[one-users] Unable to login to Sunstone/OCCI via LDAP (Users Digest, Vol 60, Issue 16)
Rolandas Naujikas
rolandas.naujikas at mif.vu.lt
Wed Feb 6 22:28:18 PST 2013
Hi,
We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work
with LDAP authentication by using this patch:
sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on
installation)/occi/ui/public/js/login.js
and putting ":auth: occi" to occi-server.conf
That is because OCCI transfers SHA1 hashed password to occi-server and
it could not do LDAP bind with it (exept if your LDAP contains clear
text passwords or SHA1 hash). With this patch clear password is
transported to occi-server and it could do LDAP bind against LDAP users.
Regards, Rolandas Naujikas
P.S. We are using https reverse proxy also.
On 2013-02-06 15:15, Vassilis Vatikiotis wrote:
> Hello all,
>
> I'm trying to enable the LDAP auth method so my users can login to
> OCCI web UI and although I've followed the steps from the docs in ONE
> site so far I haven;t managed it.
>
> The /etc/one/oned.conf AUTH_MAD section is:
> AUTH_MAD = [
> executable = "one_auth_mad",
> authn = "ssh,x509,ldap,default,server_cipher,server_x509"
> ]
>
> The /etc/one/auth/ldap_auth.conf is:
> server 1:
> :user: 'cn=xxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx'
> :password: 'xxxx'
> :auth_method: :simple
> :host: 'ldap.xxx.xxx.xxx'
> :port: 389
> :base: 'ou=xxx,dc=xxx,dc=xxx,dc=xxx'
> :user_field: 'uid'
>
> :order:
> - server 1
>
> The above ldap setting work as I've tested them inside irb, using the
> ruby class defined in /etc/lib/one/ruby/ldap_auth.rb. I can search my
> LDAP database and get results
>
> I've also copied the ldap directory to a default one, like,
> $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default
>
> What puzzles me is that whenever I try to login to OCCI (or sunstone)
> I cannot see any auth related queries in /var/log/one/oned.log. It's
> as if the ldap and default settings in authn of AUTH_MAD are completly
> ignored. At the same time, no queries are performed in the LDAP
> backend.
>
> I haven't done the last step where a $HOME/.one/one_auth file
> containing a user_dn:password
> entry cause I'm unsure of what it means.
>
> Any ideas?
>
>
>
>
More information about the Users
mailing list