[one-users] LDAP 2.9.85 authentication module
Javier Fontan
jfontan at opennebula.org
Thu Jan 26 00:54:28 PST 2012
Hello,
Ldap Auth driver was made for and tested with openldap using
user/password authentication. It is able to search the username in an
specific user property and only let users from a group to be
authenticated.
This driver makes use of this ldap client library:
http://rubygems.org/gems/net-ldap
>From the documentation it seems that supports Active Directory
(http://rubygems.org/gems/net-ldap):
--8<------
Net::LDAP has been tested against modern popular LDAP servers including
OpenLDAP and Active Directory. The current release is mostly compliant with
earlier versions of the IETF LDAP RFCs (2251–2256, 2829–2830, 3377, and 3771).
------>8--
I am not familiar with Active Directory so don't know how different is
the schema is or how hard it would be to modify the driver if the
schemas greatly differ.
Cheers
On Tue, Jan 24, 2012 at 5:07 PM, Poul Kristensen <bcc5226 at gmail.com> wrote:
> Sorry for interrupting, but what is opennebula authenticating againts?
>
> In my understanding authentications are normally done against LDAP as
> a part of AD (active directory) or against some other ldap server(DNS) to have
> some centralized authentication. It could be Deffnet too.
> It seems that opennebula is authenticating against a local ldap server?
> Is that correct? Is it possible to authenticate againts AD?
>
> Thanks
>
> Poul
>
> 2012/1/24 Javier Fontan <jfontan at opennebula.org>:
>> That is indeed a bug. Anyway, now the addons come with the standard
>> OpenNebula distribution (since 3.2) and this is not a problem anymore.
>> OpenNebula install script does not mess with this file permissions.
>>
>> Thanks anyway for reporting.
>>
>> On Sat, Jan 21, 2012 at 5:42 AM, Shantanu Pavgi <pavgi at uab.edu> wrote:
>>>
>>> I installed LDAP 2.9.85 authentication module in OpenNebula 3.0. It seems like install.sh script remove 'execute' bit on the $ONE_LOCATION/etc/auth directory which results in 'permission denied' error for files in that directory. Of course it can be fixed by setting 'execute' bit back on that directory, but it may need to be fixed in the install script itself.
>>>
>>> {{{
>>> chmod 600 $DESTDIR$ETC_LOCATION/auth # line 51
>>> }}}
>>>
>>>
>>> --
>>> Shantanu.
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>> --
>> Javier Fontán Muiños
>> Project Engineer
>> OpenNebula - The Open Source Toolkit for Data Center Virtualization
>> www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
More information about the Users
mailing list