[one-users] LDAP and TLS

Ruben S. Montero rsmontero at opennebula.org
Sat Mar 17 06:23:53 PDT 2012


Hi

Thank you very much for the patch. It'll be included in the next release,
and we'll look into improving the logging of exceptions in the LDAP driver.

Also, as part of the issue you refer in your email, the ability to use any
auth method through any OpenNebula service will be included.

Thanks

Ruben
On Mar 16, 2012 3:24 PM, "Nicolas AGIUS" <nicolas.agius at lps-it.fr> wrote:

> Hi,
>
> I'm building a new cloud with OpenNebula 3.2.1 and I've got trouble with
> ldap authentication and TLS.
>
> As described in the documentation[1], I try using ":auth_method =>
> :simple_tls" in /etc/one/auth/ldap_auth.conf, but it does'nt work, and
> without any error message.
>
> Digging into the code, I found out that exceptions are ignored (see
> find_user() in /usr/lib/one/ruby/ldap_auth.rb:62). Would it be possible to
> report theses exceptions in a log?
>
> Looking further into net-ldap-0.3.1 module[2], it appears that
> ":auth_method => :simple_tls" returns an error, the hash to use is
> ":auth_method => :simple" with another key as in ":encryption => { :method
> => :simple_tls }". I've made a patch to implement this, and I will open an
> issue soon with the new code.
>
> I have tested it and ldap-tls login in CLI works fine.
> I've seen a feature request[3] to log into Suntone using a ldap account.
> Is there something similar planned for Self-service?
>
> Regards,
> Nicolas AGIUS
>
> [1] http://opennebula.org/documentation:rel3.2:ldap
> [2] http://net-ldap.rubyforge.org/Net/LDAP.html#method-i-encryption
> [3] http://dev.opennebula.org/issues/967
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120317/b1efb605/attachment-0002.htm>


More information about the Users mailing list