[one-users] LDAP/AD authentication problems
Andreas Calvo Gómez
andreas.calvo at scytl.com
Wed Aug 28 09:46:51 PDT 2013
Hi all,
I've encountered a strange behavior while trying to configure ONE to
authenticate against an AD, either as a proper AD or as a LDAP.
If a credential is used to query LDAP and retrieve the complete DN for
the user that wants to login, then no matter what password the user has
typed it will be listed as authenticated.
ldap_auth.conf example:
server 1:
:user: 'myuser at mydomain.com'
:password: 'mypassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
:base: 'dc=mydomain,dc=com'
:user_field: 'sAMAccountName'
:order:
- server 1
If I manually query the authenticate process with a made up password and
secret, it is always listed as authenticated.
For instance:
oneadmin at opennebula:~$ ./remotes/auth/default/authenticate myuser
badpassword badpassword
Trying server server 1
ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
My guess is that the same user that is used to look up users, performs
the authenticate method and always returns a valid user.
Or maybe I'm missing something.
Any hint?
Thanks!
More information about the Users
mailing list