Hi Carlos,<div><br></div><div>Let's try the driver by hand again, but also with the authentication part:</div><div><br></div><div><meta charset="utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "># ruby -dw $ONE_LOCATION/lib/mads/one_</span><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">auth_mad.rb</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><meta charset="utf-8">AUTHENTICATE 0 -1 <LDAP_DN> - <LDAP_DN:plain:LDAP_PASSWORD></span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">this will tell if the failure is in the driver or the core.</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">Regards,</span></div>
<div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; "><br></span></div><div><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">-Tino</span></div>
<div><font class="Apple-style-span" face="arial, sans-serif"><span class="Apple-style-span" style="border-collapse: collapse;"><br clear="all"></span></font>--<br>Constantino Vázquez Blanco, MSc <br>OpenNebula Major Contributor<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | @tinova79<br>
<br><br><div class="gmail_quote">On Mon, Jun 13, 2011 at 9:16 PM, Carlos A. <span dir="ltr"><<a href="mailto:caralla@upv.es">caralla@upv.es</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi again,<br>
<br>
more on this! I managed to get a user without whitespaces and I have bad news:<br>
<br>
while stating a wrong DN/pass is almost instant to refuse connection by stating an authentication error, I cannot manage to authenticate using the proper DN/pass. I'm back to the original situation: the execution expired message.<br>
<br>
In the log I can see the following message for the wrong ID:<br>
<br>
Mon Jun 13 21:11:56 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 false<br>
<br>
Mon Jun 13 21:11:56 2011 [AuM][E]: Auth Error: false<br>
Mon Jun 13 21:11:56 2011 [ReM][E]: [VirtualMachinePoolInfo] User couldn't be authenticated, aborting call.<br>
<br>
But nothing for the right ID.<br>
<br>
Any idea on this?<br>
<br>
Regards.<br>
<br>
<br>
El 13/06/11 18:42, Carlos A. escribió:<div><div></div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Tino,<br>
<br>
finally I think that I got it. The problem is that my DN has spaces in the CN.<br>
So I think that the one_auth file is not properly handled and it results in a<br>
failure whenever an space is used in this file. That is why I got the same<br>
failure when changing the authentication method to "simple" or to even a<br>
nonexistent method. It is simply because the authentication method was not<br>
launched at all because of a previous error.<br>
<br>
The current problem is that I cannot authenticate because my DN has spaces ;) so<br>
I cannot use it whithin Open Nebula. But at least I do not get the "expired<br>
time" error and it outputs an authentication error.<br>
<br>
Any workaround on this?<br>
<br>
Regards,<br>
Carlos A.<br>
<br>
Mensaje citado por "Carlos A."<<a href="mailto:caralla@upv.es" target="_blank">caralla@upv.es</a>>:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
i get the expected output<br>
--<br>
Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad<br>
<br>
Tino Vazquez<<a href="mailto:tinova@opennebula.org" target="_blank">tinova@opennebula.org</a>> escribió:<br>
<br>
Hi Carlos,<br>
<br>
Let's try executing the auth mad by hand (the error, from your input,<br>
seems not to be exclusive of the ldap addon, but rather of the auth<br>
module), to discard missing gems<br>
<br>
# $ONE_LOCATION/lib/mads/one_auth_mad<br>
<br>
after hitting return, it will wait for input, type<br>
<br>
INIT<br>
<br>
you should get<br>
<br>
INIT SUCCESS - -<br>
<br>
Regards,<br>
<br>
-Tino<br>
<br>
--<br>
Constantino Vázquez Blanco, MSc<br>
OpenNebula Major Contributor<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | @tinova79<br>
<br>
<br>
<br>
On Mon, Jun 13, 2011 at 1:29 PM, Carlos A.<<a href="mailto:caralla@upv.es" target="_blank">caralla@upv.es</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Tino,<br>
<br>
more info on this.<br>
<br>
While using my test script to authenticate I can see the sucess in the ldap<br>
server, I cannot see any information when trying to authenticate using ONE<br>
<br>
El 13/06/11 12:43, Tino Vazquez escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Carlos,<br>
<br>
This may be due to a eager timeout that the core imposes over the ldap<br>
driver.<br>
<br>
Please find attached a patch for the OpenNebula source code, please<br>
apply it, recompile and reinstall, we would appreciate feedback on<br>
wether this fixes the improper ldap plugin behavior or not.<br>
<br>
Regards,<br>
<br>
-Tino<br>
<br>
--<br>
Constantino Vázquez Blanco, MSc<br>
OpenNebula Major Contributor<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | @tinova79<br>
<br>
<br>
<br>
On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<<a href="mailto:caralla@upv.es" target="_blank">caralla@upv.es</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
any help on this? is ldap addon supposed to work with opennebula 2.2? has<br>
anyone tried it?<br>
<br>
El 09/06/2011 10:46, Carlos A. escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
first of all, thank you for your response.<br>
<br>
Once I have managed to make ldap_auth work, I found the following issue:<br>
<br>
root@keo01:/srv/cloud/one# onevm list<br>
execution expired<br>
<br>
I cannot manage to athenticate against my ldap server. I have tried the<br>
ldap authentication that is carried out by ONE<br>
<br>
require 'rubygems'<br>
require 'net/ldap'<br>
ldap = Net::LDAP.new<br>
ldap.host = "my.ldap.server"<br>
ldap.port = 389<br>
ldap.auth "my-dn", "my-pass"<br>
print ldap.bind<br>
<br>
It is properly working, as my server authenticates me. I have (of<br>
course)<br>
tried changing the password and it works as expected.<br>
<br>
Diving in the code It seems that there is some problem in the file<br>
"src/um/UserPool.cc", at<br>
authm->trigger(AuthManager::AUTHENTICATE,&ar);<br>
ar.wait();<br>
<br>
Any idea?<br>
<br>
<br>
El 09/06/11 00:51, Carsten.Friedrich@csiro.au escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The official OpenNebula installation instructions for the ldap driver<br>
are<br>
incomplete and miss to mention some software packages that you have to<br>
install first. I don't remember which ones they were, but you can find<br>
out<br>
as follows:<br>
<br>
* cd to .../lib/ruby<br>
* execute 'ruby ldap_auth.rb'.<br>
* Ruby will complain about any missing packages. Install those until<br>
ruby<br>
is happy.<br>
<br>
Carsten<br>
<br>
<br>
Carsten Friedrich<br>
Research Team leader<br>
ICT Centre, GPO Box 664,Canberra, ACT 2601<br>
Phone: <a href="tel:%2B61%202%206216%207019" value="+61262167019" target="_blank">+61 2 6216 7019</a><br>
Email: Carsten.Friedrich@csiro.au<br>
Web: <a href="http://www.csiro.au/org/ICT.html" target="_blank">http://www.csiro.au/org/ICT.html</a><br>
<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:users-bounces@lists.opennebula.org" target="_blank">users-bounces@lists.opennebula.org</a><br>
[mailto:<a href="mailto:users-bounces@lists.opennebula.org" target="_blank">users-bounces@lists.opennebula.org</a>] On Behalf Of Carlos A.<br>
Sent: Wednesday, 8 June 2011 18:17<br>
To: <a href="mailto:users@lists.opennebula.org" target="_blank">users@lists.opennebula.org</a><br>
Subject: Re: [one-users] Problem with ldap authentication<br>
<br>
any help on this?<br>
<br>
El 02/06/11 16:55, Carlos A. escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
More information on this:<br>
<br>
in /srv/cloud/one/var/oned.log I can see<br>
Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system<br>
Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3<br>
[0=ERROR,1=WARNING,2=INFO,3=DEBUG]<br>
Thu Jun 2 16:52:09 2011 [ONE][I]:<br>
_____________________________________________<br>
Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration File<br>
Thu Jun 2 16:52:09 2011 [ONE][I]:<br>
_____________________________________________<br>
Thu Jun 2 16:52:09 2011 [ONE][I]:<br>
_____________________________________________<br>
AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad<br>
DB=BACKEND=sqlite<br>
DEBUG_LEVEL=3<br>
DEFAULT_DEVICE_PREFIX=hd<br>
DEFAULT_IMAGE_TYPE=OS<br>
HM_MAD=EXECUTABLE=one_hm<br>
HOST_MONITORING_INTERVAL=600<br>
IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images<br>
IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm<br>
MAC_PREFIX=02:00<br>
MANAGER_TIMER=15<br>
NETWORK_SIZE=254<br>
PORT=2633<br>
SCRIPTS_REMOTE_DIR=/var/tmp/one<br>
TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs<br>
VM_DIR=/srv/cloud/one/var/<br>
VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE<br>
VM_MAD=ARGUMENTS=-t 15 -r 0<br>
<br>
<br>
<br>
</blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote>
kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
VM_POLLING_INTERVAL=600<br>
VNC_BASE_PORT=5900<br>
_____________________________________________<br>
Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database.<br>
Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager...<br>
Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager...<br>
Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started.<br>
Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager...<br>
Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started.<br>
Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started.<br>
Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager...<br>
Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager...<br>
Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started.<br>
Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started.<br>
Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager...<br>
Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633<br>
...<br>
Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started.<br>
Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager...<br>
Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager...<br>
Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started.<br>
Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started.<br>
Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager<br>
drivers.<br>
Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm (KVM)<br>
Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded.<br>
Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager<br>
drivers.<br>
Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm<br>
Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded<br>
Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers.<br>
Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs<br>
Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded.<br>
Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver.<br>
Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded<br>
Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver.<br>
Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command<br>
Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method<br>
invoked<br>
Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find<br>
Authorization driver<br>
Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User<br>
couldn't be authenticated, aborting call.<br>
<br>
It seems that it cannot find the driver as a relative path name, but I<br>
have also tried to use the full path of the auth driver.<br>
<br>
Any help would be appreciated.<br>
<br>
Regards,<br>
Carlos A.<br>
<br>
<br>
El 02/06/11 11:39, Carlos A. escribió:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I have just installed the ldap authentication addon on an fresh ONE<br>
install. I followed the instructions and I found that I cannot<br>
authenticate against the LDAP server.<br>
<br>
what am I not doing in a wrong way?<br>
<br>
_____________________________________________<br>
carlos@keo01:~$ onevm list<br>
[VirtualMachinePoolInfo] User couldn't be authenticated, aborting<br>
call.<br>
<br>
carlos@keo01:~$ tail /srv/cloud/one/var/oned.log<br>
(...)<br>
Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find<br>
Authorization driver<br>
Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User<br>
couldn't be authenticated, aborting call.<br>
(...)<br>
<br>
calfonso@keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad*<br>
-rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad<br>
-rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb<br>
<br>
carlos@keo01:/srv/cloud/one/lib/mads$ ls -l<br>
/srv/cloud/one/lib/ruby/ldap_auth.rb<br>
-rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58<br>
/srv/cloud/one/lib/ruby/ldap_auth.rb<br>
<br>
*** content of /srv/cloud/one/etc/auth/auth.conf<br>
:database: sqlite://auth.db<br>
:authentication: ldap<br>
:quota:<br>
:enabled: false<br>
:defaults:<br>
:cpu: 10.0<br>
:memory: 1048576<br>
:ldap:<br>
:host: my.ldap.server<br>
:port: 389<br>
<br>
<br>
*** content of /srv/cloud/one/etc/oned.conf<br>
(...)<br>
AUTH_MAD = [<br>
executable = "one_auth_mad" ]<br>
<br>
_____________________________________________<br>
</blockquote></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote>
<br>
</blockquote></blockquote>
<br>
</div></div></blockquote></div><br></div>