[one-users] Problem with ldap authentication

Carlos A. caralla at upv.es
Mon Jun 13 09:42:06 PDT 2011


Hi Tino,

finally I think that I got it. The problem is that my DN has spaces in the CN.
So I think that the one_auth file is not properly handled and it results in a
failure whenever an space is used in this file. That is why I got the same
failure when changing the authentication method to "simple" or to even a
nonexistent method. It is simply because the authentication method was not
launched at all because of a previous error.

The current problem is that I cannot authenticate because my DN has spaces ;) so
I cannot use it whithin Open Nebula. But at least I do not get the "expired
time" error and it outputs an authentication error.

Any workaround on this?

Regards,
Carlos A.

Mensaje citado por "Carlos A." <caralla at upv.es>:

> Hi,
> i get the expected output
> --
> Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad
>
> Tino Vazquez <tinova at opennebula.org> escribió:
>
> Hi Carlos,
>
> Let's try executing the auth mad by hand (the error, from your input,
> seems not to be exclusive of the ldap addon, but rather of the auth
> module), to discard missing gems
>
> # $ONE_LOCATION/lib/mads/one_auth_mad
>
> after hitting return, it will wait for input, type
>
> INIT
>
> you should get
>
> INIT SUCCESS - -
>
> Regards,
>
> -Tino
>
> --
> Constantino Vázquez Blanco, MSc
> OpenNebula Major Contributor
> www.OpenNebula.org | @tinova79
>
>
>
> On Mon, Jun 13, 2011 at 1:29 PM, Carlos A. <caralla at upv.es> wrote:
> > Hi Tino,
> >
> > more info on this.
> >
> > While using my test script to authenticate I can see the sucess in the ldap
> > server, I cannot see any information when trying to authenticate using ONE
> >
> > El 13/06/11 12:43, Tino Vazquez escribió:
> >>
> >> Hi Carlos,
> >>
> >> This may be due to a eager timeout that the core imposes over the ldap
> >> driver.
> >>
> >> Please find attached a patch for the OpenNebula source code, please
> >> apply it, recompile and reinstall, we would appreciate feedback on
> >> wether this fixes the improper ldap plugin behavior or not.
> >>
> >> Regards,
> >>
> >> -Tino
> >>
> >> --
> >> Constantino Vázquez Blanco, MSc
> >> OpenNebula Major Contributor
> >> www.OpenNebula.org | @tinova79
> >>
> >>
> >>
> >> On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<caralla at upv.es>  wrote:
> >>>
> >>> Hello,
> >>>
> >>> any help on this? is ldap addon supposed to work with opennebula 2.2? has
> >>> anyone tried it?
> >>>
> >>> El 09/06/2011 10:46, Carlos A. escribió:
> >>>>
> >>>> Hello,
> >>>>
> >>>> first of all, thank you for your response.
> >>>>
> >>>> Once I have managed to make ldap_auth work, I found the following issue:
> >>>>
> >>>> root at keo01:/srv/cloud/one# onevm list
> >>>> execution expired
> >>>>
> >>>> I cannot manage to athenticate against my ldap server. I have tried the
> >>>> ldap authentication that is carried out by ONE
> >>>>
> >>>> require 'rubygems'
> >>>> require 'net/ldap'
> >>>> ldap = Net::LDAP.new
> >>>> ldap.host = "my.ldap.server"
> >>>> ldap.port = 389
> >>>> ldap.auth "my-dn", "my-pass"
> >>>> print ldap.bind
> >>>>
> >>>> It is properly working, as my server authenticates me. I have (of
> >>>> course)
> >>>> tried changing the password and it works as expected.
> >>>>
> >>>> Diving in the code It seems that there is some problem in the file
> >>>> "src/um/UserPool.cc", at
> >>>>        authm->trigger(AuthManager::AUTHENTICATE,&ar);
> >>>>        ar.wait();
> >>>>
> >>>> Any idea?
> >>>>
> >>>>
> >>>> El 09/06/11 00:51, Carsten.Friedrich at csiro.au escribió:
> >>>>>
> >>>>> The official OpenNebula installation instructions for the ldap driver
> >>>>> are
> >>>>> incomplete and miss to mention some software packages that you have to
> >>>>> install first. I don't remember which ones they were, but you can find
> >>>>> out
> >>>>> as follows:
> >>>>>
> >>>>> * cd to .../lib/ruby
> >>>>> * execute 'ruby ldap_auth.rb'.
> >>>>> * Ruby will complain about any missing packages. Install those until
> >>>>> ruby
> >>>>> is happy.
> >>>>>
> >>>>> Carsten
> >>>>>
> >>>>>
> >>>>> Carsten Friedrich
> >>>>> Research Team leader
> >>>>> ICT Centre, GPO Box 664,Canberra, ACT 2601
> >>>>> Phone: +61 2 6216 7019
> >>>>> Email: Carsten.Friedrich at csiro.au
> >>>>> Web:   http://www.csiro.au/org/ICT.html
> >>>>>
> >>>>>
> >>>>>
> >>>>> -----Original Message-----
> >>>>> From: users-bounces at lists.opennebula.org
> >>>>> [mailto:users-bounces at lists.opennebula.org] On Behalf Of Carlos A.
> >>>>> Sent: Wednesday, 8 June 2011 18:17
> >>>>> To: users at lists.opennebula.org
> >>>>> Subject: Re: [one-users] Problem with ldap authentication
> >>>>>
> >>>>> any help on this?
> >>>>>
> >>>>> El 02/06/11 16:55, Carlos A. escribió:
> >>>>>>
> >>>>>> More information on this:
> >>>>>>
> >>>>>> in /srv/cloud/one/var/oned.log I can see
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Log Level: 3
> >>>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG]
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
> >>>>>>_____________________________________________
>
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:      OpenNebula Configuration File
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
> >>>>>>_____________________________________________
>
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]:
> >>>>>>_____________________________________________
>
> >>>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad
> >>>>>> DB=BACKEND=sqlite
> >>>>>> DEBUG_LEVEL=3
> >>>>>> DEFAULT_DEVICE_PREFIX=hd
> >>>>>> DEFAULT_IMAGE_TYPE=OS
> >>>>>> HM_MAD=EXECUTABLE=one_hm
> >>>>>> HOST_MONITORING_INTERVAL=600
> >>>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images
> >>>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm
> >>>>>> MAC_PREFIX=02:00
> >>>>>> MANAGER_TIMER=15
> >>>>>> NETWORK_SIZE=254
> >>>>>> PORT=2633
> >>>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one
> >>>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs
> >>>>>> VM_DIR=/srv/cloud/one/var/
> >>>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE
> >>>>>> VM_MAD=ARGUMENTS=-t 15 -r 0
> >>>>>>
> >>>>>>
> >>>>>>
>
kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm
> >>>>>> VM_POLLING_INTERVAL=600
> >>>>>> VNC_BASE_PORT=5900
> >>>>>>_____________________________________________
>
> >>>>>> Thu Jun  2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.
> >>>>>> Thu Jun  2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [InM][I]: Starting Information Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [InM][I]: Information Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [TrM][I]: Transfer Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [DiM][I]: Dispatch Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting Request Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633
> >>>>>> ...
> >>>>>> Thu Jun  2 16:52:09 2011 [ReM][I]: Request Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [HKM][I]: Starting Hook Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [AuM][I]: Starting Auth Manager...
> >>>>>> Thu Jun  2 16:52:09 2011 [AuM][I]: Authorization Manager started.
> >>>>>> Thu Jun  2 16:52:09 2011 [HKM][I]: Hook Manager started.
> >>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager
> >>>>>> drivers.
> >>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: vmm_kvm (KVM)
> >>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Driver vmm_kvm loaded.
> >>>>>> Thu Jun  2 16:52:11 2011 [InM][I]: Loading Information Manager
> >>>>>> drivers.
> >>>>>> Thu Jun  2 16:52:11 2011 [InM][I]:      Loading driver: im_kvm
> >>>>>> Thu Jun  2 16:52:11 2011 [InM][I]:      Driver im_kvm loaded
> >>>>>> Thu Jun  2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.
> >>>>>> Thu Jun  2 16:52:11 2011 [VMM][I]:      Loading driver: tm_nfs
> >>>>>> Thu Jun  2 16:52:11 2011 [TM][I]:       Driver tm_nfs loaded.
> >>>>>> Thu Jun  2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.
> >>>>>> Thu Jun  2 16:52:11 2011 [HKM][I]:      Hook Manager loaded
> >>>>>> Thu Jun  2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.
> >>>>>> Thu Jun  2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command
> >>>>>> Thu Jun  2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method
> >>>>>> invoked
> >>>>>> Thu Jun  2 16:52:12 2011 [AuM][E]: Auth Error: Could not find
> >>>>>> Authorization driver
> >>>>>> Thu Jun  2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User
> >>>>>> couldn't be authenticated, aborting call.
> >>>>>>
> >>>>>> It seems that it cannot find the driver as a relative path name, but I
> >>>>>> have also tried to use the full path of the auth driver.
> >>>>>>
> >>>>>> Any help would be appreciated.
> >>>>>>
> >>>>>> Regards,
> >>>>>> Carlos A.
> >>>>>>
> >>>>>>
> >>>>>> El 02/06/11 11:39, Carlos A. escribió:
> >>>>>>>
> >>>>>>> Hello,
> >>>>>>>
> >>>>>>> I have just installed the ldap authentication addon on an fresh ONE
> >>>>>>> install. I followed the instructions and I found that I cannot
> >>>>>>> authenticate against the LDAP server.
> >>>>>>>
> >>>>>>> what am I not doing in a wrong way?
> >>>>>>>
> >>>>>>>_____________________________________________
>
> >>>>>>> carlos at keo01:~$ onevm list
> >>>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting
> >>>>>>> call.
> >>>>>>>
> >>>>>>> carlos at keo01:~$ tail /srv/cloud/one/var/oned.log
> >>>>>>> (...)
> >>>>>>> Thu Jun  2 11:27:22 2011 [AuM][E]: Auth Error: Could not find
> >>>>>>> Authorization driver
> >>>>>>> Thu Jun  2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User
> >>>>>>> couldn't be authenticated, aborting call.
> >>>>>>> (...)
> >>>>>>>
> >>>>>>> calfonso at keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*
> >>>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun  2 09:53 one_auth_mad
> >>>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun  2 09:58 one_auth_mad.rb
> >>>>>>>
> >>>>>>> carlos at keo01:/srv/cloud/one/lib/mads$ ls -l
> >>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
> >>>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun  2 09:58
> >>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb
> >>>>>>>
> >>>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf
> >>>>>>> :database: sqlite://auth.db
> >>>>>>> :authentication: ldap
> >>>>>>> :quota:
> >>>>>>>   :enabled: false
> >>>>>>>   :defaults:
> >>>>>>>     :cpu: 10.0
> >>>>>>>     :memory: 1048576
> >>>>>>> :ldap:
> >>>>>>>     :host: my.ldap.server
> >>>>>>>     :port: 389
> >>>>>>>
> >>>>>>>
> >>>>>>> *** content of /srv/cloud/one/etc/oned.conf
> >>>>>>> (...)
> >>>>>>> AUTH_MAD = [
> >>>>>>>     executable = "one_auth_mad" ]
> >>>>>>>
> >>>>>>>_____________________________________________
>
> >>>>>>> Users mailing list
> >>>>>>> Users at lists.opennebula.org
> >>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>>>>
> >>>>>>_____________________________________________
>
> >>>>>> Users mailing list
> >>>>>> Users at lists.opennebula.org
> >>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>>
> >>>>_____________________________________________
>
> >>>> Users mailing list
> >>>> Users at lists.opennebula.org
> >>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>
> >>> --
> >>> Carlos de Alfonso Laguna
> >>> Ingeniero de I+D
> >>> Tel. +34 963877007, ext. 88254
> >>> mailto: caralla at upv.es
> >>>
> >>> La información incluida en el presente correo electrónico y, en su
> caso,
> >>> sus
> >>> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
> >>> quien va dirigido y puede contener información privilegiada, profesional
> >>> u
> >>> otra clase de información privada. Si usted recibe este mensaje y no es
> >>> el
> >>> destinatario señalado le informamos de que esta prohibida cualquier
> >>> utilización del mismo sin previa autorización y le rogamos que nos lo
> >>> notifique inmediatamente de vuelta a la dirección remitente y proceda a
> >>> la
> >>> destrucción del mismo.
> >>>
> >>>_____________________________________________
>
> >>> Users mailing list
> >>> Users at lists.opennebula.org
> >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>>
> >
> >
> > --
> >
> > Carlos de Alfonso Laguna
> > Ingeniero de I+D
> > Tel. +34 963877007, ext. 88254
> > mailto: caralla at upv.es
> >
> > La información incluida en el presente correo electrónico y, en su caso,
> sus
> > anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a
> > quien va dirigido y puede contener información privilegiada, profesional u
> > otra clase de información privada. Si usted recibe este mensaje y no es el
> > destinatario señalado le informamos de que esta prohibida cualquier
> > utilización del mismo sin previa autorización y le rogamos que nos lo
> > notifique inmediatamente de vuelta a la dirección remitente y proceda a la
> > destrucción del mismo.
> >
> >
>
>


-- 




More information about the Users mailing list