[one-users] Problem with ldap authentication
Carlos A.
caralla at upv.es
Sat Jun 11 01:22:50 PDT 2011
Hello,
any help on this? is ldap addon supposed to work with opennebula 2.2?
has anyone tried it?
El 09/06/2011 10:46, Carlos A. escribió:
> Hello,
>
> first of all, thank you for your response.
>
> Once I have managed to make ldap_auth work, I found the following issue:
>
> root at keo01:/srv/cloud/one# onevm list
> execution expired
>
> I cannot manage to athenticate against my ldap server. I have tried
> the ldap authentication that is carried out by ONE
>
> require 'rubygems'
> require 'net/ldap'
> ldap = Net::LDAP.new
> ldap.host = "my.ldap.server"
> ldap.port = 389
> ldap.auth "my-dn", "my-pass"
> print ldap.bind
>
> It is properly working, as my server authenticates me. I have (of
> course) tried changing the password and it works as expected.
>
> Diving in the code It seems that there is some problem in the file
> "src/um/UserPool.cc", at
> authm->trigger(AuthManager::AUTHENTICATE,&ar);
> ar.wait();
>
> Any idea?
>
>
> El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
>> The official OpenNebula installation instructions for the ldap driver
>> are incomplete and miss to mention some software packages that you
>> have to install first. I don't remember which ones they were, but you
>> can find out as follows:
>>
>> * cd to .../lib/ruby
>> * execute 'ruby ldap_auth.rb'.
>> * Ruby will complain about any missing packages. Install those until
>> ruby is happy.
>>
>> Carsten
>>
>>
>> Carsten Friedrich
>> Research Team leader
>> ICT Centre, GPO Box 664,Canberra, ACT 2601
>> Phone: +61 2 6216 7019
>> Email: Carsten.Friedrich at csiro.au
>> Web: http://www.csiro.au/org/ICT.html
>>
>>
>>
>> -----Original Message-----
>> From: users-bounces at lists.opennebula.org
>> [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
>> Sent: Wednesday, 8 June 2011 18:17
>> To: users at lists.opennebula.org
>> Subject: Re: [one-users] Problem with ldap authentication
>>
>> any help on this?
>>
>> El 02/06/11 16:55, Carlos A. escribió:
>>> More information on this:
>>>
>>> in /srv/cloud/one/var/oned.log I can see
>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3
>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>> ----------------------------------------
>>> Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration File
>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>> ----------------------------------------
>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>> ----------------------------------
>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
>>> DB=BACKEND=sqlite
>>> DEBUG_LEVEL=3
>>> DEFAULT_DEVICE_PREFIX=hd
>>> DEFAULT_IMAGE_TYPE=OS
>>> HM_MAD=EXECUTABLE=one_hm
>>> HOST_MONITORING_INTERVAL=600
>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
>>> MAC_PREFIX=02:00
>>> MANAGER_TIMER=15
>>> NETWORK_SIZE=254
>>> PORT=2633
>>> SCRIPTS_REMOTE_DIR=/var/tmp/one
>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
>>> VM_DIR=/srv/cloud/one/var/
>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
>>> VM_MAD=ARGUMENTS=-t 15 -r 0
>>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
>>>
>>> VM_POLLING_INTERVAL=600
>>> VNC_BASE_PORT=5900
>>> ----------------------------------
>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
>>> Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager...
>>> Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started.
>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started.
>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager...
>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port
>>> 2633 ...
>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started.
>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started.
>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started.
>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
>>> drivers.
>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm (KVM)
>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded.
>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager drivers.
>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm
>>> Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded
>>> Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs
>>> Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded.
>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded
>>> Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
>>> Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
>>> Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method
>>> invoked
>>> Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
>>> Authorization driver
>>> Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>> couldn't be authenticated, aborting call.
>>>
>>> It seems that it cannot find the driver as a relative path name, but I
>>> have also tried to use the full path of the auth driver.
>>>
>>> Any help would be appreciated.
>>>
>>> Regards,
>>> Carlos A.
>>>
>>>
>>> El 02/06/11 11:39, Carlos A. escribió:
>>>> Hello,
>>>>
>>>> I have just installed the ldap authentication addon on an fresh ONE
>>>> install. I followed the instructions and I found that I cannot
>>>> authenticate against the LDAP server.
>>>>
>>>> what am I not doing in a wrong way?
>>>>
>>>> ------------------------------------------------------------
>>>> carlos at keo01:~$ onevm list
>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting
>>>> call.
>>>>
>>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
>>>> (...)
>>>> Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
>>>> Authorization driver
>>>> Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>> couldn't be authenticated, aborting call.
>>>> (...)
>>>>
>>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad
>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb
>>>>
>>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58
>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>
>>>> *** content of /srv/cloud/one/etc/auth/auth.conf
>>>> :database: sqlite://auth.db
>>>> :authentication: ldap
>>>> :quota:
>>>> :enabled: false
>>>> :defaults:
>>>> :cpu: 10.0
>>>> :memory: 1048576
>>>> :ldap:
>>>> :host: my.ldap.server
>>>> :port: 389
>>>>
>>>>
>>>> *** content of /srv/cloud/one/etc/oned.conf
>>>> (...)
>>>> AUTH_MAD = [
>>>> executable = "one_auth_mad" ]
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Carlos de Alfonso Laguna
Ingeniero de I+D
Tel. +34 963877007, ext. 88254
mailto: caralla at upv.es
La información incluida en el presente correo electrónico y, en su caso, sus anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a quien va dirigido y puede contener información privilegiada, profesional u otra clase de información privada. Si usted recibe este mensaje y no es el destinatario señalado le informamos de que esta prohibida cualquier utilización del mismo sin previa autorización y le rogamos que nos lo notifique inmediatamente de vuelta a la dirección remitente y proceda a la destrucción del mismo.
More information about the Users
mailing list