[one-users] LDAP/AD authentication problems
Javier Fontan
jfontan at opennebula.org
Fri Sep 6 06:23:40 PDT 2013
It looks really bad. Could you please give use the OpenNebula version
you are using? I'll do my tests here and will let you know.
I've created a ticket to keep track of this problem:
http://dev.opennebula.org/issues/2307
On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez
<andreas.calvo at scytl.com> wrote:
> Hi all,
> I've encountered a strange behavior while trying to configure ONE to
> authenticate against an AD, either as a proper AD or as a LDAP.
> If a credential is used to query LDAP and retrieve the complete DN for the
> user that wants to login, then no matter what password the user has typed it
> will be listed as authenticated.
>
> ldap_auth.conf example:
> server 1:
> :user: 'myuser at mydomain.com'
> :password: 'mypassword'
> :auth_method: :simple
> :host: ad.mydomain.com
> :port: 389
> :base: 'dc=mydomain,dc=com'
> :user_field: 'sAMAccountName'
> :order:
> - server 1
>
> If I manually query the authenticate process with a made up password and
> secret, it is always listed as authenticated.
>
> For instance:
> oneadmin at opennebula:~$ ./remotes/auth/default/authenticate myuser
> badpassword badpassword
> Trying server server 1
> ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
>
> My guess is that the same user that is used to look up users, performs the
> authenticate method and always returns a valid user.
>
> Or maybe I'm missing something.
>
> Any hint?
>
> Thanks!
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of
September 2013!
Javier Fontán Muiños
Developer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | @OpenNebula | github.com/jfontan
More information about the Users
mailing list