacd since at least last
August.  The update to 1.2.0 broke that integration.

Symptom: User attempts to log in, after entering username and password,
there is a long delay and then the error "Unable to query list of objects
from LDAP directory" appears at the top of the screen and the user remains
at the login page. 

docker logs show that the user successfully authenticated. 

tcpdump shows traffic flowing between the guacamole container and the LDAP
server.

Reverting back to version 1.1.0 "solved" the problem.

We suspect that the new LDAP configuration options changed a default
behavior to something that is incompatible with the Azure ADDS schema.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



--
-- 
Henri Alves Godoy
Tecnologia da Informação e Comunicação
Faculdade de Ciências Aplicadas - FCA
Universidade Estadual de Campinas - UNICAMP
Fone: (19) 3701-6682
Reply | Threaded
Open this post in threaded view
|

Re: After upgrading from 1.1.0 to 1.2.0, guacamole issues the error "Unable to query list of objects from LDAP directory"

vnick
On Thu, Jul 2, 2020 at 9:58 AM Henri Alves de Godoy <[hidden email]> wrote:
Hi all

I have the same behavior that I posted on the list also on ldap 1.2.0

In addition to the 8 to 12 second delay to connect

I realized that the delay happens because he keeps trying to fetch ldap objects


The delays are also much higher when you leave debug logging enabled within the web application.  The Apache Directory API logs a *lot* of information, and it takes a long time when anything higher than WARN-level logging is enabled.  If you turn on debug logging for Guacamole Client in order to debug issues, make sure to turn it back off when you're done.

-Nick