On 2013-02-11 16:13, Daniel Molina wrote:
Hi Rolandas,
On 7 February 2013 07:28, Rolandas Naujikas <rolandas.nauji...@mif.vu.lt> wrote:
We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with
LDAP authentication by using this patch:
sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on
installation)/occi/ui/public/js/login.js
and putting ":auth: occi" to occi-server.conf
If you set :auth: occi, the authentication method will compare the
password provided by the user and the one stored in OpenNebula
(OCCICloudAuth.rb) but LDAP will not be used.
Instead you have to set ":auth: opennebula" (OpenNebulaCloudAuth.rb)
[1] and change the auth driver for that user 'oneuser chauth ..." to
use LDAP, or set LDAP as default for new users [2]
Yes, I shown wrong configuration file content from our system. Really we
are using ":auth: opennebula" (in occi-server.conf) and it works in
opennebula self service portal with LDAP authentication in our
environment (with the patch in login.js).
Regards, Rolandas Naujikas
[1] http://opennebula.org/documentation:rel3.8:sunstone#authentication_methods
[2] http://opennebula.org/documentation:rel3.8:ldap#configuration
Cheers
That is because OCCI transfers SHA1 hashed password to occi-server and it
could not do LDAP bind with it (exept if your LDAP contains clear text
passwords or SHA1 hash). With this patch clear password is transported to
occi-server and it could do LDAP bind against LDAP users.
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
