[one-users] Unable to login to Sunstone/OCCI via LDAP

Daniel Molina dmolina at opennebula.org
Wed Feb 6 05:37:35 PST 2013


On 6 February 2013 14:15, Vassilis Vatikiotis
<vatikiot at iit.demokritos.gr> wrote:
> Hello all,
>
> I'm trying to enable the LDAP auth method so my users can login to
> OCCI web UI and although I've followed the steps from the docs in ONE
> site so far I haven;t managed it.
>
> The /etc/one/oned.conf AUTH_MAD section is:
> AUTH_MAD = [
>     executable = "one_auth_mad",
>     authn = "ssh,x509,ldap,default,server_cipher,server_x509"
> ]
>
> The /etc/one/auth/ldap_auth.conf is:
> server 1:
>     :user: 'cn=xxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx'
>     :password: 'xxxx'
>     :auth_method: :simple
>     :host: 'ldap.xxx.xxx.xxx'
>     :port: 389
>     :base: 'ou=xxx,dc=xxx,dc=xxx,dc=xxx'
>     :user_field: 'uid'
>
> :order:
>     - server 1
>
> The above ldap setting work as I've tested them inside irb, using the
> ruby class defined in /etc/lib/one/ruby/ldap_auth.rb. I can search my
> LDAP database and get results
>
> I've also copied the ldap directory to a default one, like,
> $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default
>
> What puzzles me is that whenever I try to login to OCCI (or sunstone)
> I cannot see any auth related queries in /var/log/one/oned.log. It's
> as if the ldap and default settings in authn of AUTH_MAD are completly
> ignored. At the same time, no queries are performed in the LDAP
> backend.
>
> I haven't done the last step where a $HOME/.one/one_auth file
> containing a user_dn:password
> entry cause I'm unsure of what it means.
>
> Any ideas?

You have to change the ":auth" parameter in occi-server.conf and
sunstone-server-conf to use the 'opennebula' auth method. After the
first login the user will be created in OpenNebula.

http://opennebula.org/documentation:rel3.8:sunstone#opennebula_auth

Cheers

-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula



More information about the Users mailing list