[one-users] Sunstone LDAP and user passwords with special characters

Daniel Molina dmolina at opennebula.org
Fri Nov 29 02:03:54 PST 2013 

FYI we have included an option in sunstone-server.conf (one-4.4) for this:
https://github.com/OpenNebula/one/blob/one-4.4/src/sunstone/etc/sunstone-server.conf#L74

Cheers


On 21 November 2013 09:19, Alvaro Simon <asimon at cesga.es> wrote:

> Hi
>
>  We do not use ldap but we have seen a similar issue with opennebula
>> authentication with X.509 certificates.  OpenNebula compresses all the
>> white space out of the Distinguished Name of the certificate.. I would
>> not be surprised if it did the same for ldap.  As far as I know it is
>> meant to be a feature. If you are changing the passwd manually with the
>> oneuser command you have to strip all the whitespace out on your own.
>>
> Yes, that's true white spaces are removed from users DNs but we were not
> sure if this feature also affects to users passwords.. probably yes based
> on OpenNebula  LDAP doc:
>
> http://opennebula.org/documentation:rel4.2:ldap#dn_
> s_with_special_characters
>
> $ oneuser encode 'cn=First Name,dc=institution,dc=country' 'pass word'
> cn=First%20Name,dc=institution,dc=country:pass%20word
>
> It seems that you should replace white spaces by URL %20 character...
>
>
> Cheers
> Alvaro
>
>
>> Steve Timm
>>
>>
>> On Wed, 20 Nov 2013, Alvaro Simon wrote:
>>
>>  Dear ON community
>>>
>>> We don't know if this is a known issue or not, we are using ON 4.2 and
>>> Sunstone with LDAP support. We have notice that special characters like
>>> white spaces are not working from Sunstone using LDAP auth, we got these
>>> errors:
>>>
>>> Wed Nov 20 09:49:10 2013 [E]: User carlosf could not be authenticated
>>> Wed Nov 20 09:49:10 2013 [E]: execution expired
>>> Wed Nov 20 09:49:10 2013 [I]: Unauthorized login attempt
>>>
>>>
>>> If we change the user pass (without white spaces), sunstone is able to
>>> authenticate the user again.
>>>
>>> Have you experienced the same issue? any workaround available?
>>>
>>> Thanks in advance!
>>> Alvaro
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>> ------------------------------------------------------------------
>> Steven C. Timm, Ph.D  (630) 840-8525
>> timm at fnal.gov  http://home.fnal.gov/~timm/
>> Fermilab Scientific Computing Division, Scientific Computing Services
>> Quad.
>> Grid and Cloud Services Dept., Group leader of Grid and Cloud Services
>> Operations.  Lead of FermiCloud Project.
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
--
Daniel Molina
Project Engineer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20131129/50230d70/attachment-0002.htm>

More information about the Users mailing list