<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div>Hi experts,</div>
<div> </div>
<div>I’m using the latest Opennebula 4.2 on CentOS 6.4. Right now in the middle of integrating the authentication system with MS-AD through LDAP protocol.</div>
<div> </div>
<div>Based on the documentation:</div>
<div> </div>
<div align="left" style="text-align:justify;background-color:whitesmoke;margin-top:5pt;margin-bottom:5pt;">
<font face="Arial" size="2" color="#353735"><span style="font-size:10pt;background-color:whitesmoke;"><span style="background-color:white;">To be able to use this driver for users that are still not in the user database you must set it to the </span><font face="Courier New"><span style="background-color:white;">default</span></font><span style="background-color:white;"> driver.
To do this go to the auth drivers directory and copy the directory </span><font face="Courier New"><span style="background-color:white;">ldap</span></font><span style="background-color:white;"> to </span><font face="Courier New"><span style="background-color:white;">default</span></font><span style="background-color:white;">.
In system-wide installations you can do this using this command:</span></span></font></div>
<div style="background-color:#676767;margin-top:7.5pt;margin-bottom:7.5pt;padding-right:7.5pt;padding-left:7.5pt;">
<font face="Lucida Console" size="1" color="#CFCFCF"><span style="font-size:7.5pt;background-color:#676767;"><span style="background-color:white;">$ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default</span></span></font></div>
<div> </div>
<div> </div>
<div>What I can understand, if the user account is not exist on the opennebula database, it will still be able to retrieve and authenticate via LDAP/AD. I did this configuration and somehow I got the error as mention below.</div>
<div> </div>
<div> </div>
<div> </div>
<div>I’ve followed the documentation provided on <a href="http://opennebula.org/documentation:rel4.2:ldap#active_directory"><font color="blue"><u>http://opennebula.org/documentation:rel4.2:ldap#active_directory</u></font></a> somehow, it works partially with
error that I can’t really understand.</div>
<div> </div>
<div>Here is the error message that can be found in the oned.log:</div>
<div> </div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt;">Mon Sep 2 11:24:05 2013 [AuM][D]: Message received: <span style="background-color:yellow;">AUTHENTICATE SUCCESS 16 ldap fahmi.latip</span> CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******</span></font></div>
<div> </div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt;">Mon Sep 2 11:24:05 2013 [AuM][E]: <span style="background-color:red;">Can't create user: Error transforming the User to XML..</span> Driver response: ldap fahmi.latip CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt;">Mon Sep 2 11:24:05 2013 [ReM][D]: Req:9744 UID:- UserInfo invoked, -1</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt;">Mon Sep 2 11:24:05 2013 [ReM][E]: Req:9744 UID:- UserInfo result FAILURE [UserInfo] User couldn't be authenticated, aborting call.</span></font></div>
<div> </div>
<div>Anyone facing the similar issue before? Any clue what action need to be taken to solve this problem? Or is this method some kind of impossible?</div>
<div> </div>
<div>Best regards,</div>
<div>.fahmie</div>
<div> </div>
<div> </div>
<div> </div>
</span></font>
</body>
</html>
<p>
------------------------------------------------------------------<br>
-<br>
-<br>
DISCLAIMER: <br>
<br>
This e-mail (including any attachments) is for the addressee(s) <br>
only and may contain confidential information. If you are not the <br>
intended recipient, please note that any dealing, review, <br>
distribution, printing, copying or use of this e-mail is strictly <br>
prohibited. If you have received this email in error, please notify <br>
the sender immediately and delete the original message. <br>
MIMOS Berhad is a research and development institution under <br>
the purview of the Malaysian Ministry of Science, Technology and <br>
Innovation. Opinions, conclusions and other information in this e-<br>
mail that do not relate to the official business of MIMOS Berhad <br>
and/or its subsidiaries shall be understood as neither given nor <br>
endorsed by MIMOS Berhad and/or its subsidiaries and neither <br>
MIMOS Berhad nor its subsidiaries accepts responsibility for the <br>
same. All liability arising from or in connection with computer <br>
viruses and/or corrupted e-mails is excluded to the fullest extent <br>
permitted by law.<br>
<br>
<br>
</p>