<div dir="ltr">maybe you can show your configuration file.<div><br></div><div>like ldap_conf , oned.conf ... etc</div><div><br></div><div>hidden your ip , account and passwd.</div><div><br></div><div>will be help them to solve your problem.</div>
<div><br></div><div>Jonathan</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/9/2 Shek Mohd Fahmi Abdul Latip <span dir="ltr"><<a href="mailto:fahmi.latip@mimos.my" target="_blank">fahmi.latip@mimos.my</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<font face="Calibri"><span style="font-size:11pt">
<div>Hi experts,</div>
<div> </div>
<div>I’m using the latest Opennebula 4.2 on CentOS 6.4. Right now in the middle of integrating the authentication system with MS-AD through LDAP protocol.</div>
<div> </div>
<div>Based on the documentation:</div>
<div> </div>
<div align="left" style="text-align:justify;background-color:whitesmoke;margin-top:5pt;margin-bottom:5pt">
<font face="Arial" color="#353735"><span style="font-size:10pt;background-color:whitesmoke"><span style="background-color:white">To be able to use this driver for users that are still not in the user database you must set it to the </span><font face="Courier New"><span style="background-color:white">default</span></font><span style="background-color:white"> driver.
To do this go to the auth drivers directory and copy the directory </span><font face="Courier New"><span style="background-color:white">ldap</span></font><span style="background-color:white"> to </span><font face="Courier New"><span style="background-color:white">default</span></font><span style="background-color:white">.
In system-wide installations you can do this using this command:</span></span></font></div>
<div style="background-color:#676767;margin-top:7.5pt;margin-bottom:7.5pt;padding-right:7.5pt;padding-left:7.5pt">
<font face="Lucida Console" size="1" color="#CFCFCF"><span style="font-size:7.5pt;background-color:#676767"><span style="background-color:white">$ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default</span></span></font></div>
<div> </div>
<div> </div>
<div>What I can understand, if the user account is not exist on the opennebula database, it will still be able to retrieve and authenticate via LDAP/AD. I did this configuration and somehow I got the error as mention below.</div>
<div> </div>
<div> </div>
<div> </div>
<div>I’ve followed the documentation provided on <a href="http://opennebula.org/documentation:rel4.2:ldap#active_directory" target="_blank"><font color="blue"><u>http://opennebula.org/documentation:rel4.2:ldap#active_directory</u></font></a> somehow, it works partially with
error that I can’t really understand.</div>
<div> </div>
<div>Here is the error message that can be found in the oned.log:</div>
<div> </div>
<div><font face="Lucida Console"><span style="font-size:9pt">Mon Sep 2 11:24:05 2013 [AuM][D]: Message received: <span style="background-color:yellow">AUTHENTICATE SUCCESS 16 ldap fahmi.latip</span> CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******</span></font></div>
<div> </div>
<div><font face="Lucida Console"><span style="font-size:9pt">Mon Sep 2 11:24:05 2013 [AuM][E]: <span style="background-color:red">Can't create user: Error transforming the User to XML..</span> Driver response: ldap fahmi.latip CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*******</span></font></div>
<div><font face="Lucida Console"><span style="font-size:9pt">Mon Sep 2 11:24:05 2013 [ReM][D]: Req:9744 UID:- UserInfo invoked, -1</span></font></div>
<div><font face="Lucida Console"><span style="font-size:9pt">Mon Sep 2 11:24:05 2013 [ReM][E]: Req:9744 UID:- UserInfo result FAILURE [UserInfo] User couldn't be authenticated, aborting call.</span></font></div>
<div> </div>
<div>Anyone facing the similar issue before? Any clue what action need to be taken to solve this problem? Or is this method some kind of impossible?</div>
<div> </div>
<div>Best regards,</div>
<div>.fahmie</div>
<div> </div>
<div> </div>
<div> </div>
</span></font>
</div>
<p>
------------------------------------------------------------------<br>
-<br>
-<br>
DISCLAIMER: <br>
<br>
This e-mail (including any attachments) is for the addressee(s) <br>
only and may contain confidential information. If you are not the <br>
intended recipient, please note that any dealing, review, <br>
distribution, printing, copying or use of this e-mail is strictly <br>
prohibited. If you have received this email in error, please notify <br>
the sender immediately and delete the original message. <br>
MIMOS Berhad is a research and development institution under <br>
the purview of the Malaysian Ministry of Science, Technology and <br>
Innovation. Opinions, conclusions and other information in this e-<br>
mail that do not relate to the official business of MIMOS Berhad <br>
and/or its subsidiaries shall be understood as neither given nor <br>
endorsed by MIMOS Berhad and/or its subsidiaries and neither <br>
MIMOS Berhad nor its subsidiaries accepts responsibility for the <br>
same. All liability arising from or in connection with computer <br>
viruses and/or corrupted e-mails is excluded to the fullest extent <br>
permitted by law.<br>
<br>
<br>
</p><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br></div>