[one-users] Unable to login to Sunstone/OCCI via LDAP (Users Digest, Vol 60, Issue 16)

Daniel Molina dmolina at opennebula.org
Mon Feb 11 06:13:43 PST 2013


Hi Rolandas,

On 7 February 2013 07:28, Rolandas Naujikas <rolandas.naujikas at mif.vu.lt> wrote:
> We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with
> LDAP authentication by using this patch:
>
> sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on
> installation)/occi/ui/public/js/login.js
>
> and putting ":auth: occi" to occi-server.conf
>

If you set :auth: occi, the authentication method will compare the
password provided by the user and the one stored in OpenNebula
(OCCICloudAuth.rb) but LDAP will not be used.

Instead you have to set ":auth: opennebula" (OpenNebulaCloudAuth.rb)
[1] and change the auth driver for that user 'oneuser chauth ..." to
use LDAP, or set LDAP as default for new users [2]

[1] http://opennebula.org/documentation:rel3.8:sunstone#authentication_methods
[2] http://opennebula.org/documentation:rel3.8:ldap#configuration

Cheers

> That is because OCCI transfers SHA1 hashed password to occi-server and it
> could not do LDAP bind with it (exept if your LDAP contains clear text
> passwords or SHA1 hash). With this patch clear password is transported to
> occi-server and it could do LDAP bind against LDAP users.

-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula



More information about the Users mailing list