[one-users] Unable to login to Sunstone/OCCI via LDAP (Users Digest, Vol 60, Issue 16)

Vassilis Vatikiotis vatikiot at iit.demokritos.gr
Thu Feb 7 06:06:18 PST 2013 

Thx Rolandas and Daniel for your answers. Both were really useful.

On Thu, Feb 7, 2013 at 8:28 AM, Rolandas Naujikas
<rolandas.naujikas at mif.vu.lt> wrote:
> Hi,
>
> We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with
> LDAP authentication by using this patch:
>
> sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on
> installation)/occi/ui/public/js/login.js
>
> and putting ":auth: occi" to occi-server.conf
>
> That is because OCCI transfers SHA1 hashed password to occi-server and it
> could not do LDAP bind with it (exept if your LDAP contains clear text
> passwords or SHA1 hash). With this patch clear password is transported to
> occi-server and it could do LDAP bind against LDAP users.
>
> Regards, Rolandas Naujikas
>
> P.S. We are using https reverse proxy also.
>
> On 2013-02-06 15:15, Vassilis Vatikiotis wrote:
>>
>> Hello all,
>>
>> I'm trying to enable the LDAP auth method so my users can login to
>> OCCI web UI and although I've followed the steps from the docs in ONE
>> site so far I haven;t managed it.
>>
>> The /etc/one/oned.conf AUTH_MAD section is:
>> AUTH_MAD = [
>>      executable = "one_auth_mad",
>>      authn = "ssh,x509,ldap,default,server_cipher,server_x509"
>> ]
>>
>> The /etc/one/auth/ldap_auth.conf is:
>> server 1:
>>      :user: 'cn=xxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx'
>>      :password: 'xxxx'
>>      :auth_method: :simple
>>      :host: 'ldap.xxx.xxx.xxx'
>>      :port: 389
>>      :base: 'ou=xxx,dc=xxx,dc=xxx,dc=xxx'
>>      :user_field: 'uid'
>>
>> :order:
>>      - server 1
>>
>> The above ldap setting work as I've tested them inside irb, using the
>> ruby class defined in /etc/lib/one/ruby/ldap_auth.rb. I can search my
>> LDAP database and get results
>>
>> I've also copied the ldap directory to a default one, like,
>> $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default
>>
>> What puzzles me is that whenever I try to login to OCCI (or sunstone)
>> I cannot see any auth related queries in /var/log/one/oned.log. It's
>> as if the ldap and default settings in authn of AUTH_MAD are completly
>> ignored. At the same time, no queries are performed in the LDAP
>> backend.
>>
>> I haven't done the last step where a $HOME/.one/one_auth file
>> containing a user_dn:password
>> entry cause I'm unsure of what it means.
>>
>> Any ideas?
>>
>>
>>
>>
>

More information about the Users mailing list