Do you have any non word characters in the DN? Like <, >, [, ] and such.
On Tue, Sep 3, 2013 at 4:36 AM, Shek Mohd Fahmi Abdul Latip < fahmi.la...@mimos.my> wrote: > Hi,**** > > ** ** > > Here is my one/auth/ldap_auth.conf settings:**** > > ** ** > > server 1:**** > > :user: 'one***@*****.****'**** > > :password: '********'**** > > :auth_method: :simple**** > > :host: 10.*.*.***** > > :port: 389**** > > :base: 'OU=******,DC=****,DC=******'**** > > :user_field: 'sAMAccountName'**** > > ** ** > > :order:**** > > - server 1**** > > ** ** > > And this is my oned.conf looks like:**** > > ** ** > > LOG = [**** > > system = "file",**** > > debug_level = 3**** > > ]**** > > ** ** > > MANAGER_TIMER = 5**** > > ** ** > > MONITORING_INTERVAL = 10**** > > ** ** > > SCRIPTS_REMOTE_DIR=/var/tmp/one**** > > ** ** > > PORT = 2633**** > > ** ** > > DB = [ backend = "mysql",**** > > server = "localhost",**** > > port = 0,**** > > user = "*******",**** > > passwd = "********",**** > > db_name = "opennebula" ]**** > > ** ** > > VNC_BASE_PORT = 5900**** > > ** ** > > NETWORK_SIZE = 254**** > > ** ** > > MAC_PREFIX = "02:00"**** > > ** ** > > ** ** > > DATASTORE_CAPACITY_CHECK = "yes"**** > > ** ** > > DEFAULT_IMAGE_TYPE = "OS"**** > > DEFAULT_DEVICE_PREFIX = "hd"**** > > ** ** > > ** ** > > IM_MAD = [**** > > name = "kvm",**** > > executable = "one_im_ssh",**** > > arguments = "-r 0 -t 15 kvm" ]**** > > ** ** > > ** ** > > VM_MAD = [**** > > name = "kvm",**** > > executable = "one_vmm_exec",**** > > arguments = "-t 15 -r 0 kvm",**** > > default = "vmm_exec/vmm_exec_kvm.conf",**** > > type = "kvm" ]**** > > ** ** > > TM_MAD = [**** > > executable = "one_tm",**** > > arguments = "-t 15 -d dummy,lvm,shared,qcow2,ssh,vmfs,iscsi,ceph" ]** > ** > > ** ** > > ** ** > > DATASTORE_MAD = [**** > > executable = "one_datastore",**** > > arguments = "-t 15 -d dummy,fs,vmfs,iscsi,lvm,ceph"**** > > ]**** > > ** ** > > HM_MAD = [**** > > executable = "one_hm" ]**** > > ** ** > > HOST_HOOK = [**** > > name = "error",**** > > on = "ERROR",**** > > command = "ft/host_error.rb",**** > > arguments = "$ID -r",**** > > remote = "no" ]**** > > ** ** > > VM_HOOK = [**** > > name = "on_failure_recreate",**** > > on = "FAILED",**** > > command = "/usr/bin/env onevm delete --recreate",**** > > arguments = "$ID" ]**** > > ** ** > > AUTH_MAD = [**** > > executable = "one_auth_mad",**** > > authn = "ssh,x509,ldap,server_cipher,server_x509,default"**** > > ]**** > > ** ** > > SESSION_EXPIRATION_TIME = 900**** > > ** ** > > DEFAULT_UMASK = 177**** > > ** ** > > VM_RESTRICTED_ATTR = "CONTEXT/FILES"**** > > VM_RESTRICTED_ATTR = "NIC/MAC"**** > > VM_RESTRICTED_ATTR = "NIC/VLAN_ID"**** > > ** ** > > IMAGE_RESTRICTED_ATTR = "SOURCE"**** > > ** ** > > ONEGATE_ENDPOINT = "http://1**.******:5030"**** > > ** ** > > ** ** > > Best regards,**** > > .fahmie**** > > ** ** > > *From:* Jonathan Chen [mailto:simon8...@gmail.com] > *Sent:* Monday, September 02, 2013 10:08 PM > *To:* Shek Mohd Fahmi Abdul Latip > *Cc:* users@lists.opennebula.org; Hadi Noira Omar > *Subject:* Re: [one-users] Opennebula - Active Directory authentication > intergration**** > > ** ** > > maybe you can show your configuration file.**** > > ** ** > > like ldap_conf , oned.conf ... etc**** > > ** ** > > hidden your ip , account and passwd.**** > > ** ** > > will be help them to solve your problem.**** > > ** ** > > Jonathan**** > > ** ** > > 2013/9/2 Shek Mohd Fahmi Abdul Latip <fahmi.la...@mimos.my>**** > > Hi experts,**** > > **** > > I’m using the latest Opennebula 4.2 on CentOS 6.4. Right now in the middle > of integrating the authentication system with MS-AD through LDAP protocol. > **** > > **** > > Based on the documentation:**** > > **** > > To be able to use this driver for users that are still not in the user > database you must set it to the default driver. To do this go to the auth > drivers directory and copy the directory ldap to default. In system-wide > installations you can do this using this command:**** > > $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default** > ** > > **** > > **** > > What I can understand, if the user account is not exist on the opennebula > database, it will still be able to retrieve and authenticate via LDAP/AD. I > did this configuration and somehow I got the error as mention below.**** > > **** > > **** > > **** > > I’ve followed the documentation provided on > http://opennebula.org/documentation:rel4.2:ldap#active_directory somehow, > it works partially with error that I can’t really understand.**** > > **** > > Here is the error message that can be found in the oned.log:**** > > **** > > Mon Sep 2 11:24:05 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS > 16 ldap > fahmi.latipCN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=******* > **** > > **** > > Mon Sep 2 11:24:05 2013 [AuM][E]: Can't create user: Error transforming > the User to XML.. Driver response: ldap fahmi.latip > CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=*********** > > Mon Sep 2 11:24:05 2013 [ReM][D]: Req:9744 UID:- UserInfo invoked, -1**** > > Mon Sep 2 11:24:05 2013 [ReM][E]: Req:9744 UID:- UserInfo result FAILURE > [UserInfo] User couldn't be authenticated, aborting call.**** > > **** > > Anyone facing the similar issue before? Any clue what action need to be > taken to solve this problem? Or is this method some kind of impossible?*** > * > > **** > > Best regards,**** > > .fahmie**** > > **** > > **** > > **** > > ------------------------------------------------------------------ > - > - > DISCLAIMER: > > This e-mail (including any attachments) is for the addressee(s) > only and may contain confidential information. If you are not the > intended recipient, please note that any dealing, review, > distribution, printing, copying or use of this e-mail is strictly > prohibited. If you have received this email in error, please notify > the sender immediately and delete the original message. > MIMOS Berhad is a research and development institution under > the purview of the Malaysian Ministry of Science, Technology and > Innovation. Opinions, conclusions and other information in this e- > mail that do not relate to the official business of MIMOS Berhad > and/or its subsidiaries shall be understood as neither given nor > endorsed by MIMOS Berhad and/or its subsidiaries and neither > MIMOS Berhad nor its subsidiaries accepts responsibility for the > same. All liability arising from or in connection with computer > viruses and/or corrupted e-mails is excluded to the fullest extent > permitted by law. > > **** > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org**** > > ** ** > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of September 2013! Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
