LDAP - guacConfigParameter only possible once

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP - guacConfigParameter only possible once

EagleEye
Dear List,

I got a little problem here with my LDAP Setup.
I have Guacamole running without problems and reading LDAP entrys correct
(login and connections working).

Unfortunately i am unable to set guacConfigParameter more than once for a
guacConfigGroup entry...
Looking at the schema file i cant find anything wrong but when adding a
second attribute entry i get following message:

ERROR [LDAP: error code 18 - modify/add: guacConfigParameter: no equality
matching rule]

I really need to specify a second entry because else i am unable to connect
to a Win10 VM (need hostname and security).
Already tried to add via LDIF but only one entry for guacConfigParameter
remains after adding.

Anyone knows why this could happening?

Greetings,
EagleEye



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - guacConfigParameter only possible once

Mike Jumper
On Fri, Mar 30, 2018, 08:00 EagleEye <[hidden email]> wrote:
Dear List,

I got a little problem here with my LDAP Setup.
I have Guacamole running without problems and reading LDAP entrys correct
(login and connections working).

Unfortunately i am unable to set guacConfigParameter more than once for a
guacConfigGroup entry...
Looking at the schema file i cant find anything wrong but when adding a
second attribute entry i get following message:

ERROR [LDAP: error code 18 - modify/add: guacConfigParameter: no equality
matching rule]

I really need to specify a second entry because else i am unable to connect
to a Win10 VM (need hostname and security).

The schema for guacConfigGroup should already allow this.

Already tried to add via LDIF but only one entry for guacConfigParameter
remains after adding.

Anyone knows why this could happening?

Can you post the LDIF for the guacConfigGroup in question?

What LDAP server are you using?

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: LDAP - guacConfigParameter only possible once

EagleEye
Hi Mike,

I am using following LDAP Server:

@(#) $OpenLDAP: slapd  (Apr 14 2017 14:01:06) $
       
buildd@bm-wb-03:/build/openldap-pdyzMj/openldap-2.4.40+dfsg/debian/build/servers/slapd

The LDIF in question looks like this one:

dn: cn=windows,ou=guacamole,ou=Groups,dc=example,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
objectClass: top
cn: windows
guacConfigProtocol: rdp
guacConfigParameter: hostname=windows
guacConfigParameter: security=tls
guacConfigParameter: server-layout=de-de-qwertz
member: cn=user,ou=People,dc=example,dc=net

For normal administration i am using ApacheDirectoryStudio.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: LDAP - guacConfigParameter only possible once

vnick
On Fri, Mar 30, 2018 at 1:27 PM, EagleEye <[hidden email]> wrote:
Hi Mike,

I am using following LDAP Server:

@(#) $OpenLDAP: slapd  (Apr 14 2017 14:01:06) $

buildd@bm-wb-03:/build/openldap-pdyzMj/openldap-2.4.40+dfsg/debian/build/servers/slapd

The LDIF in question looks like this one:

dn: cn=windows,ou=guacamole,ou=Groups,dc=example,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
objectClass: top
cn: windows
guacConfigProtocol: rdp
guacConfigParameter: hostname=windows
guacConfigParameter: security=tls
guacConfigParameter: server-layout=de-de-qwertz
member: cn=user,ou=People,dc=example,dc=net

If you're trying to modify an existing entry, this LDIF is probably wrong - you need some sort of operation for the guacConfigParameter attributes - add, replace, etc.  So, if you're adding multiple guacConfigParameter attributes, it might be something like this:

dn: cn=windows,ou=guacamole,ou=Groups,dc=example,dc=net
changetype: modify
add: guacConfigParameter
guacConfigParameter: security=tls
-
add: guacConfigParameter
guacConfigParameter: server-layout=de-de-qwertz

...something like that.  It's also possible that Apache Directory Studio isn't 100% compatible with administering slapd servers, so it may be trying to perform the operation in such a way that slapd doesn't like.

In any case, this doesn't seem to be an issue with the Guacamole schema or anything like that.

-Nick