[one-users] one 3 and ldap auth

Javier Fontan jfontan at opennebula.org
Mon Jan 16 05:50:28 PST 2012 

The error message for the failed authentication should be in oned.log.
This is an example of a failed authentication:

--8<------
Wed Dec  7 18:50:40 2011 [ReM][D]: UserInfo method invoked
Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 Command execution f
ail: /Users/jfontan/tmp/borrar/git/one/install/var/remotes/auth/default/authenti
cate 'user' '-' password

Wed Dec  7 18:50:43 2011 [AuM][I]: Command execution fail: /Users/jfontan/tmp/bo
rrar/git/one/install/var/remotes/auth/ldap/authenticate 'user' '-' password
Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 User user not found

Wed Dec  7 18:50:43 2011 [AuM][I]: User user not found
Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 ExitCode: 255

Wed Dec  7 18:50:43 2011 [AuM][I]: ExitCode: 255
Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 -

Wed Dec  7 18:50:43 2011 [AuM][E]: Auth Error:
Wed Dec  7 18:50:43 2011 [ReM][E]: [UserInfo] User couldn't be authenticated, ab
orting call.
------>8--

Check that the script executed is ldap/authenticate and the
user/password sent to it is correct.

Also, are you using 3.0 or code in master/3.2 branch? The
configuration is slightly different.


On Thu, Jan 5, 2012 at 5:34 PM, Olivier Sallou <olivier.sallou at irisa.fr> wrote:
> Hi,
> I am testing the ldap auth with one 3 but it fails.
> Is there a way to debug this?
>
> #:/etc/one/auth# oneuser list
> [UserPoolInfo] User couldn't be authenticated, aborting call.
>
> My ONE_AUTH file is present with format:
> myuserid:ldap:myuserpassword
>
> In oned.conf:
> AUTH_MAD = [
>    executable = "one_auth_mad",
>    arguments  = "--authn ssh,ldap,server_cipher"
> ]
>
>
>
> And my ldap_auth.conf:
>
> # Ldap authentication method
> :auth_method: :simple
>
> # Ldap server
> :host: dsldap
> :port: 389
>
> # base hierarchy where to search for users and groups
> :base: 'ou=People,dc=genouest,dc=org'
>
> # group the users need to belong to. If not set any user will do
> #:group: 'cn=cloud,ou=groups,dc=domain'
>
> # field that holds the user name, if not set 'cn' will be used
> :user_field: 'uid'
>
>
> I do not use group to restrict users.
>
> Thanks
>
> Olivier
>
>
>
> --
>
> gpg key id: 4096R/326D8438  (pgp.mit.edu)
> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula

More information about the Users mailing list