Guacamole Configuration
-
I am having some trouble trying to figure out how to get LDAP to work within my configuration. I am observing that a lot of focus has to do with connecting into the /etc/guacamole directory.
Yet for some reason whenever I try to access the terminal on my cloudron app, I do not see this location available on my guacamole deployment. Making me wonder whether or not this was setup correctly or not (I simply just added the app from the app repository and let it install)
Any insight here would be greatly appreciated
-
@mpeterson0418 By LDAP, do you mean Cloudron authentication or you are trying to configure guacamole with your own LDAP server?
-
@girish I am trying to set it up to work against my Windows AD LDAP server
-
@mpeterson0418 Ah ok. So, when you install guacamole, you have to make sure to select "Leave user management to the app". At this point, we don't allow changing the auth mechanism post installation, so you might need to re-install.
To configure, please use the file manager and edit
/app/data/guacamole.propertiesand restart the app. See https://docs.cloudron.io/apps/guacamole/#custom-properties . I think you also have to add the LDAP extension jar file per this . You enable the extension as per https://docs.cloudron.io/apps/guacamole/#extensions -
@mpeterson0418 said in Guacamole Configuration:
Windows AD LDAP server
In that case it may also be interesting to learn that you can connect your whole Cloudron to your AD. Look at https://docs.cloudron.io/user-management/#external-directory for more information.
-
@fbartels Ah of course,
. I think yours might be a better option.@mpeterson0418 You can configure Cloudron to integrate with your existing LDAP server and that way all the app will automatically integrate. For this, configure external LDAP directory in Cloudron -> Users and then you have to choose "Cloudron user management" when installing the app.
-
So it will in fact pass through the authentication to all the other installed apps on my profile if I setup the External Directory? That's good to know. How exactly will Apache guacamole pick that up though? My concern is that both use different URLs for access, and I think anyone browsing the web could easily just connect to Guacamole without needing to access the cloudron app could they not?
-
@mpeterson0418 even if its using different urls Guacamole is configured under the hood to use Cloudron for authentication (no one first needs to head to their Cloudron dashboard, but can directly log into Guac).
And once you have enabled the external ldap integration for your Cloudron all members on your ldap can log into Cloudron and therefore apps that use the Cloudron user management.
-
@fbartels I am definitely going to try that
Maybe you can help me with something within the guacamole config...... for sake or argument I tried building a user account and added my domain NetBIOS name to the front of it <AD><username>.
Now when I try to edit the account in the guacamole interface, I get the following error:
ERROR - An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.
It seems like the account is being stored within the mysql database. Any thoughts on how to manually clean it up?
-
@mpeterson0418 Oh, I am not using Guac personally, so I cannot really help here.
-
I got the external authentication working. Thanks a bunch!
Any thoughts on the lingering user account that I can't remove from Apache Guacamole? Is it stored somewhere within mysql and perhaps something I can edit manually to remove? The user interface keeps giving me the error I referenced earlier:
ERROR - An error has occurred and this action cannot be completed. If the problem persists, please notify your system administrator or check your system logs.
-
@mpeterson0418 Did you succeed via Cloudron external directory or directly from guacamole to your LDAP ?
As for the lingering user, maybe trying delete from MySQL. If you open web terminal, there is a button on the top for MySQL access. Click that button and press enter. Might want to take an app backup before tinkering with db directly...
-
Yes I got the external directory setup and it is pulling in my AD user accounts so we are good there
As for MySQL..... is there a specific location/table on where I can access the database user accounts? Or is everything entered via UserMappings.xml?
-
@mpeterson0418 unfortunately, that part I have no idea since that is very app specific. Maybe you just simply start afresh / re-install. That's probably easier than fixing up db tables by hand since we have no idea about the effect.
-
Hey sorry.... just a quick update I found the MySQL table and was able to edit it as needed. Issue got cleared up after running a couple queries. Thanks for your help!
