[one-users] LDAP/AD authentication problems

Andreas Calvo Gómez andreas.calvo at scytl.com
Tue Oct 1 00:52:18 PDT 2013


Javier,
We are not using a true AD; instead, we are using Samba 4 as an AD.
However, it fails either being configured as AD or just plain LDAP.
I may provide the configuration if necessary, just let me know.

Regards,
On 24/09/13 10:56, Javier Fontan wrote:
> I've tested the driver from 4.2 with a Windows 2008 server Active
> directory and does fail when the password is not correct. Could it be
> an Active Directory configuration?
>
> On Fri, Sep 6, 2013 at 4:57 PM, Andreas Calvo Gómez
> <andreas.calvo at scytl.com> wrote:
>> Javier,
>> Thanks for your time.
>> We are running the latest version of OpenNebula as of today: version 4.2.0.
>>
>>
>> On 06/09/13 15:23, Javier Fontan wrote:
>>> It looks really bad. Could you please give use the OpenNebula version
>>> you are using? I'll do my tests here and will let you know.
>>>
>>> I've created a ticket to keep track of this problem:
>>>
>>> http://dev.opennebula.org/issues/2307
>>>
>>>
>>> On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez
>>> <andreas.calvo at scytl.com> wrote:
>>>> Hi all,
>>>> I've encountered a strange behavior while trying to configure ONE to
>>>> authenticate against an AD, either as a proper AD or as a LDAP.
>>>> If a credential is used to query LDAP and retrieve the complete DN for
>>>> the
>>>> user that wants to login, then no matter what password the user has typed
>>>> it
>>>> will be listed as authenticated.
>>>>
>>>> ldap_auth.conf example:
>>>> server 1:
>>>>       :user: 'myuser at mydomain.com'
>>>>       :password: 'mypassword'
>>>>       :auth_method: :simple
>>>>       :host: ad.mydomain.com
>>>>       :port: 389
>>>>       :base: 'dc=mydomain,dc=com'
>>>>       :user_field: 'sAMAccountName'
>>>> :order:
>>>>       - server 1
>>>>
>>>> If I manually query the authenticate process with a made up password and
>>>> secret, it is always listed as authenticated.
>>>>
>>>> For instance:
>>>> oneadmin at opennebula:~$ ./remotes/auth/default/authenticate myuser
>>>> badpassword badpassword
>>>> Trying server server 1
>>>> ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
>>>>
>>>> My guess is that the same user that is used to look up users, performs
>>>> the
>>>> authenticate method and always returns a valid user.
>>>>
>>>> Or maybe I'm missing something.
>>>>
>>>> Any hint?
>>>>
>>>> Thanks!
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>>
>> --
>> Andreas Calvo Gómez
>> Systems Engineer
>> Scytl Secure Electronic Voting
>> Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
>> Phone: + 34 934 230 324
>> Fax:   + 34 933 251 028
>> http://www.scytl.com
>>
>> NOTICE: The information in this e-mail and in any of its attachments is
>> confidential and intended solely for the attention and use of the named
>> addressee(s). If you are not the intended recipient, any disclosure,
>> copying,
>> distribution or retaining of this message or any part of it, without the
>> prior
>> written consent of Scytl Secure Electronic Voting, SA is prohibited and
>> may be
>> unlawful. If you have received this in error, please contact the sender
>> and
>> delete the material from any computer.
>>
>
>


More information about the Users mailing list