[one-users] Opennebula - Active Directory authentication intergration

Shek Mohd Fahmi Abdul Latip fahmi.latip at mimos.my
Sun Sep 1 21:21:25 PDT 2013 

Hi experts,

I'm using the latest Opennebula 4.2 on CentOS 6.4. Right now in the middle of integrating the authentication system with MS-AD through LDAP protocol.

Based on the documentation:


To be able to use this driver for users that are still not in the user database you must set it to the default driver. To do this go to the auth drivers directory and copy the directory ldap to default. In system-wide installations you can do this using this command:

 $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default


What I can understand, if the user account is not exist on the opennebula database, it will still be able to retrieve and authenticate via LDAP/AD. I did this configuration and somehow I got the error as mention below.



I've followed the documentation provided on http://opennebula.org/documentation:rel4.2:ldap#active_directory somehow, it works partially with error that I can't really understand.

Here is the error message that can be found in the oned.log:

Mon Sep  2 11:24:05 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS 16 ldap fahmi.latip CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******

Mon Sep  2 11:24:05 2013 [AuM][E]: Can't create user: Error transforming the User to XML.. Driver response: ldap fahmi.latip CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******
Mon Sep  2 11:24:05 2013 [ReM][D]: Req:9744 UID:- UserInfo invoked, -1
Mon Sep  2 11:24:05 2013 [ReM][E]: Req:9744 UID:- UserInfo result FAILURE [UserInfo] User couldn't be authenticated, aborting call.

Anyone facing the similar issue before? Any clue what action need to be taken to solve this problem? Or is this method some kind of impossible?

Best regards,
.fahmie





------------------------------------------------------------------
-
-
DISCLAIMER: 

This e-mail (including any attachments) is for the addressee(s) 
only and may contain confidential information. If you are not the 
intended recipient, please note that any dealing, review, 
distribution, printing, copying or use of this e-mail is strictly 
prohibited. If you have received this email in error, please notify 
the sender  immediately and delete the original message. 
MIMOS Berhad is a research and development institution under 
the purview of the Malaysian Ministry of Science, Technology and 
Innovation. Opinions, conclusions and other information in this e-
mail that do not relate to the official business of MIMOS Berhad 
and/or its subsidiaries shall be understood as neither given nor 
endorsed by MIMOS Berhad and/or its subsidiaries and neither 
MIMOS Berhad nor its subsidiaries accepts responsibility for the 
same. All liability arising from or in connection with computer 
viruses and/or corrupted e-mails is excluded to the fullest extent 
permitted by law.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130902/0123c543/attachment.htm>

More information about the Users mailing list