[one-users] ldap auth without automatic user creation

Javier Fontan jfontan at opennebula.org
Thu Feb 6 03:24:21 PST 2014 

I'm not sure I've understood the problem. Maybe this explanation helps.

The user name of a user with ldap driver is used to find it in ldap.
It first searches for an ldap user with a DN equal to the OpenNebula
user name. This way you can set the OpenNebula user name to a full dn
of a user.

In case there's no user with that dn it searches for users that have a
field that are equal to the OpenNebula user name. By default this
field is "cn" but it can be changed in ldap auth configuration file:

--8<------
    # field that holds the user name, if not set 'cn' will be used
    :user_field: 'cn'
------>8--

In this example the field that we want to use as user name is "uid":

--8<------
dn: cn=Robert Smith,ou=people,dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob  smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
ou: Human Resources
------>8--

And we can change the ldap auth "user_field" to "uid".

The user in OpenNebula should have

user name: rjsmith
password: -
driver: ldap

On Wed, Feb 5, 2014 at 10:41 AM, Nicolas Bélan <nicolas.belan at gmail.com> wrote:
> Hello,
>
> I tried successfully the LDAP auth using one 4.4, with the 'default'
> auth engine.
>
> So, I am able to log on Sunstone with a user in the right LDAP group, if
> it is not created on the one user DB.
>
> But, I am trying to answer this use case, and I can't achieve it:
>
> 1) create a user through sunstone and set it a LDAP scheme auth.
> 2) assign VM to this user (let's say uid 2)
> 3) create a correct CN in LDAP DB, and assign it to the right group
> 4) auth with sunstone GUI
>
> I creates a user 3, without any VM (same filter id ...)
>
> I would like to (pre)create user in sunstone, and give them accesses
> later through LDAP auth.
> Is it possible ?
>
> Thank you
> Best regards,
> Nicolas.
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org



-- 
Javier Fontán Muiños
Developer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | @OpenNebula | github.com/jfontan

More information about the Users mailing list