[one-users] Problem with ldap authentication

Thu Jun 9 01:46:42 PDT 2011

Hello,

first of all, thank you for your response.

Once I have managed to make ldap_auth work, I found the following issue:

root at keo01:/srv/cloud/one# onevm list
execution expired

I cannot manage to athenticate against my ldap server. I have tried the 
ldap authentication that is carried out by ONE

require 'rubygems'
require 'net/ldap'
ldap = Net::LDAP.new
ldap.host = "my.ldap.server"
ldap.port = 389
ldap.auth "my-dn", "my-pass"
print ldap.bind

It is properly working, as my server authenticates me. I have (of 
course) tried changing the password and it works as expected.

Diving in the code It seems that there is some problem in the file 
"src/um/UserPool.cc", at
         authm->trigger(AuthManager::AUTHENTICATE,&ar);
         ar.wait();

Any idea?

El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
> The official OpenNebula installation instructions for the ldap driver are incomplete and miss to mention some software packages that you have to install first. I don't remember which ones they were, but you can find out as follows:
>
> * cd to .../lib/ruby
> * execute 'ruby ldap_auth.rb'.
> * Ruby will complain about any missing packages. Install those until ruby is happy.
>
> Carsten
>
>
> Carsten Friedrich
> Research Team leader
> ICT Centre, GPO Box 664,Canberra, ACT 2601
> Phone: +61 2 6216 7019
> Email: Carsten.Friedrich at csiro.au
> Web:   http://www.csiro.au/org/ICT.html
>
>
>
> -----Original Message-----
> From: users-bounces at lists.opennebula.org [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
> Sent: Wednesday, 8 June 2011 18:17
> To: users at lists.opennebula.org
> Subject: Re: [one-users] Problem with ldap authentication
>
> any help on this?
>
> El 02/06/11 16:55, Carlos A. escribió:
>> More information on this:
>>
>> in /srv/cloud/one/var/oned.log I can see
>> Thu Jun  2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
>> Thu Jun  2 16:52:09 2011 [ONE][I]: Log Level: 3
>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>> ----------------------------------------
>> Thu Jun  2 16:52:09 2011 [ONE][I]:      OpenNebula Configuration File
>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>> ----------------------------------------
>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>> ----------------------------------
>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
>> DB=BACKEND=sqlite
>> DEBUG_LEVEL=3
>> DEFAULT_DEVICE_PREFIX=hd
>> DEFAULT_IMAGE_TYPE=OS
>> HM_MAD=EXECUTABLE=one_hm
>> HOST_MONITORING_INTERVAL=600
>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
>> MAC_PREFIX=02:00
>> MANAGER_TIMER=15
>> NETWORK_SIZE=254
>> PORT=2633
>> SCRIPTS_REMOTE_DIR=/var/tmp/one
>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
>> VM_DIR=/srv/cloud/one/var/
>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
>> VM_MAD=ARGUMENTS=-t 15 -r 0
>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
>> VM_POLLING_INTERVAL=600
>> VNC_BASE_PORT=5900
>> ----------------------------------
>> Thu Jun  2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
>> Thu Jun  2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
>> Thu Jun  2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
>> Thu Jun  2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
>> Thu Jun  2 16:52:09 2011 [InM][I]: Starting Information Manager...
>> Thu Jun  2 16:52:09 2011 [InM][I]: Information Manager started.
>> Thu Jun  2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
>> Thu Jun  2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
>> Thu Jun  2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
>> Thu Jun  2 16:52:09 2011 [TrM][I]: Transfer Manager started.
>> Thu Jun  2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting Request Manager...
>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633 ...
>> Thu Jun  2 16:52:09 2011 [ReM][I]: Request Manager started.
>> Thu Jun  2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
>> Thu Jun  2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
>> Thu Jun  2 16:52:09 2011 [AuM][I]: Authorization Manager started.
>> Thu Jun  2 16:52:09 2011 [HKM][I]: Hook Manager started.
>> Thu Jun  2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
>> drivers.
>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: vmm_kvm (KVM)
>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Driver vmm_kvm loaded.
>> Thu Jun  2 16:52:11 2011 [InM][I]: Loading Information Manager drivers.
>> Thu Jun  2 16:52:11 2011 [InM][I]:      Loading driver: im_kvm
>> Thu Jun  2 16:52:11 2011 [InM][I]:      Driver im_kvm loaded
>> Thu Jun  2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: tm_nfs
>> Thu Jun  2 16:52:11 2011 [TM][I]:       Driver tm_nfs loaded.
>> Thu Jun  2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
>> Thu Jun  2 16:52:11 2011 [HKM][I]:      Hook Manager loaded
>> Thu Jun  2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
>> Thu Jun  2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
>> Thu Jun  2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method invoked
>> Thu Jun  2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
>> Authorization driver
>> Thu Jun  2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>> couldn't be authenticated, aborting call.
>>
>> It seems that it cannot find the driver as a relative path name, but I
>> have also tried to use the full path of the auth driver.
>>
>> Any help would be appreciated.
>>
>> Regards,
>> Carlos A.
>>
>>
>> El 02/06/11 11:39, Carlos A. escribió:
>>> Hello,
>>>
>>> I have just installed the ldap authentication addon on an fresh ONE
>>> install. I followed the instructions and I found that I cannot
>>> authenticate against the LDAP server.
>>>
>>> what am I not doing in a wrong way?
>>>
>>> ------------------------------------------------------------
>>> carlos at keo01:~$ onevm list
>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call.
>>>
>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
>>> (...)
>>> Thu Jun  2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
>>> Authorization driver
>>> Thu Jun  2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>> couldn't be authenticated, aborting call.
>>> (...)
>>>
>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
>>> -rwxr-xr-x 1 oneadmin root 1632 Jun  2 09:53 one_auth_mad
>>> -rwxr-xr-x 1 oneadmin root 3341 Jun  2 09:58 one_auth_mad.rb
>>>
>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun  2 09:58
>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>
>>> *** content of /srv/cloud/one/etc/auth/auth.conf
>>> :database: sqlite://auth.db
>>> :authentication: ldap
>>> :quota:
>>>    :enabled: false
>>>    :defaults:
>>>      :cpu: 10.0
>>>      :memory: 1048576
>>> :ldap:
>>>      :host: my.ldap.server
>>>      :port: 389
>>>
>>>
>>> *** content of /srv/cloud/one/etc/oned.conf
>>> (...)
>>> AUTH_MAD = [
>>>      executable = "one_auth_mad" ]
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>