[one-users] Problem with ldap authentication
Tino Vazquez
tinova at opennebula.org
Mon Jun 13 03:43:11 PDT 2011
Hi Carlos,
This may be due to a eager timeout that the core imposes over the ldap driver.
Please find attached a patch for the OpenNebula source code, please
apply it, recompile and reinstall, we would appreciate feedback on
wether this fixes the improper ldap plugin behavior or not.
Regards,
-Tino
--
Constantino Vázquez Blanco, MSc
OpenNebula Major Contributor
www.OpenNebula.org | @tinova79
On Sat, Jun 11, 2011 at 10:22 AM, Carlos A. <caralla at upv.es> wrote:
> Hello,
>
> any help on this? is ldap addon supposed to work with opennebula 2.2? has
> anyone tried it?
>
> El 09/06/2011 10:46, Carlos A. escribió:
>>
>> Hello,
>>
>> first of all, thank you for your response.
>>
>> Once I have managed to make ldap_auth work, I found the following issue:
>>
>> root at keo01:/srv/cloud/one# onevm list
>> execution expired
>>
>> I cannot manage to athenticate against my ldap server. I have tried the
>> ldap authentication that is carried out by ONE
>>
>> require 'rubygems'
>> require 'net/ldap'
>> ldap = Net::LDAP.new
>> ldap.host = "my.ldap.server"
>> ldap.port = 389
>> ldap.auth "my-dn", "my-pass"
>> print ldap.bind
>>
>> It is properly working, as my server authenticates me. I have (of course)
>> tried changing the password and it works as expected.
>>
>> Diving in the code It seems that there is some problem in the file
>> "src/um/UserPool.cc", at
>> authm->trigger(AuthManager::AUTHENTICATE,&ar);
>> ar.wait();
>>
>> Any idea?
>>
>>
>> El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
>>>
>>> The official OpenNebula installation instructions for the ldap driver are
>>> incomplete and miss to mention some software packages that you have to
>>> install first. I don't remember which ones they were, but you can find out
>>> as follows:
>>>
>>> * cd to .../lib/ruby
>>> * execute 'ruby ldap_auth.rb'.
>>> * Ruby will complain about any missing packages. Install those until ruby
>>> is happy.
>>>
>>> Carsten
>>>
>>>
>>> Carsten Friedrich
>>> Research Team leader
>>> ICT Centre, GPO Box 664,Canberra, ACT 2601
>>> Phone: +61 2 6216 7019
>>> Email: Carsten.Friedrich at csiro.au
>>> Web: http://www.csiro.au/org/ICT.html
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: users-bounces at lists.opennebula.org
>>> [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
>>> Sent: Wednesday, 8 June 2011 18:17
>>> To: users at lists.opennebula.org
>>> Subject: Re: [one-users] Problem with ldap authentication
>>>
>>> any help on this?
>>>
>>> El 02/06/11 16:55, Carlos A. escribió:
>>>>
>>>> More information on this:
>>>>
>>>> in /srv/cloud/one/var/oned.log I can see
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3
>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>> ----------------------------------------
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration File
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>> ----------------------------------------
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>> ----------------------------------
>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
>>>> DB=BACKEND=sqlite
>>>> DEBUG_LEVEL=3
>>>> DEFAULT_DEVICE_PREFIX=hd
>>>> DEFAULT_IMAGE_TYPE=OS
>>>> HM_MAD=EXECUTABLE=one_hm
>>>> HOST_MONITORING_INTERVAL=600
>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
>>>> MAC_PREFIX=02:00
>>>> MANAGER_TIMER=15
>>>> NETWORK_SIZE=254
>>>> PORT=2633
>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one
>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
>>>> VM_DIR=/srv/cloud/one/var/
>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
>>>> VM_MAD=ARGUMENTS=-t 15 -r 0
>>>>
>>>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
>>>> VM_POLLING_INTERVAL=600
>>>> VNC_BASE_PORT=5900
>>>> ----------------------------------
>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager...
>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started.
>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started.
>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager...
>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633
>>>> ...
>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started.
>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started.
>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started.
>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
>>>> drivers.
>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm (KVM)
>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded.
>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager drivers.
>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm
>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded
>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs
>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded.
>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded
>>>> Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
>>>> Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
>>>> Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method invoked
>>>> Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
>>>> Authorization driver
>>>> Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>> couldn't be authenticated, aborting call.
>>>>
>>>> It seems that it cannot find the driver as a relative path name, but I
>>>> have also tried to use the full path of the auth driver.
>>>>
>>>> Any help would be appreciated.
>>>>
>>>> Regards,
>>>> Carlos A.
>>>>
>>>>
>>>> El 02/06/11 11:39, Carlos A. escribió:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I have just installed the ldap authentication addon on an fresh ONE
>>>>> install. I followed the instructions and I found that I cannot
>>>>> authenticate against the LDAP server.
>>>>>
>>>>> what am I not doing in a wrong way?
>>>>>
>>>>> ------------------------------------------------------------
>>>>> carlos at keo01:~$ onevm list
>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call.
>>>>>
>>>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
>>>>> (...)
>>>>> Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
>>>>> Authorization driver
>>>>> Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>>> couldn't be authenticated, aborting call.
>>>>> (...)
>>>>>
>>>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad
>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb
>>>>>
>>>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58
>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>>
>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf
>>>>> :database: sqlite://auth.db
>>>>> :authentication: ldap
>>>>> :quota:
>>>>> :enabled: false
>>>>> :defaults:
>>>>> :cpu: 10.0
>>>>> :memory: 1048576
>>>>> :ldap:
>>>>> :host: my.ldap.server
>>>>> :port: 389
>>>>>
>>>>>
>>>>> *** content of /srv/cloud/one/etc/oned.conf
>>>>> (...)
>>>>> AUTH_MAD = [
>>>>> executable = "one_auth_mad" ]
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opennebula.org
>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> --
> Carlos de Alfonso Laguna
> Ingeniero de I+D
> Tel. +34 963877007, ext. 88254
> mailto: caralla at upv.es
>
> La información incluida en el presente correo electrónico y, en su caso, sus
> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
> quien va dirigido y puede contener información privilegiada, profesional u
> otra clase de información privada. Si usted recibe este mensaje y no es el
> destinatario señalado le informamos de que esta prohibida cualquier
> utilización del mismo sin previa autorización y le rogamos que nos lo
> notifique inmediatamente de vuelta a la dirección remitente y proceda a la
> destrucción del mismo.
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Bug-Fixes-AuthRequests-time_outs-in-AuthManager.-Tes.patch
Type: application/octet-stream
Size: 2872 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110613/860d57b5/attachment-0003.obj>
More information about the Users
mailing list