[one-users] User within LDAP group authentication

Manuel Alfonso López Rourich alfonso.lopez at cenits.es
Wed Oct 8 03:32:42 PDT 2014 

Good morning,

I'd like to ask you about an issue with user authentication in SunStone:

I've configured SunStone so that new users from an OpenLDAP directory can
log in (the user is created automatically in OpenNebula). It works fine but
when I configure *:group* in *ldap_auth.conf*, I can't authenticate new
users within a LDAP group. The error that ONE throws is clear (*"User
ulopez is not in group cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es"*) but I
don't know what could be do so that it works. The documentation about LDAP
groups with ONE is not very clear for me.

The LDAP configuration is:

server 1:
    :auth_method: :simple
    :host: 10.12.0.3
    :port: 389
    :base: 'dc=one,dc=es'

    # group the users need to belong to. If not set any user will do
    :group: 'cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es'

    # field that holds the user name, if not set 'cn' will be used
    :user_field: 'uid'

    # field name for group membership, by default it is 'member'
    :group_field: 'memberUid'

    # user field that that is in in the group group_field, if not set 'dn'
will be used
    #user_group_field: 'gidNumber'

The directory entry for the group is the next one:

# extended LDIF
#
# LDAPv3
# base <cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# grupo_nuevo, ou_nueva, one.es
dn: cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es
gidNumber: 503
cn: grupo_nuevo
objectClass: posixGroup
objectClass: top
memberUid: ulopez

# us_nuevo_lopez, grupo_nuevo, ou_nueva, one.es
dn: cn=us_nuevo_lopez,cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es
givenName: us_nuevo
gidNumber: 503
homeDirectory: /home/users/ulopez
sn: lopez
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 1009
uid: ulopez
cn: us_nuevo_lopez

Thank you very much,

Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20141008/6255b192/attachment.htm>

More information about the Users mailing list