It should not have any problem with a underscore. The error you are getting is caused because you DN is being incorrectly transformed to xml. It most probably is some character that is breaking that serialization. As I don't have the DN I can not reproduce it.
Fortunately the DN in ldap is stored only as extra information and this can be disabled. Change the file /var/lib/one/remotes/auth/default/authenticate, line 88, from: puts "ldap #{escaped_user} #{escaped_secret}" to puts "ldap #{escaped_user} -" This should fix the problem. On Wed, Sep 4, 2013 at 2:39 AM, Shek Mohd Fahmi Abdul Latip <fahmi.la...@mimos.my> wrote: > Hi Javier, > > > > Yes, I got “_” (normal underscore symbol) inside one of my DN entry as in > the OU name. Is there any problem with that? If yes, any workaround to make > it works? Kindly advised. > > > > Best regards, > > .fahmie > > > > From: Javier Fontan [mailto:jfon...@opennebula.org] > Sent: Wednesday, September 04, 2013 3:58 AM > > > To: Shek Mohd Fahmi Abdul Latip > Cc: users@lists.opennebula.org; Hadi Noira Omar > Subject: Re: [one-users] Opennebula - Active Directory authentication > intergration > > > > Do you have any non word characters in the DN? Like <, >, [, ] and such. > > > > On Tue, Sep 3, 2013 at 4:36 AM, Shek Mohd Fahmi Abdul Latip > <fahmi.la...@mimos.my> wrote: > > Hi, > > > > Here is my one/auth/ldap_auth.conf settings: > > > > server 1: > > :user: 'one***@*****.****' > > :password: '********' > > :auth_method: :simple > > :host: 10.*.*.* > > :port: 389 > > :base: 'OU=******,DC=****,DC=******' > > :user_field: 'sAMAccountName' > > > > :order: > > - server 1 > > > > And this is my oned.conf looks like: > > > > LOG = [ > > system = "file", > > debug_level = 3 > > ] > > > > MANAGER_TIMER = 5 > > > > MONITORING_INTERVAL = 10 > > > > SCRIPTS_REMOTE_DIR=/var/tmp/one > > > > PORT = 2633 > > > > DB = [ backend = "mysql", > > server = "localhost", > > port = 0, > > user = "*******", > > passwd = "********", > > db_name = "opennebula" ] > > > > VNC_BASE_PORT = 5900 > > > > NETWORK_SIZE = 254 > > > > MAC_PREFIX = "02:00" > > > > > > DATASTORE_CAPACITY_CHECK = "yes" > > > > DEFAULT_IMAGE_TYPE = "OS" > > DEFAULT_DEVICE_PREFIX = "hd" > > > > > > IM_MAD = [ > > name = "kvm", > > executable = "one_im_ssh", > > arguments = "-r 0 -t 15 kvm" ] > > > > > > VM_MAD = [ > > name = "kvm", > > executable = "one_vmm_exec", > > arguments = "-t 15 -r 0 kvm", > > default = "vmm_exec/vmm_exec_kvm.conf", > > type = "kvm" ] > > > > TM_MAD = [ > > executable = "one_tm", > > arguments = "-t 15 -d dummy,lvm,shared,qcow2,ssh,vmfs,iscsi,ceph" ] > > > > > > DATASTORE_MAD = [ > > executable = "one_datastore", > > arguments = "-t 15 -d dummy,fs,vmfs,iscsi,lvm,ceph" > > ] > > > > HM_MAD = [ > > executable = "one_hm" ] > > > > HOST_HOOK = [ > > name = "error", > > on = "ERROR", > > command = "ft/host_error.rb", > > arguments = "$ID -r", > > remote = "no" ] > > > > VM_HOOK = [ > > name = "on_failure_recreate", > > on = "FAILED", > > command = "/usr/bin/env onevm delete --recreate", > > arguments = "$ID" ] > > > > AUTH_MAD = [ > > executable = "one_auth_mad", > > authn = "ssh,x509,ldap,server_cipher,server_x509,default" > > ] > > > > SESSION_EXPIRATION_TIME = 900 > > > > DEFAULT_UMASK = 177 > > > > VM_RESTRICTED_ATTR = "CONTEXT/FILES" > > VM_RESTRICTED_ATTR = "NIC/MAC" > > VM_RESTRICTED_ATTR = "NIC/VLAN_ID" > > > > IMAGE_RESTRICTED_ATTR = "SOURCE" > > > > ONEGATE_ENDPOINT = "http://1**.******:5030" > > > > > > Best regards, > > .fahmie > > > > From: Jonathan Chen [mailto:simon8...@gmail.com] > Sent: Monday, September 02, 2013 10:08 PM > To: Shek Mohd Fahmi Abdul Latip > Cc: users@lists.opennebula.org; Hadi Noira Omar > Subject: Re: [one-users] Opennebula - Active Directory authentication > intergration > > > > maybe you can show your configuration file. > > > > like ldap_conf , oned.conf ... etc > > > > hidden your ip , account and passwd. > > > > will be help them to solve your problem. > > > > Jonathan > > > > 2013/9/2 Shek Mohd Fahmi Abdul Latip <fahmi.la...@mimos.my> > > Hi experts, > > > > I’m using the latest Opennebula 4.2 on CentOS 6.4. Right now in the middle > of integrating the authentication system with MS-AD through LDAP protocol. > > > > Based on the documentation: > > > > To be able to use this driver for users that are still not in the user > database you must set it to the default driver. To do this go to the auth > drivers directory and copy the directory ldap to default. In system-wide > installations you can do this using this command: > > $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default > > > > > > What I can understand, if the user account is not exist on the opennebula > database, it will still be able to retrieve and authenticate via LDAP/AD. I > did this configuration and somehow I got the error as mention below. > > > > > > > > I’ve followed the documentation provided on > http://opennebula.org/documentation:rel4.2:ldap#active_directory somehow, it > works partially with error that I can’t really understand. > > > > Here is the error message that can be found in the oned.log: > > > > Mon Sep 2 11:24:05 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS 16 > ldap fahmi.latip > CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=******* > > > > Mon Sep 2 11:24:05 2013 [AuM][E]: Can't create user: Error transforming the > User to XML.. Driver response: ldap fahmi.latip > CN=******,OU=******,OU=*****,OU=Users,OU=*****,DC=******,DC=******* > > Mon Sep 2 11:24:05 2013 [ReM][D]: Req:9744 UID:- UserInfo invoked, -1 > > Mon Sep 2 11:24:05 2013 [ReM][E]: Req:9744 UID:- UserInfo result FAILURE > [UserInfo] User couldn't be authenticated, aborting call. > > > > Anyone facing the similar issue before? Any clue what action need to be > taken to solve this problem? Or is this method some kind of impossible? > > > > Best regards, > > .fahmie > > > > > > > > ------------------------------------------------------------------ > - > - > DISCLAIMER: > > This e-mail (including any attachments) is for the addressee(s) > only and may contain confidential information. If you are not the > intended recipient, please note that any dealing, review, > distribution, printing, copying or use of this e-mail is strictly > prohibited. If you have received this email in error, please notify > the sender immediately and delete the original message. > MIMOS Berhad is a research and development institution under > the purview of the Malaysian Ministry of Science, Technology and > Innovation. Opinions, conclusions and other information in this e- > mail that do not relate to the official business of MIMOS Berhad > and/or its subsidiaries shall be understood as neither given nor > endorsed by MIMOS Berhad and/or its subsidiaries and neither > MIMOS Berhad nor its subsidiaries accepts responsibility for the > same. All liability arising from or in connection with computer > viruses and/or corrupted e-mails is excluded to the fullest extent > permitted by law. > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > -- > Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of > September 2013! > > Javier Fontán Muiños > Developer > OpenNebula - The Open Source Toolkit for Data Center Virtualization > www.OpenNebula.org | @OpenNebula | github.com/jfontan > > ------------------------------------------------------------------ > - > - > DISCLAIMER: > > This e-mail (including any attachments) is for the addressee(s) > only and may contain confidential information. If you are not the > intended recipient, please note that any dealing, review, > distribution, printing, copying or use of this e-mail is strictly > prohibited. If you have received this email in error, please notify > the sender immediately and delete the original message. > MIMOS Berhad is a research and development institution under > the purview of the Malaysian Ministry of Science, Technology and > Innovation. Opinions, conclusions and other information in this e- > mail that do not relate to the official business of MIMOS Berhad > and/or its subsidiaries shall be understood as neither given nor > endorsed by MIMOS Berhad and/or its subsidiaries and neither > MIMOS Berhad nor its subsidiaries accepts responsibility for the > same. All liability arising from or in connection with computer > viruses and/or corrupted e-mails is excluded to the fullest extent > permitted by law. > > -- Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of September 2013! Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org