{"id":8463,"date":"2021-03-28T00:04:42","date_gmt":"2021-03-27T21:04:42","guid":{"rendered":"https:\/\/kifarunix.com\/?p=8463"},"modified":"2024-03-19T18:20:31","modified_gmt":"2024-03-19T15:20:31","slug":"setup-apache-guacamole-openldap-authentication","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/setup-apache-guacamole-openldap-authentication\/","title":{"rendered":"Setup Apache Guacamole OpenLDAP Authentication"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to setup Apache Guacamole OpenLDAP authentication. Apache Guacamole is a clientless HTML5 web based remote desktop gateway which provides remote access to servers and desktops through a web browser. By default, Guacamole uses a basic authentication module which basically involves reading usernames and passwords from an XML file.<\/p>\n\n\n\n<p>Apart from using simple XML file for authentication, Apache Guacamole also supports other authentication modules. <em>It provides database-backed authentication modules with the ability to manage connections and users from the web interface, and other authentication modules can be created using the extension API provided along with the Guacamole web application,&nbsp;guacamole-ext.<\/em><\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#configuring-apache-guacamole-for-open-ldap-authentication\">Configuring Apache Guacamole for OpenLDAP Authentication<\/a><ul><li><a href=\"#install-and-setup-guacamole-server\">Install and Setup Guacamole Server<\/a><\/li><li><a href=\"#install-and-setup-open-ldap-server\">Install and Setup OpenLDAP Server<\/a><\/li><li><a href=\"#install-guacamole-ldap-extension\">Install Guacamole LDAP extension<\/a><\/li><li><a href=\"#configure-open-ldap-server-to-provide-guacamole-authentication\">Configure OpenLDAP Server to Provide Guacamole Authentication<\/a><ul><li><a href=\"#create-guacamole-open-ldap-schema\">Create Guacamole OpenLDAP Schema<\/a><\/li><li><a href=\"#create-open-ldap-groups-for-guacamole-authentication\">Create OpenLDAP Groups for Guacamole Authentication<\/a><\/li><\/ul><\/li><li><a href=\"#configure-guacamole-for-open-ldap-authentication\">Configure Guacamole for OpenLDAP Authentication<\/a><ul><li><a href=\"#verify-guacamole-open-ldap-authentication\">Verify Guacamole OpenLDAP Authentication<\/a><\/li><\/ul><\/li><li><a href=\"#reference-and-further-reading\">Reference and Further Reading<\/a><\/li><li><a href=\"#other-tutorials\">Other tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring-apache-guacamole-for-open-ldap-authentication\">Configuring Apache Guacamole for OpenLDAP Authentication<\/h2>\n\n\n\n<p>Before you can proceed, ensure you have an Apache Guacamole as well as an LDAP servers up and running.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-setup-guacamole-server\">Install and Setup Guacamole Server<\/h3>\n\n\n\n<p>Follow the links below to install and setup Guacamole;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-debian-10\/\" target=\"_blank\" aria-label=\"Install Apache Guacamole on Debian 10 (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Install Apache Guacamole on Debian 10<\/a><\/p>\n\n\n\n<p><a class=\"rank-math-link\" href=\"https:\/\/kifarunix.com\/install-apache-guacamole-on-ubuntu-20-04\/\">Install Apache Guacamole on Ubuntu 20.04<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-setup-open-ldap-server\">Install and Setup OpenLDAP Server<\/h3>\n\n\n\n<p>Use these simple guides to install and setup OpenLDAP server<\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-and-setup-openldap-server-on-ubuntu-20-04\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Install and Setup OpenLDAP Server on Ubuntu 20.04<\/a><\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-and-setup-openldap-on-centos-8\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Install and Setup OpenLDAP on CentOS 8<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-guacamole-ldap-extension\">Install Guacamole LDAP extension<\/h3>\n\n\n\n<p>Navigate to the <a aria-label=\"Guacamole releases page (opens in a new tab)\" class=\"rank-math-link\" href=\"http:\/\/guacamole.apache.org\/releases\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole releases page<\/a> and the LDAP extension for the version of the Guacamole you are running. For example, if you are running Guacamole 1.3.0, then you can get the LDAP extension on the <a aria-label=\"Guacamole 1.30 page (opens in a new tab)\" class=\"rank-math-link\" href=\"http:\/\/guacamole.apache.org\/releases\/1.3.0\/\" target=\"_blank\" rel=\"noreferrer noopener\">Guacamole 1.30 page<\/a>.<\/p>\n\n\n\n<p>Replace the value of the VER variable below with the version of the extension that matches your version of Guacamole.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>VER=1.3.0<\/code><\/pre>\n\n\n\n<p>Therefore, download appropriate version of the LDAP extension.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/downloads.apache.org\/guacamole\/${VER}\/binary\/guacamole-auth-ldap-${VER}.tar.gz<\/code><\/pre>\n\n\n\n<p>The LDAP authentication extension is packaged as a&nbsp;<code>.tar.gz<\/code>&nbsp;file containing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><em><strong><code>guacamole-auth-ldap-${VER}.jar<\/code><\/strong>: The Guacamole LDAP support extension itself, which must be placed in&nbsp;<code>GUACAMOLE_HOME\/extensions<\/code>.<strong><code>schema\/<\/code><\/strong><\/em><\/li>\n\n\n\n<li><em><strong><code>LDAP schema files<\/code><\/strong>. An&nbsp;<code>.ldif<\/code>&nbsp;file compatible with OpenLDAP is provided, as well as a&nbsp;<code>.schema<\/code>&nbsp;file compliant with RFC-2252. The&nbsp;<code>.schema<\/code>&nbsp;file can be transformed into the&nbsp;<code>.ldif<\/code>&nbsp;file automatically.<\/em><\/li>\n<\/ul>\n\n\n\n<p>Extract the archive and and copy the <em><strong><code>guacamole-auth-ldap-${VER}.jar<\/code><\/strong><\/em> file in Guacamole extensions directory, <code><strong>\/etc\/guacamole\/extensions<\/strong><\/code>. If the directory do not already exist, create one.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">tar xzf guacamole-auth-ldap-${VER}.tar.gz<\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">cp guacamole-auth-ldap-${VER}\/guacamole-auth-ldap-${VER}.jar \/etc\/guacamole\/extensions\/guacamole-auth-ldap.jar<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-open-ldap-server-to-provide-guacamole-authentication\">Configure OpenLDAP Server to Provide Guacamole Authentication<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-guacamole-open-ldap-schema\">Create Guacamole OpenLDAP Schema<\/h4>\n\n\n\n<p>Next, in order to allow only specific users that have a specific attribute or that belongs to a specific, say Guacamole group to be able to authenticate with OpenLDAP, you need to update the OpenLDAP database.<\/p>\n\n\n\n<p>The Guacamole LDAP archive provides some schema files which &#8220;<em>define an additional object class,&nbsp;<code>guacConfigGroup<\/code>, which contains all configuration information for a particular connection, and can be associated with arbitrarily-many users and groups. Each connection defined by a&nbsp;<code>guacConfigGroup<\/code>&nbsp;will be accessible only by users who are members of that group (specified with the&nbsp;member&nbsp;attribute), or who are members of associated groups<\/em>&#8220;.<\/p>\n\n\n\n<p>The Guacamole LDAP schema provides an object class type called <em><code><strong>guacConfigGroup<\/strong><\/code><\/em>, described above.<\/p>\n\n\n\n<p>This object class type will then provides attributes such as;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>guacConfigProtocol: defines the connection protocol, for example, RDP, SSH, VNC<\/li>\n\n\n\n<li>guacConfigGroup:  Which defines the connection parameters  associated with the specified protocol such as remote hostname, the connection port.<\/li>\n<\/ul>\n\n\n\n<p>See example below connections details below which illustrates the above further.<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>        &lt;connection name=\"CentOS-Server\"&gt;\n            &lt;protocol&gt;ssh&lt;\/protocol&gt;\n            &lt;param name=\"hostname\"&gt;192.168.56.156&lt;\/param&gt;\n            &lt;param name=\"port\"&gt;22&lt;\/param&gt;\n        &lt;\/connection&gt;\n<\/code><\/pre>\n\n\n\n<p>Therefore, copy the Guacamole LDAP extension schema files to your OpenLDAP server. Replace the <code><strong>username<\/strong><\/code> and <strong><code>ldap-server<\/code><\/strong> with the <strong><code>username<\/code><\/strong> and <strong><code>address<\/code><\/strong> of your OpenLDAP server in the command below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -r guacamole-auth-ldap-${VER}\/schema username@ldap-server:<\/pre>\n\n\n\n<p>For example, to copy these files to the root user account on my LDAP server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">scp -r guacamole-auth-ldap-${VER}\/schema root@192.168.57.19:<\/pre>\n\n\n\n<p>Load the Guacamole LDAP schema details into the OpenLDAP database by running the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ldapadd -Q -Y EXTERNAL -H ldapi:\/\/\/ -f schema\/guacConfigGroup.ldif<\/pre>\n\n\n\n<p>If the command runs successfully, you should see such an output;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">adding new entry \"cn=guacConfigGroup,cn=schema,cn=config\"<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-open-ldap-groups-for-guacamole-authentication\">Create OpenLDAP Groups for Guacamole Authentication<\/h4>\n\n\n\n<p>As much as it is possible to now add the attributes to individual OpenLDAP user profile to define how they are allowed to authenticate to Guacamole, it is easier to manage this a group such that, indidual members are added to specific Guacamole groups.<\/p>\n\n\n\n<p>To begin with, these are the users that I currently have in my OpenLDAP database;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ldapsearch -Y EXTERNAL -H ldapi:\/\/\/ -s one \\\n-b \"ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\" -LLL -Q uid<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dn: uid=janedoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nuid: janedoe\n\ndn: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nuid: johndoe\n\ndn: uid=koromicha,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nuid: koromicha\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">ldapsearch -Y EXTERNAL -H ldapi:\/\/\/ -s one \\\n-b \"ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\" -LLL -Q dn<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dn: cn=janedoe,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n\ndn: cn=johndoe,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n\ndn: cn=koromicha,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n<\/code><\/pre>\n\n\n\n<p>So I am gonna create two groups, for SSH and RDP connections.<\/p>\n\n\n\n<p>SSH group configuration;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vim guacamole-ssh-connection.ldif<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dn: cn=guacSSH,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: guacConfigGroup\nobjectClass: groupOfNames\ncn: guacSSH\nguacConfigProtocol: ssh\nguacConfigParameter: hostname=192.168.56.180\nguacConfigParameter: port=22\nmember: uid=koromicha,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmember: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\n<\/code><\/pre>\n\n\n\n<p>RDP group configuration;<\/p>\n\n\n\n<pre id=\"block-9bd01ee3-30a2-4e6c-afb5-84d3ac76c545\" class=\"wp-block-preformatted\">vim guacamole-rdp-connection.ldif<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dn: cn=guacRDP,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: guacConfigGroup\nobjectClass: groupOfNames\ncn: guacRDP\nguacConfigProtocol: rdp\nguacConfigParameter: hostname=192.168.56.122\nguacConfigParameter: port=3389\nguacConfigParameter: ignore-cert=true\nmember: uid=janedoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\n<\/code><\/pre>\n\n\n\n<p>Before you can update the database with the above details, ensure that the membeof module is loaded. For more details, you can check our guide on <a aria-label=\"how to create groups in OpenLDAP (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/how-to-create-openldap-member-groups\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">how to create groups in OpenLDAP<\/a>.<\/p>\n\n\n\n<p>Update the database with Guacamole group configurations above;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f guacamole-ssh-connection.ldif -Q<\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>adding new entry \"cn=guacSSH,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\"<\/code><\/pre>\n\n\n\n<pre id=\"block-a1176c05-5cde-4798-9b50-65e5a57f5154\" class=\"wp-block-preformatted\">ldapadd -Y EXTERNAL -H ldapi:\/\/\/ -f guacamole-rdp-connection.ldif -Q<\/pre>\n\n\n\n<p>Output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>adding new entry \"cn=guacRDP,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\"<\/code><\/pre>\n\n\n\n<p>Checking the membership of the groups;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>ldapsearch -H ldapi:\/\/\/ -Y EXTERNAL -LLL -b \"dc=ldapmaster,dc=kifarunix-demo,dc=com\" uid=* memberOf -Q<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>dn: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmemberOf: cn=guacSSH,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n\ndn: uid=janedoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmemberOf: cn=guacRDP,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n\ndn: uid=koromicha,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmemberOf: cn=guacSSH,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-guacamole-for-open-ldap-authentication\">Configure Guacamole for OpenLDAP Authentication<\/h3>\n\n\n\n<p>Next, proceed to configure Guacamole for LDAP authentication.<\/p>\n\n\n\n<p>Edit the <code><strong>\/etc\/guacamole\/guacamole.properties<\/strong><\/code> and add the following configuration options to define how to connect to LDAP server for Authentication.<\/p>\n\n\n\n<p>If you check our previous guides on setting up Guacamole, below is the options we had set in this file;<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>guacd-hostname: localhost\nguacd-port:     4822\nuser-mapping:   \/etc\/guacamole\/user-mapping.xml\nauth-provider:  net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider\n<\/code><\/pre>\n\n\n\n<p>So for us to enable LDAP authentication, we will add the lines below;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>ldap-hostname: ldapmaster.kifarunix-demo.com\nldap-encryption-method: starttls\nldap-search-bind-dn: cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com\nldap-search-bind-password: P@ssW0rd\nldap-user-base-dn: dc=ldapmaster,dc=kifarunix-demo,dc=com\nldap-username-attribute: uid\nldap-member-attribute: member\nldap-member-attribute-type: dn\nldap-config-base-dn: ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nldap-user-search-filter: (|(memberOf=cn=guacSSH,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com)(memberOf=cn=guacRDP,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com))\n<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p><strong>Ensure the LDAP server hostname is resolvable if you used a hostname instead of an IP address.<\/strong><\/p>\n\n\n\n<p>Also note that the ldap options are based on our LDAP server configurations.<\/p>\n\n\n\n<p>Download the TLS certificate from your LDAP server;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">openssl s_client -connect ldapmaster.kifarunix-demo.com:389 \\\n              -starttls ldap \\\n              -showcerts &lt; \/dev\/null | \\\n              openssl x509 -text | \\\n              sed -ne '\/-BEGIN CERTIFICATE-\/,\/-END CERTIFICATE-\/p'<\/pre>\n\n\n\n<p>From the command output, copy the certificate from <strong><code>-----BEGIN CERTIFICATE-----<\/code><\/strong> to <strong><code>-----END CERTIFICATE-----<\/code><\/strong> and place it in a file;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/etc\/ssl\/certs\/ldapcert.pem<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>-----BEGIN CERTIFICATE-----\nMIIDvzCCAqegAwIBAgIUc8imlOVhEej453dXtvacn7krg1MwDQYJKoZIhvcNAQEL\n...\n...\nIgf9K1e9M0Q+j2XEsTeCYVU\/v0Jt0kER0+V\/NM0IrDOX+6kRz6DNsZrwcMEf5Yvp\nARWZ\n-----END CERTIFICATE-----<\/code><\/pre>\n\n\n\n<p>Add the certificate to the Java&#8217;s trust store;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">keytool -importcert -alias ldapmaster.kifarunix-demo.com \\\n\t-file \/etc\/ssl\/certs\/ldapcert.pem \\\n\t-keystore \/usr\/lib\/jvm\/java-11-openjdk-amd64\/lib\/security\/cacerts \\\n\t-storepass changeit \\\n\t-noprompt<\/pre>\n\n\n\n<p>Restart Apache Tomcat;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart tomcat9.service<\/code><\/pre>\n\n\n\n<p><strong>Note, the use of default authentication method of reading users from an XML file is always last in priority relative to any other authentication extensions<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"verify-guacamole-open-ldap-authentication\">Verify Guacamole OpenLDAP Authentication<\/h4>\n\n\n\n<p>Now, we have three users;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>koromicha and johndoe are allowed to SSH to server 192.168.57.3<\/li>\n\n\n\n<li>janedoe is allowed to RDP to 192.168.56.122<\/li>\n<\/ul>\n\n\n\n<p>Login as one of the users for SSH on <strong>http:\/\/server-IP:8080\/guacamole<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"987\" height=\"567\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-ldap-user-login.png\" alt=\"Setup Apache Guacamole OpenLDAP Authentication\" class=\"wp-image-8478\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-ldap-user-login.png?v=1616878539 987w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-ldap-user-login-768x441.png?v=1616878539 768w\" sizes=\"(max-width: 987px) 100vw, 987px\" \/><\/figure>\n\n\n\n<p>Upon successful authentication, you should land on the SSH login prompt for remote system;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1103\" height=\"306\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-remote-ssh-prompt.png\" alt=\"\" class=\"wp-image-8479\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-remote-ssh-prompt.png?v=1616878586 1103w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-remote-ssh-prompt-768x213.png?v=1616878586 768w\" sizes=\"(max-width: 1103px) 100vw, 1103px\" \/><\/figure>\n\n\n\n<p>Similarly, login as an RDP user and you taken directly to remote desktop system login screen upon successful authentication to Guacamole.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1007\" height=\"564\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-rdp-ldap-login.png\" alt=\"\" class=\"wp-image-8477\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-rdp-ldap-login.png?v=1616878506 1007w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/apache-guacamole-rdp-ldap-login-768x430.png?v=1616878506 768w\" sizes=\"(max-width: 1007px) 100vw, 1007px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1472\" height=\"959\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/guacamole-rdp-ldap-authentication.png\" alt=\"\" class=\"wp-image-8476\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/guacamole-rdp-ldap-authentication.png?v=1616878461 1472w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/03\/guacamole-rdp-ldap-authentication-768x500.png?v=1616878461 768w\" sizes=\"(max-width: 1472px) 100vw, 1472px\" \/><\/figure>\n\n\n\n<p>And that concludes our guide on how to configure Apache Guacamole for OpenLDAP Authentication.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reference-and-further-reading\">Reference and Further Reading<\/h3>\n\n\n\n<p><a aria-label=\"Guacamole LDAP Authentication (opens in a new tab)\" href=\"https:\/\/guacamole.apache.org\/doc\/gug\/ldap-auth.html#guac-ldap-config\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Guacamole LDAP Authentication<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other tutorials<\/h3>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/configure-squid-proxy-openldap-authentication-on-pfsense\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configure Squid Proxy OpenLDAP Authentication on pfSense<\/a><\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/how-to-configure-dokuwiki-openldap-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">How to Configure DokuWiki OpenLDAP Authentication<\/a><\/p>\n\n\n\n<p><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/configure-owncloud-openldap-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configure ownCloud OpenLDAP Authentication<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-offline-authentication-via-openldap-on-macos-x\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configure Offline Authentication via OpenLDAP on MacOS X<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to setup Apache Guacamole OpenLDAP authentication. Apache Guacamole is a clientless HTML5 web based remote desktop gateway which<\/p>\n","protected":false},"author":1,"featured_media":8480,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[1099,285,917,121,214],"tags":[3352,3351,3354,3353,3350,3355],"class_list":["post-8463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-openldap","category-directory-server","category-guacamole","category-howtos","category-remote-desktop","tag-enable-ldap-on-guacamole","tag-guacamole-ldap-authentication","tag-openldap-guacamole","tag-rdp-ldap-authentication-guacamole","tag-setup-apache-guacamole-ldap-authentication","tag-setup-ldap-for-guacamole","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8463"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=8463"}],"version-history":[{"count":4,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8463\/revisions"}],"predecessor-version":[{"id":21873,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8463\/revisions\/21873"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/8480"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=8463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=8463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=8463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}