LDAP auth issue with veyon 4.1.4.0-win64



  • Hi,

    I'm now trying to get veyon working for windows10 classrooms.
    Trying to limit access to veyon master to ldap group members.
    I configured everything. In configurator : ldap server connexion test OK, Base DN test OK, I can see the users group list in access control.
    BUT :
    If I don't pick any group in authorized users group field, nobody's authorized (just as we hope). The issue is when I pick a group (which ever group I choose), all users are authorized (with the test button, even a blank login is OK).
    I tried a lot of possibilities found in configurator (activate domain groups or not, use different filters for groups or users in advanced parameters for LDAP, ... and I always had the same behaviour : select a group means give access to everyone (even people not in this group), select none gives acces to nobody

    I already used ldap access control for linux rooms, it works fine, but for windows, no way.

    If you could give me a hint, I'd be pleased



  • Re,

    Below, you'll find the .json file exported from configurator. Maybe it could help to find where I'm missing something.
    (Of course, I don't use "mydomain" in real conf, this is the only thing I changed in json file) :
    This is basic conf, just to make master's auth working (rooms and everything will takeplace later, when auth will be OK).
    <code>
    {
    "AccessControl": {
    "AccessRestrictedToUserGroups": "true",
    "AuthorizedUserGroups": [
    "cn=fst-veyon-master"
    ],
    "UserGroupsBackend": "{6f0a491e-c1c6-4338-8244-f823b0bf8670}"
    },
    "Authentication": {
    "Method": 0,
    "PrivateKeyBaseDir": "%GLOBALAPPDATA%\keys\private",
    "PublicKeyBaseDir": "%GLOBALAPPDATA%\keys\public"
    },
    "Core": {
    "InstallationID": "e6caf172-e8fb-4e76-ad6b-c12578b2ff06",
    "PluginVersions": {
    "JsonStoreObject": {
    "{14bacaaa-ebe5-449c-b881-5b382f952571}": "1.1",
    "{1b08265b-348f-4978-acaa-45d4f6b90bd9}": "1.1",
    "{1baa01e0-02d6-4494-a766-788f5b225991}": "1.1",
    "{1bdb0d1c-f8eb-4d21-a093-d555a10f3975}": "1.1",
    "{2917cdeb-ac13-4099-8715-20368254a367}": "1.1",
    "{2ad98ccb-e9a5-43ef-8c4c-876ac5efbcb1}": "1.1",
    "{387a0c43-1355-4ff6-9e1f-d098e9ce5127}": "1.1",
    "{39d7a07f-94db-4912-aa1a-c4df8aee3879}": "1.1",
    "{4122e8ca-b617-4e36-b851-8e050ed2d82e}": "1.1",
    "{4790bad8-4c56-40d5-8361-099a68f0c24b}": "1.1",
    "{67dfc1c1-8f37-4539-a298-16e74e34fd8b}": "1.1",
    "{6f0a491e-c1c6-4338-8244-f823b0bf8670}": "1.1",
    "{85f6c631-e75a-4c78-8cb2-a7f3f502015a}": "1.1",
    "{8ae6668b-9c12-4b29-9bfc-ff89f6604164}": "1.1",
    "{a54ee018-42bf-4569-90c7-0d8470125ccf}": "1.1",
    "{b47bcae0-24ff-4bf5-869c-484d64af5c4c}": "1.1",
    "{ee322521-f4fb-482d-b082-82a79003afa7}": "1.1"
    }
    }
    },
    "Demo": {
    "FramebufferUpdateInterval": 100,
    "KeyFrameInterval": 10,
    "MemoryLimit": 128
    },
    "Directories": {
    "Screenshots": "%APPDATA%\Screenshots",
    "UserConfiguration": "%APPDATA%\Config"
    },
    "ExternalVncServer": {
    "ServerPort": 5900
    },
    "LDAP": {
    "BaseDN": "ou=posix_groups,dc=mydomain,dc=fr",
    "ServerHost": "ldap.mydomain.fr",
    "ServerPort": 389
    },
    "Logging": {
    "LogFileDirectory": "$TEMP",
    "LogFileRotationCount": 10,
    "LogFileRotationEnabled": false,
    "LogFileSizeLimit": 100,
    "LogFileSizeLimitEnabled": false,
    "LogLevel": 4,
    "LogToStdErr": true,
    "LogToSystem": false
    },
    "Master": {
    "AccessControlForMasterEnabled": "true",
    "ComputerMonitoringBackgroundColor": "#ffffff",
    "ComputerMonitoringUpdateInterval": 1000,
    "LocalComputerHidden": "true"
    },
    "Network": {
    "DemoServerPort": 11400,
    "FeatureWorkerManagerPort": 11300,
    "FirewallExceptionEnabled": true,
    "PrimaryServicePort": 11100,
    "VncServerPort": 11200
    },
    "NetworkObjectDirectory": {
    "UpdateInterval": 60
    },
    "Service": {
    "Autostart": true,
    "FailedAuthenticationNotifications": true,
    "HideTrayIcon": false,
    "RemoteConnectionNotifications": false,
    "SoftwareSASEnabled": true
    },
    "UI": {
    "ApplicationName": "",
    "Language": ""
    },
    "UltraVNC": {
    "CaptureLayeredWindows": "true",
    "Configured": "true",
    "LowAccuracy": "true",
    "PollFullScreen": "true"
    }
    }
    </code>



  • Ok,

    As this rooms PCs are windows PCs, joined to an Active Directory, I used AD, and auth works fine (because my organization's AD master did it with me).
    I guess I needed some more configuration in env and advanced parameters to make it work.
    I didn't have to do that with linux, as my PCs were LDAP auth based, and in access control, I just had to choose "default (local groups and users)", and not LDAP, as I have to with AD joined windows PCs.

    I didn't test further ldap conf, as I finally don't need it
    Answer this post could help other people with the same question, though 😉