[one-users] LDAP and TLS
Nicolas AGIUS
nicolas.agius at lps-it.fr
Fri Mar 16 07:24:37 PDT 2012
Hi,
I'm building a new cloud with OpenNebula 3.2.1 and I've got trouble with ldap authentication and TLS.
As described in the documentation[1], I try using ":auth_method => :simple_tls" in /etc/one/auth/ldap_auth.conf, but it does'nt work, and without any error message.
Digging into the code, I found out that exceptions are ignored (see find_user() in /usr/lib/one/ruby/ldap_auth.rb:62). Would it be possible to report theses exceptions in a log?
Looking further into net-ldap-0.3.1 module[2], it appears that ":auth_method => :simple_tls" returns an error, the hash to use is ":auth_method => :simple" with another key as in ":encryption => { :method => :simple_tls }". I've made a patch to implement this, and I will open an issue soon with the new code.
I have tested it and ldap-tls login in CLI works fine.
I've seen a feature request[3] to log into Suntone using a ldap account. Is there something similar planned for Self-service?
Regards,
Nicolas AGIUS
[1] http://opennebula.org/documentation:rel3.2:ldap
[2] http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-encryption
[3] http://dev.opennebula.org/issues/967
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120316/e8f3a666/attachment-0001.htm>
More information about the Users
mailing list