Guacamole Autenticação LDAP

Autenticação Utilizando LDAP

# cd /etc/guacamole/extensions/

# wget https://downloads.apache.org/guacamole/1.5.5/binary/guacamole-auth-ldap-1.5.5.tar.gz

# tar -xvzf guacamole-auth-ldap-1.5.5.tar.gz

# mv guacamole-auth-ldap-1.5.5/guacamole-auth-ldap-1.5.5.jar .

# vi guacamole.properties

# CONFIG MariaDB

guacd-hostname: 127.0.0.1

guacd-port: 4822

mysql-hostname: 127.0.0.1

mysql-port: 3306

mysql-database: guacamole

mysql-username: guacamole

mysql-password: Guacamole123

# A linha abaixo foi habilitada depois de configurar o protocolo LDAP para criar a conta logo após a tentativa de acesso com sucesso.

mysql-auto-create-accounts: true

#

#

# CONFIG LDAP - autorizado somente para os participantes do grupo "g_guacamole"

# Usando FreeIPA como gestor de usuários.

ldap-hostname: 192.168.10.151

ldap-port: 389 <- 636 para usar com SSL

ldap-encryption-method: none <- Se usar 636 alterar para SSL (none,starttls)

ldap-search-bind-dn: uid=binddnldap,cn=users,cn=accounts,dc=local,dc=domain

ldap-search-bind-password: <SENHA_user_binddnldap>

ldap-user-base-dn: cn=accounts,dc=local,dc=domain

ldap-username-attribute: uid

ldap-member-attribute: member

ldap-member-attribute-type: dn

ldap-config-base-dn: cn=groups,cn=accounts,dc=local,dc=domain

ldap-user-search-filter: (memberOf=cn=g_guacamole,cn=groups,cn=accounts,dc=local,dc=domain)

#

#

# CONFIG ACTIVE DIRECTORY     -   FALTA TESTAR

#ldap-hostname: 192.168.10.151

#ldap-port: 389

#ldap-encryption-method: none

#ldap-search-bind-dn: CN=binddnldap,OU=g_nogroup,DC=local,DC=domain

#ldap-search-bind-password: Senha2025

#ldap-user-base-dn: OU=g_guacamole,DC=local,DC=domain

#ldap-username-attribute: sAMAccountName

#ldap-user-search-filter: (&(opbjectClass=user)(memberOf=CN=g_guacamole,OU=groups,DC=local,DC=domain))

#ldap-user-search-filter: (&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=GuacamoleUsers,CN=Users,DC=i12bretro,DC=local))

• Para usar com a porta 636

# cd /etc/ssl/certs

# openssl s_client -connect IP:636 -showcerts </dev/null 2>/dev/null | openssl x509 -outform pem > guacamoleldap.pem

# systemctl restart guacd.service tomcat9.service

• Logar usando um usuário do LDAP