Re: [one-users] Unable to login to Sunstone/OCCI via LDAP (Users Digest, Vol 60, Issue 16)

Wed, 06 Feb 2013 22:28:26 -0800 

Hi,
We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with LDAP authentication by using this patch: 


sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on 
installation)/occi/ui/public/js/login.js


and putting ":auth: occi" to occi-server.conf


That is because OCCI transfers SHA1 hashed password to occi-server and 
it could not do LDAP bind with it (exept if your LDAP contains clear 
text passwords or SHA1 hash). With this patch clear password is 
transported to occi-server and it could do LDAP bind against LDAP users.


Regards, Rolandas Naujikas

P.S. We are using https reverse proxy also.

On 2013-02-06 15:15, Vassilis Vatikiotis wrote:

Hello all,

I'm trying to enable the LDAP auth method so my users can login to
OCCI web UI and although I've followed the steps from the docs in ONE
site so far I haven;t managed it.

The /etc/one/oned.conf AUTH_MAD section is:
AUTH_MAD = [
     executable = "one_auth_mad",
     authn = "ssh,x509,ldap,default,server_cipher,server_x509"
]

The /etc/one/auth/ldap_auth.conf is:
server 1:
     :user: 'cn=xxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx'
     :password: 'xxxx'
     :auth_method: :simple
     :host: 'ldap.xxx.xxx.xxx'
     :port: 389
     :base: 'ou=xxx,dc=xxx,dc=xxx,dc=xxx'
     :user_field: 'uid'

:order:
     - server 1

The above ldap setting work as I've tested them inside irb, using the
ruby class defined in /etc/lib/one/ruby/ldap_auth.rb. I can search my
LDAP database and get results

I've also copied the ldap directory to a default one, like,
$ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

What puzzles me is that whenever I try to login to OCCI (or sunstone)
I cannot see any auth related queries in /var/log/one/oned.log. It's
as if the ldap and default settings in authn of AUTH_MAD are completly
ignored. At the same time, no queries are performed in the LDAP
backend.

I haven't done the last step where a $HOME/.one/one_auth file
containing a user_dn:password
entry cause I'm unsure of what it means.

Any ideas?






_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org






















					Reply via email to