[one-users] LDAP SSL configuration bug

Graeme Gillies graeme.r.gillies at gmail.com
Wed Apr 11 17:40:04 PDT 2012


Hi,

I've been wrestling with getting LDAP authentication work with
opennebula for a while now, the main difficulty being our ldap server
only supports TLS/SSL.

I've been setting the line in /etc/one/ldap/ldap_auth.conf

:auth_method: :simple_tls

like the instructions at

http://www.opennebula.org/documentation:rel3.4:ldap

suggest to do, but it still didn't seem to be communicating via
TLS/SSL correctly.

After much code diving I see that inside if Net-LDAP it's not the
authentication variable that needs that needs to be set, but rather
the encryption option needs to get set to :simple_tls for TLS/SSL to
work.

I managed to get it working by changing my /etc/one/ldap/ldap_auth.conf to

:auth_method: :simple
:encryption: :simple_tls

And then modifying /usr/lib/one/ruby/ldap_auth.rb adding in the line

ops[:encryption]=@options[:encryption] if @options[:encryption]

in the initialize method just before the creation of the Net::LDAP object.

Is it possible to get the code fixed and the documentation updated
(assuming the above is all correct?)

Regards,

Graeme


More information about the Users mailing list