[one-users] OpenNebula and FreeIPA authentication

Mr Sensible doilooksensible at gmail.com
Mon Dec 8 06:55:54 PST 2014 

I am struggling a little bit with hooking my test OpenNebula in to my 
existing FreeIPA authentication domain.

I am currently running OpenNebula 4.10.1 running on Centos 6.5, and I am 
trying to connect it to my existing FreeIPA 3.0.0 server.

I currently have three services authenticating via ldap to the IPA 
server, so I "think" that bit is right.

When I install opennebula for the first time, get everything setup, add 
the ldap authentication config, everything looks OK. I create a user in 
Sunstone, set the auth method to LDAP, and then successfully sign in to 
Sunstone. Happy face.
I change the user to oneadmin group in Sunstone.

The following day, I am no longer able to log in as that user, and no 
amount of deleting user and re-adding user seems to make any difference. 
I have also tried NOT creating the user via sunstone, and just logging 
in, same errors.

Does anybody have any idea what I might be doing wrong, or even where I 
can look to figure what is not working? Config and log files below. Many 
thanks in advance.

------------------------------
oned.conf
---------------------------
AUTH_MAD = [
     executable = "one_auth_mad",
     authn = "ssh,x509,ldap,default,server_cipher,server_x509"
]

------------------------------
ldap_auth.conf
----------------------------
server 1:
     # Ldap authentication method
     :auth_method: :simple

     # Ldap server
     :host: ipa1.lab.company.com
     :port: 389

     # Uncomment this line for tsl conections
     #:encryption: :simple_tls

     # base hierarchy where to search for users and groups
     :base: 'cn=users,cn=accounts,dc=lab,dc=company,dc=com'

     # group the users need to belong to. If not set any user will do
     #:group: 'cn=users,cn=accounts'

     # field that holds the user name, if not set 'cn' will be used
     :user_field: 'uid'

  :order:
      - server 1

------------------------------
oned.log
------------------------------
Mon Dec  8 13:24:50 2014 [Z0][ReM][D]: Req:8640 UID:-1 GroupPoolInfo invoked
Mon Dec  8 13:24:50 2014 [Z0][ReM][E]: Req:8640 UID:- GroupPoolInfo 
result FAILURE [GroupPoolInfo] User couldn't be authenticated, aborting 
call.
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Command 
execution fail: /var/lib/one/remotes/auth/ldap/authenticate peter.harris 
- ****

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Command execution fail: 
/var/lib/one/remotes/auth/ldap/authenticate peter.harris - ****
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Trying 
server server 1

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Trying server server 1
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
Exception raised authenticating to LDAP

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Exception raised authenticating 
to LDAP
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
#<NoMethodError: undefined method `children' for nil:NilClass>

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: #<NoMethodError: undefined method 
`children' for nil:NilClass>
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:69:in `new'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:69:in `new'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:69

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:69
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:59:in `each'

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:59:in `each'
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
/var/lib/one/remotes/auth/ldap/authenticate:59

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: 
/var/lib/one/remotes/auth/ldap/authenticate:59
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Could 
not authenticate user peter.harris

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: Could not authenticate user 
peter.harris
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 
ExitCode: 255

Mon Dec  8 13:24:50 2014 [Z0][AuM][I]: ExitCode: 255
Mon Dec  8 13:24:50 2014 [Z0][AuM][D]: Message received: AUTHENTICATE 
FAILURE 1 -

Mon Dec  8 13:24:50 2014 [Z0][AuM][E]: Auth Error:
Mon Dec  8 13:24:50 2014 [Z0][ReM][D]: Req:6320 UID:-1 UserInfo invoked , -1
Mon Dec  8 13:24:50 2014 [Z0][ReM][E]: Req:6320 UID:- UserInfo result 
FAILURE [UserInfo] User couldn't be authenticated, aborting call.

More information about the Users mailing list