<div dir="ltr">Hello, <div><br></div><div>Thank you very much for your so quickly response, but I would prefer not to change any OpenNebula script. </div><div><br></div><div>Anyway, I wonder why that simple configuration doesn't work. Could someone who has integrated OpenLDAP groups with OpenNebula let us know his configuration and OpenLDAP entry types?</div><div><br></div><div>Thank you very much</div><div><br></div><div>Best regards</div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-10-08 12:42 GMT+02:00 Marcin Stolarek <span dir="ltr"><<a href="mailto:mstol@icm.edu.pl" target="_blank">mstol@icm.edu.pl</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
On 10/08/2014 12:32 PM, Manuel Alfonso López Rourich wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Good morning,<br>
<br>
I'd like to ask you about an issue with user authentication in SunStone:<br>
<br>
I've configured SunStone so that new users from an OpenLDAP directory<br>
can log in (the user is created automatically in OpenNebula). It works<br></span>
fine but when I configure *:group* in *ldap_auth.conf*, I can't<span class=""><br>
authenticate new users within a LDAP group. The error that ONE throws is<br></span>
clear (*"User ulopez is not in group<br>
cn=grupo_nuevo,ou=ou_nueva,dc=<u></u>one,dc=es"*) but I don't know what could<div><div class="h5"><br>
be do so that it works. The documentation about LDAP groups with ONE is<br>
not very clear for me.<br>
<br>
The LDAP configuration is:<br>
<br>
server 1:<br>
:auth_method: :simple<br>
:host: 10.12.0.3<br>
:port: 389<br>
:base: 'dc=one,dc=es'<br>
<br>
# group the users need to belong to. If not set any user will do<br>
:group: 'cn=grupo_nuevo,ou=ou_nueva,<u></u>dc=one,dc=es'<br>
<br>
# field that holds the user name, if not set 'cn' will be used<br>
:user_field: 'uid'<br>
# field name for group membership, by default it is 'member'<br>
:group_field: 'memberUid'<br>
<br>
# user field that that is in in the group group_field, if not set<br>
'dn' will be used<br>
#user_group_field: 'gidNumber'<br>
<br>
The directory entry for the group is the next one:<br>
<br>
# extended LDIF<br>
#<br>
# LDAPv3<br>
# base <cn=grupo_nuevo,ou=ou_nueva,<u></u>dc=one,dc=es> with scope subtree<br>
# filter: (objectclass=*)<br>
# requesting: ALL<br>
#<br>
<br></div></div>
# grupo_nuevo, ou_nueva, <a href="http://one.es" target="_blank">one.es</a> <<a href="http://one.es" target="_blank">http://one.es</a>><span class=""><br>
dn: cn=grupo_nuevo,ou=ou_nueva,dc=<u></u>one,dc=es<br>
gidNumber: 503<br>
cn: grupo_nuevo<br>
objectClass: posixGroup<br>
objectClass: top<br>
memberUid: ulopez<br>
<br></span>
# us_nuevo_lopez, grupo_nuevo, ou_nueva, <a href="http://one.es" target="_blank">one.es</a> <<a href="http://one.es" target="_blank">http://one.es</a>><span class=""><br>
dn: cn=us_nuevo_lopez,cn=grupo_<u></u>nuevo,ou=ou_nueva,dc=one,dc=es<br>
givenName: us_nuevo<br>
gidNumber: 503<br>
homeDirectory: /home/users/ulopez<br>
sn: lopez<br>
loginShell: /bin/sh<br>
objectClass: inetOrgPerson<br>
objectClass: posixAccount<br>
objectClass: top<br>
uidNumber: 1009<br>
uid: ulopez<br>
cn: us_nuevo_lopez<br>
<br>
Thank you very much,<br>
<br>
Best regards<br>
<br>
<br>
<br>
<br></span>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
<br>
</blockquote>
<br>
<br>
Currently openebula supports only scheme with "listofmembers" (not sure if haven't make a mistake in name) objecClass.<br>
<br>
You can use my patch:<br>
<a href="https://github.com/cinek810/one/commit/925a124c96018aa8b4b44805aafa76280830a461" target="_blank">https://github.com/cinek810/<u></u>one/commit/<u></u>925a124c96018aa8b4b44805aafa76<u></u>280830a461</a><br>
<br>
to support groups in memberUid format.<br>
<br>
cheers,<br>
marcin<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
</blockquote></div><br></div>