[one-users] one 3 and ldap auth

Javier Fontan jfontan at opennebula.org
Mon Jan 16 08:11:49 PST 2012 

The problem is that you need to setup the default driver to use when
the user still does not exist.

To do this create a symlink in auth directory from ldap to default.
After this it should start working.

This info is not in the documentation, I'm adding it. :(

On Mon, Jan 16, 2012 at 4:21 PM, Olivier Sallou <olivier.sallou at irisa.fr> wrote:
> The error message I have is:
> on Jan 16 16:20:32 2012 [ReM][D]: VirtualMachinePoolInfo method invoked
> Mon Jan 16 16:20:32 2012 [AuM][D]: Message received: AUTHENTICATE
> FAILURE 2936 Authentication driver 'default' not available
>
> Mon Jan 16 16:20:32 2012 [AuM][E]: Auth Error: Authentication driver
> 'default' not available
> Mon Jan 16 16:20:32 2012 [ReM][E]: [VirtualMachinePoolInfo] User
> couldn't be authenticated, aborting call.
> Mon Jan 16 16:20:39 2012 [ReM][D]: HostPoolInfo method invoked
> Mon Jan 16 16:20:39 2012 [AuM][D]: Message received: LOG I 2937 ExitCode: 0
>
> I use the deb package of one 3.0
>
> Olivier
>
> Le 1/16/12 2:50 PM, Javier Fontan a écrit :
>> The error message for the failed authentication should be in oned.log.
>> This is an example of a failed authentication:
>>
>> --8<------
>> Wed Dec  7 18:50:40 2011 [ReM][D]: UserInfo method invoked
>> Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 Command execution f
>> ail: /Users/jfontan/tmp/borrar/git/one/install/var/remotes/auth/default/authenti
>> cate 'user' '-' password
>>
>> Wed Dec  7 18:50:43 2011 [AuM][I]: Command execution fail: /Users/jfontan/tmp/bo
>> rrar/git/one/install/var/remotes/auth/ldap/authenticate 'user' '-' password
>> Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 User user not found
>>
>> Wed Dec  7 18:50:43 2011 [AuM][I]: User user not found
>> Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: LOG I 0 ExitCode: 255
>>
>> Wed Dec  7 18:50:43 2011 [AuM][I]: ExitCode: 255
>> Wed Dec  7 18:50:43 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 -
>>
>> Wed Dec  7 18:50:43 2011 [AuM][E]: Auth Error:
>> Wed Dec  7 18:50:43 2011 [ReM][E]: [UserInfo] User couldn't be authenticated, ab
>> orting call.
>> ------>8--
>>
>> Check that the script executed is ldap/authenticate and the
>> user/password sent to it is correct.
>>
>> Also, are you using 3.0 or code in master/3.2 branch? The
>> configuration is slightly different.
>>
>>
>> On Thu, Jan 5, 2012 at 5:34 PM, Olivier Sallou <olivier.sallou at irisa.fr> wrote:
>>> Hi,
>>> I am testing the ldap auth with one 3 but it fails.
>>> Is there a way to debug this?
>>>
>>> #:/etc/one/auth# oneuser list
>>> [UserPoolInfo] User couldn't be authenticated, aborting call.
>>>
>>> My ONE_AUTH file is present with format:
>>> myuserid:ldap:myuserpassword
>>>
>>> In oned.conf:
>>> AUTH_MAD = [
>>>    executable = "one_auth_mad",
>>>    arguments  = "--authn ssh,ldap,server_cipher"
>>> ]
>>>
>>>
>>>
>>> And my ldap_auth.conf:
>>>
>>> # Ldap authentication method
>>> :auth_method: :simple
>>>
>>> # Ldap server
>>> :host: dsldap
>>> :port: 389
>>>
>>> # base hierarchy where to search for users and groups
>>> :base: 'ou=People,dc=genouest,dc=org'
>>>
>>> # group the users need to belong to. If not set any user will do
>>> #:group: 'cn=cloud,ou=groups,dc=domain'
>>>
>>> # field that holds the user name, if not set 'cn' will be used
>>> :user_field: 'uid'
>>>
>>>
>>> I do not use group to restrict users.
>>>
>>> Thanks
>>>
>>> Olivier
>>>
>>>
>>>
>>> --
>>>
>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
> --
> Olivier Sallou
> IRISA / University of Rennes 1
> Campus de Beaulieu, 35000 RENNES - FRANCE
> Tel: 02.99.84.71.95
>
> gpg key id: 4096R/326D8438  (pgp.mit.edu)
> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula

More information about the Users mailing list