There seems to be a problem getting the groups from OpenNebula. Can you send us the output of:<div><br></div><div>onegroup list -x</div><div><br></div><div>To fix the problem you can disable mapping generation adding this line to the server configuration:</div><div><br></div><div>:mapping_generate: false</div><div><br></div><div>Cheers<br><br><div class="gmail_quote">On Mon Dec 08 2014 at 3:55:46 PM Mr Sensible <<a href="mailto:doilooksensible@gmail.com">doilooksensible@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I am struggling a little bit with hooking my test OpenNebula in to my<br>
existing FreeIPA authentication domain.<br>
<br>
I am currently running OpenNebula 4.10.1 running on Centos 6.5, and I am<br>
trying to connect it to my existing FreeIPA 3.0.0 server.<br>
<br>
I currently have three services authenticating via ldap to the IPA<br>
server, so I "think" that bit is right.<br>
<br>
When I install opennebula for the first time, get everything setup, add<br>
the ldap authentication config, everything looks OK. I create a user in<br>
Sunstone, set the auth method to LDAP, and then successfully sign in to<br>
Sunstone. Happy face.<br>
I change the user to oneadmin group in Sunstone.<br>
<br>
The following day, I am no longer able to log in as that user, and no<br>
amount of deleting user and re-adding user seems to make any difference.<br>
I have also tried NOT creating the user via sunstone, and just logging<br>
in, same errors.<br>
<br>
Does anybody have any idea what I might be doing wrong, or even where I<br>
can look to figure what is not working? Config and log files below. Many<br>
thanks in advance.<br>
<br>
------------------------------<br>
oned.conf<br>
---------------------------<br>
AUTH_MAD = [<br>
executable = "one_auth_mad",<br>
authn = "ssh,x509,ldap,default,server_<u></u>cipher,server_x509"<br>
]<br>
<br>
------------------------------<br>
ldap_auth.conf<br>
----------------------------<br>
server 1:<br>
# Ldap authentication method<br>
:auth_method: :simple<br>
<br>
# Ldap server<br>
:host: <a href="http://ipa1.lab.company.com" target="_blank">ipa1.lab.company.com</a><br>
:port: 389<br>
<br>
# Uncomment this line for tsl conections<br>
#:encryption: :simple_tls<br>
<br>
# base hierarchy where to search for users and groups<br>
:base: 'cn=users,cn=accounts,dc=lab,<u></u>dc=company,dc=com'<br>
<br>
# group the users need to belong to. If not set any user will do<br>
#:group: 'cn=users,cn=accounts'<br>
<br>
# field that holds the user name, if not set 'cn' will be used<br>
:user_field: 'uid'<br>
<br>
:order:<br>
- server 1<br>
<br>
------------------------------<br>
oned.log<br>
------------------------------<br>
Mon Dec 8 13:24:50 2014 [Z0][ReM][D]: Req:8640 UID:-1 GroupPoolInfo invoked<br>
Mon Dec 8 13:24:50 2014 [Z0][ReM][E]: Req:8640 UID:- GroupPoolInfo<br>
result FAILURE [GroupPoolInfo] User couldn't be authenticated, aborting<br>
call.<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Command<br>
execution fail: /var/lib/one/remotes/auth/<u></u>ldap/authenticate peter.harris<br>
- ****<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Command execution fail:<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate peter.harris - ****<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Trying<br>
server server 1<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Trying server server 1<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
Exception raised authenticating to LDAP<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Exception raised authenticating<br>
to LDAP<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
#<NoMethodError: undefined method `children' for nil:NilClass><br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: #<NoMethodError: undefined method<br>
`children' for nil:NilClass><br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/usr/lib/one/ruby/opennebula/<u></u>xml_element.rb:357:in `build_hash'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/usr/lib/one/ruby/opennebula/<u></u>xml_element.rb:357:in `build_hash'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/usr/lib/one/ruby/opennebula/<u></u>xml_element.rb:341:in `to_hash'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/usr/lib/one/ruby/opennebula/<u></u>xml_element.rb:341:in `to_hash'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/usr/lib/one/ruby/opennebula/<u></u>ldap_auth.rb:93:in `generate_mapping'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/usr/lib/one/ruby/opennebula/<u></u>ldap_auth.rb:93:in `generate_mapping'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/usr/lib/one/ruby/opennebula/<u></u>ldap_auth.rb:69:in `initialize'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/usr/lib/one/ruby/opennebula/<u></u>ldap_auth.rb:69:in `initialize'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:69:in `new'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:69:in `new'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:69<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:69<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:59:in `each'<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:59:in `each'<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:59<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]:<br>
/var/lib/one/remotes/auth/<u></u>ldap/authenticate:59<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Could<br>
not authenticate user peter.harris<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Could not authenticate user<br>
peter.harris<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1<br>
ExitCode: 255<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: ExitCode: 255<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: AUTHENTICATE<br>
FAILURE 1 -<br>
<br>
Mon Dec 8 13:24:50 2014 [Z0][AuM][E]: Auth Error:<br>
Mon Dec 8 13:24:50 2014 [Z0][ReM][D]: Req:6320 UID:-1 UserInfo invoked , -1<br>
Mon Dec 8 13:24:50 2014 [Z0][ReM][E]: Req:6320 UID:- UserInfo result<br>
FAILURE [UserInfo] User couldn't be authenticated, aborting call.<br>
<br>
<br>
______________________________<u></u>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/<u></u>listinfo.cgi/users-opennebula.<u></u>org</a><br>
</blockquote></div></div>