[one-users] Problem with ldap authentication
Carlos A.
caralla at upv.es
Mon Jun 13 04:29:02 PDT 2011
Hi Tino,
more info on this.
While using my test script to authenticate I can see the sucess in the
ldap server, I cannot see any information when trying to authenticate
using ONE
El 13/06/11 12:43, Tino Vazquez escribió:
> Hi Carlos,
>
> This may be due to a eager timeout that the core imposes over the ldap driver.
>
> Please find attached a patch for the OpenNebula source code, please
> apply it, recompile and reinstall, we would appreciate feedback on
> wether this fixes the improper ldap plugin behavior or not.
>
> Regards,
>
> -Tino
>
> --
> Constantino Vázquez Blanco, MSc
> OpenNebula Major Contributor
> www.OpenNebula.org | @tinova79
>
>
>
> On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<caralla at upv.es> wrote:
>> Hello,
>>
>> any help on this? is ldap addon supposed to work with opennebula 2.2? has
>> anyone tried it?
>>
>> El 09/06/2011 10:46, Carlos A. escribió:
>>> Hello,
>>>
>>> first of all, thank you for your response.
>>>
>>> Once I have managed to make ldap_auth work, I found the following issue:
>>>
>>> root at keo01:/srv/cloud/one# onevm list
>>> execution expired
>>>
>>> I cannot manage to athenticate against my ldap server. I have tried the
>>> ldap authentication that is carried out by ONE
>>>
>>> require 'rubygems'
>>> require 'net/ldap'
>>> ldap = Net::LDAP.new
>>> ldap.host = "my.ldap.server"
>>> ldap.port = 389
>>> ldap.auth "my-dn", "my-pass"
>>> print ldap.bind
>>>
>>> It is properly working, as my server authenticates me. I have (of course)
>>> tried changing the password and it works as expected.
>>>
>>> Diving in the code It seems that there is some problem in the file
>>> "src/um/UserPool.cc", at
>>> authm->trigger(AuthManager::AUTHENTICATE,&ar);
>>> ar.wait();
>>>
>>> Any idea?
>>>
>>>
>>> El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
>>>> The official OpenNebula installation instructions for the ldap driver are
>>>> incomplete and miss to mention some software packages that you have to
>>>> install first. I don't remember which ones they were, but you can find out
>>>> as follows:
>>>>
>>>> * cd to .../lib/ruby
>>>> * execute 'ruby ldap_auth.rb'.
>>>> * Ruby will complain about any missing packages. Install those until ruby
>>>> is happy.
>>>>
>>>> Carsten
>>>>
>>>>
>>>> Carsten Friedrich
>>>> Research Team leader
>>>> ICT Centre, GPO Box 664,Canberra, ACT 2601
>>>> Phone: +61 2 6216 7019
>>>> Email: Carsten.Friedrich at csiro.au
>>>> Web: http://www.csiro.au/org/ICT.html
>>>>
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: users-bounces at lists.opennebula.org
>>>> [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
>>>> Sent: Wednesday, 8 June 2011 18:17
>>>> To: users at lists.opennebula.org
>>>> Subject: Re: [one-users] Problem with ldap authentication
>>>>
>>>> any help on this?
>>>>
>>>> El 02/06/11 16:55, Carlos A. escribió:
>>>>> More information on this:
>>>>>
>>>>> in /srv/cloud/one/var/oned.log I can see
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3
>>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>>> ----------------------------------------
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration File
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>>> ----------------------------------------
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]:
>>>>> ----------------------------------
>>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
>>>>> DB=BACKEND=sqlite
>>>>> DEBUG_LEVEL=3
>>>>> DEFAULT_DEVICE_PREFIX=hd
>>>>> DEFAULT_IMAGE_TYPE=OS
>>>>> HM_MAD=EXECUTABLE=one_hm
>>>>> HOST_MONITORING_INTERVAL=600
>>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
>>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
>>>>> MAC_PREFIX=02:00
>>>>> MANAGER_TIMER=15
>>>>> NETWORK_SIZE=254
>>>>> PORT=2633
>>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one
>>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
>>>>> VM_DIR=/srv/cloud/one/var/
>>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
>>>>> VM_MAD=ARGUMENTS=-t 15 -r 0
>>>>>
>>>>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
>>>>> VM_POLLING_INTERVAL=600
>>>>> VNC_BASE_PORT=5900
>>>>> ----------------------------------
>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager...
>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager...
>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633
>>>>> ...
>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started.
>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started.
>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
>>>>> drivers.
>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm (KVM)
>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded.
>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager drivers.
>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm
>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded
>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs
>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded.
>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded
>>>>> Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
>>>>> Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
>>>>> Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method invoked
>>>>> Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
>>>>> Authorization driver
>>>>> Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>>> couldn't be authenticated, aborting call.
>>>>>
>>>>> It seems that it cannot find the driver as a relative path name, but I
>>>>> have also tried to use the full path of the auth driver.
>>>>>
>>>>> Any help would be appreciated.
>>>>>
>>>>> Regards,
>>>>> Carlos A.
>>>>>
>>>>>
>>>>> El 02/06/11 11:39, Carlos A. escribió:
>>>>>> Hello,
>>>>>>
>>>>>> I have just installed the ldap authentication addon on an fresh ONE
>>>>>> install. I followed the instructions and I found that I cannot
>>>>>> authenticate against the LDAP server.
>>>>>>
>>>>>> what am I not doing in a wrong way?
>>>>>>
>>>>>> ------------------------------------------------------------
>>>>>> carlos at keo01:~$ onevm list
>>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call.
>>>>>>
>>>>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
>>>>>> (...)
>>>>>> Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
>>>>>> Authorization driver
>>>>>> Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>>>> couldn't be authenticated, aborting call.
>>>>>> (...)
>>>>>>
>>>>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
>>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad
>>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb
>>>>>>
>>>>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58
>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>>>
>>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf
>>>>>> :database: sqlite://auth.db
>>>>>> :authentication: ldap
>>>>>> :quota:
>>>>>> :enabled: false
>>>>>> :defaults:
>>>>>> :cpu: 10.0
>>>>>> :memory: 1048576
>>>>>> :ldap:
>>>>>> :host: my.ldap.server
>>>>>> :port: 389
>>>>>>
>>>>>>
>>>>>> *** content of /srv/cloud/one/etc/oned.conf
>>>>>> (...)
>>>>>> AUTH_MAD = [
>>>>>> executable = "one_auth_mad" ]
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opennebula.org
>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opennebula.org
>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>> --
>> Carlos de Alfonso Laguna
>> Ingeniero de I+D
>> Tel. +34 963877007, ext. 88254
>> mailto: caralla at upv.es
>>
>> La información incluida en el presente correo electrónico y, en su caso, sus
>> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
>> quien va dirigido y puede contener información privilegiada, profesional u
>> otra clase de información privada. Si usted recibe este mensaje y no es el
>> destinatario señalado le informamos de que esta prohibida cualquier
>> utilización del mismo sin previa autorización y le rogamos que nos lo
>> notifique inmediatamente de vuelta a la dirección remitente y proceda a la
>> destrucción del mismo.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
--
Carlos de Alfonso Laguna
Ingeniero de I+D
Tel. +34 963877007, ext. 88254
mailto: caralla at upv.es
La información incluida en el presente correo electrónico y, en su caso, sus anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a quien va dirigido y puede contener información privilegiada, profesional u otra clase de información privada. Si usted recibe este mensaje y no es el destinatario señalado le informamos de que esta prohibida cualquier utilización del mismo sin previa autorización y le rogamos que nos lo notifique inmediatamente de vuelta a la dirección remitente y proceda a la destrucción del mismo.
More information about the Users
mailing list