authentication ldap on 2 domain active directory windows

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

authentication ldap on 2 domain active directory windows

Enrico FANTI

Hi.

 

It’s possible to have an “ldap authentication” on “2” windows domanis (domain1.local, domain2.local).

 

We have 2 domains in active directory, and it’s working with a single domain configuration.

 

Thank  you

 

Enrico

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: authentication ldap on 2 domain active directory windows

vnick
On Tue, Jul 7, 2020 at 10:14 AM Enrico FANTI <[hidden email]> wrote:

Hi.

 

It’s possible to have an “ldap authentication” on “2” windows domanis (domain1.local, domain2.local).

 

We have 2 domains in active directory, and it’s working with a single domain configuration.


As currently implemented, you would have to do two things to make this work in Guacamole:
1) Be able to access both domains from a single LDAP server.  You can do this using referrals on the LDAP server(s), or by setting up an LDAP server to proxy multiple domains (OpenLDAP has some very powerful features for this).
2) Usernames would have to be unique between the two domains - any overlapping accounts would cause problems.

There are a couple of JIRA issues that will help address this - one is the ability to use multiple LDAP servers in the configuration (https://issues.apache.org/jira/browse/GUACAMOLE-957), and the other is supporting various LDAP bind and username formats that might allow for UPN-formatted logins (https://issues.apache.org/jira/browse/GUACAMOLE-536).

-Nick