[one-users] LDAP SSL configuration bug

Simon Boulet simon at nostalgeek.com
Wed Apr 11 20:52:24 PDT 2012


Hi Graeme,

I think this issue was already reported and fixed in the latest 3.4.

http://dev.opennebula.org/issues/967

Regards,

Simon

On Wed, Apr 11, 2012 at 8:40 PM, Graeme Gillies
<graeme.r.gillies at gmail.com> wrote:
> Hi,
>
> I've been wrestling with getting LDAP authentication work with
> opennebula for a while now, the main difficulty being our ldap server
> only supports TLS/SSL.
>
> I've been setting the line in /etc/one/ldap/ldap_auth.conf
>
> :auth_method: :simple_tls
>
> like the instructions at
>
> http://www.opennebula.org/documentation:rel3.4:ldap
>
> suggest to do, but it still didn't seem to be communicating via
> TLS/SSL correctly.
>
> After much code diving I see that inside if Net-LDAP it's not the
> authentication variable that needs that needs to be set, but rather
> the encryption option needs to get set to :simple_tls for TLS/SSL to
> work.
>
> I managed to get it working by changing my /etc/one/ldap/ldap_auth.conf to
>
> :auth_method: :simple
> :encryption: :simple_tls
>
> And then modifying /usr/lib/one/ruby/ldap_auth.rb adding in the line
>
> ops[:encryption]=@options[:encryption] if @options[:encryption]
>
> in the initialize method just before the creation of the Net::LDAP object.
>
> Is it possible to get the code fixed and the documentation updated
> (assuming the above is all correct?)
>
> Regards,
>
> Graeme
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



More information about the Users mailing list