On Tue, Nov 21, 2017 at 8:10 AM, <harry.dev...@faa.gov> wrote:
> I set SELinux to permissive and put the LDAP extension back (its under > /usr/share/tomcat/.guacamole/extensions), restarted tomcat and guacd, and > try to log in using an LDAP user. I click Login and on the Network tab, it > shows tokens (/guacamole/api/tokens) as having a “pending” status. Never > gets any further. > > > > Harry > > > > *From:* Nick Couchman [mailto:vn...@apache.org] > *Sent:* Monday, November 20, 2017 2:04 PM > *To:* user@guacamole.apache.org > *Subject:* Re: Configuring LDAP > > > > On Mon, Nov 20, 2017 at 1:52 PM, <harry.dev...@faa.gov> wrote: > > We’re using Red Hat Enterprise Linux 7.4 with SELinux set to enforcing. I > disabled the LDAP extension and just used MySQL for the guacadmin user and > could log in. I do see the following information in /var/log/messages: > > > > > > This sounds like the server-side, but are you able to temporarily disable > SELinux (set it to permissive mode, "setenforce 0") and then restart Tomcat > and see if it works with LDAP? I'm not suggesting this as a long-term fix, > just long enough to validate whether SELinux is, indeed, blocking LDAP > traffic, or if it's still something else? > > > > -Nick >
