[one-users] Problem with ldap authentication

Carlos A. caralla at upv.es
Mon Jun 13 09:19:21 PDT 2011 

Hi,
i get the expected output
-- 
Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad

Tino Vazquez <tinova at opennebula.org> escribió:

Hi Carlos,

Let's try executing the auth mad by hand (the error, from your input,
seems not to be exclusive of the ldap addon, but rather of the auth
module), to discard missing gems

# $ONE_LOCATION/lib/mads/one_auth_mad

after hitting return, it will wait for input, type

INIT

you should get

INIT SUCCESS - -

Regards,

-Tino

--
Constantino Vázquez Blanco, MSc
OpenNebula Major Contributor
www.OpenNebula.org | @tinova79



On Mon, Jun 13, 2011 at 1:29 PM, Carlos A. <caralla at upv.es> wrote:
> Hi Tino,
>
> more info on this.
>
> While using my test script to authenticate I can see the sucess in the ldap
> server, I cannot see any information when trying to authenticate using ONE
>
> El 13/06/11 12:43, Tino Vazquez escribió:
>>
>> Hi Carlos,
>>
>> This may be due to a eager timeout that the core imposes over the ldap
>> driver.
>>
>> Please find attached a patch for the OpenNebula source code, please
>> apply it, recompile and reinstall, we would appreciate feedback on
>> wether this fixes the improper ldap plugin behavior or not.
>>
>> Regards,
>>
>> -Tino
>>
>> --
>> Constantino Vázquez Blanco, MSc
>> OpenNebula Major Contributor
>> www.OpenNebula.org | @tinova79
>>
>>
>>
>> On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<caralla at upv.es>  wrote:
>>>
>>> Hello,
>>>
>>> any help on this? is ldap addon supposed to work with opennebula 2.2? has
>>> anyone tried it?
>>>
>>> El 09/06/2011 10:46, Carlos A. escribió:
>>>>
>>>> Hello,
>>>>
>>>> first of all, thank you for your response.
>>>>
>>>> Once I have managed to make ldap_auth work, I found the following issue:
>>>>
>>>> root at keo01:/srv/cloud/one# onevm list
>>>> execution expired
>>>>
>>>> I cannot manage to athenticate against my ldap server. I have tried the
>>>> ldap authentication that is carried out by ONE
>>>>
>>>> require 'rubygems'
>>>> require 'net/ldap'
>>>> ldap = Net::LDAP.new
>>>> ldap.host = "my.ldap.server"
>>>> ldap.port = 389
>>>> ldap.auth "my-dn", "my-pass"
>>>> print ldap.bind
>>>>
>>>> It is properly working, as my server authenticates me. I have (of
>>>> course)
>>>> tried changing the password and it works as expected.
>>>>
>>>> Diving in the code It seems that there is some problem in the file
>>>> "src/um/UserPool.cc", at
>>>>        authm->trigger(AuthManager::AUTHENTICATE,&ar);
>>>>        ar.wait();
>>>>
>>>> Any idea?
>>>>
>>>>
>>>> El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
>>>>>
>>>>> The official OpenNebula installation instructions for the ldap driver
>>>>> are
>>>>> incomplete and miss to mention some software packages that you have to
>>>>> install first. I don't remember which ones they were, but you can find
>>>>> out
>>>>> as follows:
>>>>>
>>>>> * cd to .../lib/ruby
>>>>> * execute 'ruby ldap_auth.rb'.
>>>>> * Ruby will complain about any missing packages. Install those until
>>>>> ruby
>>>>> is happy.
>>>>>
>>>>> Carsten
>>>>>
>>>>>
>>>>> Carsten Friedrich
>>>>> Research Team leader
>>>>> ICT Centre, GPO Box 664,Canberra, ACT 2601
>>>>> Phone: +61 2 6216 7019
>>>>> Email: Carsten.Friedrich at csiro.au
>>>>> Web:   http://www.csiro.au/org/ICT.html
>>>>>
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: users-bounces at lists.opennebula.org
>>>>> [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
>>>>> Sent: Wednesday, 8 June 2011 18:17
>>>>> To: users at lists.opennebula.org
>>>>> Subject: Re: [one-users] Problem with ldap authentication
>>>>>
>>>>> any help on this?
>>>>>
>>>>> El 02/06/11 16:55, Carlos A. escribió:
>>>>>>
>>>>>> More information on this:
>>>>>>
>>>>>> in /srv/cloud/one/var/oned.log I can see
>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Log Level: 3
>>>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>>>>>>_____________________________________________

>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:      OpenNebula Configuration File
>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>>>>>>_____________________________________________

>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
>>>>>>_____________________________________________

>>>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
>>>>>> DB=BACKEND=sqlite
>>>>>> DEBUG_LEVEL=3
>>>>>> DEFAULT_DEVICE_PREFIX=hd
>>>>>> DEFAULT_IMAGE_TYPE=OS
>>>>>> HM_MAD=EXECUTABLE=one_hm
>>>>>> HOST_MONITORING_INTERVAL=600
>>>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
>>>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
>>>>>> MAC_PREFIX=02:00
>>>>>> MANAGER_TIMER=15
>>>>>> NETWORK_SIZE=254
>>>>>> PORT=2633
>>>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one
>>>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
>>>>>> VM_DIR=/srv/cloud/one/var/
>>>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
>>>>>> VM_MAD=ARGUMENTS=-t 15 -r 0
>>>>>>
>>>>>>
>>>>>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
>>>>>> VM_POLLING_INTERVAL=600
>>>>>> VNC_BASE_PORT=5900
>>>>>>_____________________________________________

>>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
>>>>>> Thu Jun  2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [InM][I]: Starting Information Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [InM][I]: Information Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [TrM][I]: Transfer Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting Request Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633
>>>>>> ...
>>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Request Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
>>>>>> Thu Jun  2 16:52:09 2011 [AuM][I]: Authorization Manager started.
>>>>>> Thu Jun  2 16:52:09 2011 [HKM][I]: Hook Manager started.
>>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
>>>>>> drivers.
>>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: vmm_kvm (KVM)
>>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Driver vmm_kvm loaded.
>>>>>> Thu Jun  2 16:52:11 2011 [InM][I]: Loading Information Manager
>>>>>> drivers.
>>>>>> Thu Jun  2 16:52:11 2011 [InM][I]:      Loading driver: im_kvm
>>>>>> Thu Jun  2 16:52:11 2011 [InM][I]:      Driver im_kvm loaded
>>>>>> Thu Jun  2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
>>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: tm_nfs
>>>>>> Thu Jun  2 16:52:11 2011 [TM][I]:       Driver tm_nfs loaded.
>>>>>> Thu Jun  2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
>>>>>> Thu Jun  2 16:52:11 2011 [HKM][I]:      Hook Manager loaded
>>>>>> Thu Jun  2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
>>>>>> Thu Jun  2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
>>>>>> Thu Jun  2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method
>>>>>> invoked
>>>>>> Thu Jun  2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
>>>>>> Authorization driver
>>>>>> Thu Jun  2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>>>> couldn't be authenticated, aborting call.
>>>>>>
>>>>>> It seems that it cannot find the driver as a relative path name, but I
>>>>>> have also tried to use the full path of the auth driver.
>>>>>>
>>>>>> Any help would be appreciated.
>>>>>>
>>>>>> Regards,
>>>>>> Carlos A.
>>>>>>
>>>>>>
>>>>>> El 02/06/11 11:39, Carlos A. escribió:
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I have just installed the ldap authentication addon on an fresh ONE
>>>>>>> install. I followed the instructions and I found that I cannot
>>>>>>> authenticate against the LDAP server.
>>>>>>>
>>>>>>> what am I not doing in a wrong way?
>>>>>>>
>>>>>>>_____________________________________________

>>>>>>> carlos at keo01:~$ onevm list
>>>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting
>>>>>>> call.
>>>>>>>
>>>>>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
>>>>>>> (...)
>>>>>>> Thu Jun  2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
>>>>>>> Authorization driver
>>>>>>> Thu Jun  2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
>>>>>>> couldn't be authenticated, aborting call.
>>>>>>> (...)
>>>>>>>
>>>>>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
>>>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun  2 09:53 one_auth_mad
>>>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun  2 09:58 one_auth_mad.rb
>>>>>>>
>>>>>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
>>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun  2 09:58
>>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
>>>>>>>
>>>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf
>>>>>>> :database: sqlite://auth.db
>>>>>>> :authentication: ldap
>>>>>>> :quota:
>>>>>>>   :enabled: false
>>>>>>>   :defaults:
>>>>>>>     :cpu: 10.0
>>>>>>>     :memory: 1048576
>>>>>>> :ldap:
>>>>>>>     :host: my.ldap.server
>>>>>>>     :port: 389
>>>>>>>
>>>>>>>
>>>>>>> *** content of /srv/cloud/one/etc/oned.conf
>>>>>>> (...)
>>>>>>> AUTH_MAD = [
>>>>>>>     executable = "one_auth_mad" ]
>>>>>>>
>>>>>>>_____________________________________________

>>>>>>> Users mailing list
>>>>>>> Users at lists.opennebula.org
>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>
>>>>>>_____________________________________________

>>>>>> Users mailing list
>>>>>> Users at lists.opennebula.org
>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>>_____________________________________________

>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>> --
>>> Carlos de Alfonso Laguna
>>> Ingeniero de I+D
>>> Tel. +34 963877007, ext. 88254
>>> mailto: caralla at upv.es
>>>
>>> La información incluida en el presente correo electrónico y, en su caso,
>>> sus
>>> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
>>> quien va dirigido y puede contener información privilegiada, profesional
>>> u
>>> otra clase de información privada. Si usted recibe este mensaje y no es
>>> el
>>> destinatario señalado le informamos de que esta prohibida cualquier
>>> utilización del mismo sin previa autorización y le rogamos que nos lo
>>> notifique inmediatamente de vuelta a la dirección remitente y proceda a
>>> la
>>> destrucción del mismo.
>>>
>>>_____________________________________________

>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>
>
> --
>
> Carlos de Alfonso Laguna
> Ingeniero de I+D
> Tel. +34 963877007, ext. 88254
> mailto: caralla at upv.es
>
> La información incluida en el presente correo electrónico y, en su caso, sus
> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
> quien va dirigido y puede contener información privilegiada, profesional u
> otra clase de información privada. Si usted recibe este mensaje y no es el
> destinatario señalado le informamos de que esta prohibida cualquier
> utilización del mismo sin previa autorización y le rogamos que nos lo
> notifique inmediatamente de vuelta a la dirección remitente y proceda a la
> destrucción del mismo.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110613/4f81ffd4/attachment-0003.htm>

More information about the Users mailing list