[one-users] LDAP SSL configuration bug

Javier Fontan jfontan at opennebula.org
Thu Apr 12 08:30:54 PDT 2012


The patch is going to be applied in next releases. We just didn't have time
to test it properly for 3.4.

Thanks for the patch!

On Thu, Apr 12, 2012 at 9:39 AM, Nicolas AGIUS <nicolas.agius at lps-it.fr>wrote:

> Indeed.
>
> Patch provided here : http://dev.opennebula.org/issues/1171
>
> :-)
>
> --- En date de : *Jeu 12.4.12, Simon Boulet <simon at nostalgeek.com>* a
> écrit :
>
>
> De: Simon Boulet <simon at nostalgeek.com>
> Objet: Re: [one-users] LDAP SSL configuration bug
> À: "Graeme Gillies" <graeme.r.gillies at gmail.com>
> Cc: users at lists.opennebula.org
> Date: Jeudi 12 avril 2012, 5h52
>
>
> Hi Graeme,
>
> I think this issue was already reported and fixed in the latest 3.4.
>
> http://dev.opennebula.org/issues/967
>
> Regards,
>
> Simon
>
> On Wed, Apr 11, 2012 at 8:40 PM, Graeme Gillies
> <graeme.r.gillies at gmail.com<http://mc/compose?to=graeme.r.gillies@gmail.com>>
> wrote:
> > Hi,
> >
> > I've been wrestling with getting LDAP authentication work with
> > opennebula for a while now, the main difficulty being our ldap server
> > only supports TLS/SSL.
> >
> > I've been setting the line in /etc/one/ldap/ldap_auth.conf
> >
> > :auth_method: :simple_tls
> >
> > like the instructions at
> >
> > http://www.opennebula.org/documentation:rel3.4:ldap
> >
> > suggest to do, but it still didn't seem to be communicating via
> > TLS/SSL correctly.
> >
> > After much code diving I see that inside if Net-LDAP it's not the
> > authentication variable that needs that needs to be set, but rather
> > the encryption option needs to get set to :simple_tls for TLS/SSL to
> > work.
> >
> > I managed to get it working by changing my /etc/one/ldap/ldap_auth.conf
> to
> >
> > :auth_method: :simple
> > :encryption: :simple_tls
> >
> > And then modifying /usr/lib/one/ruby/ldap_auth.rb adding in the line
> >
> > ops[:encryption]=@options[:encryption] if @options[:encryption]
> >
> > in the initialize method just before the creation of the Net::LDAP
> object.
> >
> > Is it possible to get the code fixed and the documentation updated
> > (assuming the above is all correct?)
> >
> > Regards,
> >
> > Graeme
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org<http://mc/compose?to=Users@lists.opennebula.org>
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org<http://mc/compose?to=Users@lists.opennebula.org>
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120412/99e6c743/attachment-0001.htm>


More information about the Users mailing list