[one-users] Unable to login to Sunstone/OCCI via LDAP (Users Digest, Vol 60, Issue 16)

Rolandas Naujikas rolandas.naujikas at mif.vu.lt
Mon Feb 11 12:04:14 PST 2013


On 2013-02-11 16:13, Daniel Molina wrote:
> Hi Rolandas,
>
> On 7 February 2013 07:28, Rolandas Naujikas <rolandas.naujikas at mif.vu.lt> wrote:
>> We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with
>> LDAP authentication by using this patch:
>>
>> sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on
>> installation)/occi/ui/public/js/login.js
>>
>> and putting ":auth: occi" to occi-server.conf
>>
>
> If you set :auth: occi, the authentication method will compare the
> password provided by the user and the one stored in OpenNebula
> (OCCICloudAuth.rb) but LDAP will not be used.
>
> Instead you have to set ":auth: opennebula" (OpenNebulaCloudAuth.rb)
> [1] and change the auth driver for that user 'oneuser chauth ..." to
> use LDAP, or set LDAP as default for new users [2]

Yes, I shown wrong configuration file content from our system. Really we 
are using ":auth: opennebula" (in occi-server.conf) and it works in 
opennebula self service portal with LDAP authentication in our 
environment (with the patch in login.js).

Regards, Rolandas Naujikas

>
> [1] http://opennebula.org/documentation:rel3.8:sunstone#authentication_methods
> [2] http://opennebula.org/documentation:rel3.8:ldap#configuration
>
> Cheers
>
>> That is because OCCI transfers SHA1 hashed password to occi-server and it
>> could not do LDAP bind with it (exept if your LDAP contains clear text
>> passwords or SHA1 hash). With this patch clear password is transported to
>> occi-server and it could do LDAP bind against LDAP users.
>




More information about the Users mailing list