[one-users] ldap auth without automatic user creation
jfontan at opennebula.org
Thu Feb 6 03:24:21 PST 2014
I'm not sure I've understood the problem. Maybe this explanation helps.
The user name of a user with ldap driver is used to find it in ldap.
It first searches for an ldap user with a DN equal to the OpenNebula
user name. This way you can set the OpenNebula user name to a full dn
of a user.
In case there's no user with that dn it searches for users that have a
field that are equal to the OpenNebula user name. By default this
field is "cn" but it can be changed in ldap auth configuration file:
# field that holds the user name, if not set 'cn' will be used
In this example the field that we want to use as user name is "uid":
dn: cn=Robert Smith,ou=people,dc=example,dc=com
cn: Robert Smith
cn: Robert J Smith
cn: bob smith
ou: Human Resources
And we can change the ldap auth "user_field" to "uid".
The user in OpenNebula should have
user name: rjsmith
On Wed, Feb 5, 2014 at 10:41 AM, Nicolas Bélan <nicolas.belan at gmail.com> wrote:
> I tried successfully the LDAP auth using one 4.4, with the 'default'
> auth engine.
> So, I am able to log on Sunstone with a user in the right LDAP group, if
> it is not created on the one user DB.
> But, I am trying to answer this use case, and I can't achieve it:
> 1) create a user through sunstone and set it a LDAP scheme auth.
> 2) assign VM to this user (let's say uid 2)
> 3) create a correct CN in LDAP DB, and assign it to the right group
> 4) auth with sunstone GUI
> I creates a user 3, without any VM (same filter id ...)
> I would like to (pre)create user in sunstone, and give them accesses
> later through LDAP auth.
> Is it possible ?
> Thank you
> Best regards,
> Users mailing list
> Users at lists.opennebula.org
Javier Fontán Muiños
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | @OpenNebula | github.com/jfontan
More information about the Users