Enabling LDAP/Active Directory Authentication in Apache Guacamole 🌱

  1. Open a terminal and run the following commands:
    wget http://mirror.metrocast.net/apache/guacamole/1.2.0/binary/guacamole-auth-ldap-1.2.0.tar.gz
    tar -xzf guacamole-auth-ldap-1.2.0.tar.gz
    sudo mkdir /etc/guacamole/extensions
    sudo cp ~/guacamole-auth-ldap-1.2.0/guacamole-auth-ldap-1.2.0.jar /etc/guacamole/extensions
    sudo nano /etc/guacamole/guacamole.properties
  2. Edit the guacamole.properties file adding the following values:

    ldap-hostname:          i12bretrodc.i12bretro.local
    ldap-port:              389
    ldap-encryption-method: none

    ldap-user-base-dn:       DC=i12bretro,DC=local
    ldap-username-attribute: sAMAccountName

    ldap-search-bind-dn:       CN=readonly_svc,CN=Users,DC=i12bretro,DC=local
    ldap-search-bind-password: Read0nly!!

    ldap-user-search-filter: (&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=GuacamoleUsers,CN=Users,DC=i12bretro,DC=local))

  3. Press CTRL+O, Enter, CTRL+X to save the changes and exit
  4. Back in the terminal, run the following command to restart Tomcat
    sudo systemctl restart tomcat9
  5. Open a web browser and navigate to Guacamole
  6. Test logging in with a valid Active Directory username and password

    Note: to use an Active Directory account in Guacamole as a Guacamole administrator you must manually create the User in Guacamole > Settings > Users. After logging in with the account it will see Active Directory and Guacamole specific users simultaneously