Javier,
I've tried successfully using the ldap client utils:
With invalid password:
oneadmin@opennebula:~$ ldapsearch -h ad.mydomain.com -D
cn=acalvo,cn=Users,dc=mydomain,dc=com -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE
With valid password:
oneadmin@opennebula:~$ ldapsearch -h ad.mydomain.com -D
cn=acalvo,cn=Users,dc=mydomain,dc=com -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
We are not using SSL at this moment (I think it was advised not to use
it in the documentation).
LDAP configuration:
:user: 'cn=readonly,cn=users,dc=mydomain,dc=com'
:password: 'mybindpassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
:base: 'cn=Users,dc=mydomain,dc=com'
AD configuration:
:user: 'reado...@mydomain.com'
:password: 'mybindpassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
#:encryption: :simple_tls
:base: 'cn=Users,dc=mydomain,dc=com'
In both cases, the output is the same:
oneadmin@opennebula:~$ ./remotes/auth/default/authenticate acalvo
badpassword badpassword
Trying server server 1
ldap acalvo CN=acalvo,CN=Users,DC=mydomain,DC=com
Cheers
On 01/10/13 11:56, Javier Fontan wrote:
Can you check with ldapsearch command? Can you authenticate with that
command and an invalid password? Are you using ssl?
For our tests we use slapd as ldap server and a Windows 2008 Server as
Active Directory server.
On Tue, Oct 1, 2013 at 9:52 AM, Andreas Calvo Gómez
<andreas.ca...@scytl.com> wrote:
Javier,
We are not using a true AD; instead, we are using Samba 4 as an AD.
However, it fails either being configured as AD or just plain LDAP.
I may provide the configuration if necessary, just let me know.
Regards,
On 24/09/13 10:56, Javier Fontan wrote:
I've tested the driver from 4.2 with a Windows 2008 server Active
directory and does fail when the password is not correct. Could it be
an Active Directory configuration?
On Fri, Sep 6, 2013 at 4:57 PM, Andreas Calvo Gómez
<andreas.ca...@scytl.com> wrote:
Javier,
Thanks for your time.
We are running the latest version of OpenNebula as of today: version
4.2.0.
On 06/09/13 15:23, Javier Fontan wrote:
It looks really bad. Could you please give use the OpenNebula version
you are using? I'll do my tests here and will let you know.
I've created a ticket to keep track of this problem:
http://dev.opennebula.org/issues/2307
On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez
<andreas.ca...@scytl.com> wrote:
Hi all,
I've encountered a strange behavior while trying to configure ONE to
authenticate against an AD, either as a proper AD or as a LDAP.
If a credential is used to query LDAP and retrieve the complete DN for
the
user that wants to login, then no matter what password the user has
typed
it
will be listed as authenticated.
ldap_auth.conf example:
server 1:
:user: 'myu...@mydomain.com'
:password: 'mypassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
:base: 'dc=mydomain,dc=com'
:user_field: 'sAMAccountName'
:order:
- server 1
If I manually query the authenticate process with a made up password
and
secret, it is always listed as authenticated.
For instance:
oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser
badpassword badpassword
Trying server server 1
ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
My guess is that the same user that is used to look up users, performs
the
authenticate method and always returns a valid user.
Or maybe I'm missing something.
Any hint?
Thanks!
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Andreas Calvo Gómez
Systems Engineer
Scytl Secure Electronic Voting
Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona
Phone: + 34 934 230 324
Fax: + 34 933 251 028
http://www.scytl.com
NOTICE: The information in this e-mail and in any of its attachments is
confidential and intended solely for the attention and use of the named
addressee(s). If you are not the intended recipient, any disclosure,
copying,
distribution or retaining of this message or any part of it, without the
prior
written consent of Scytl Secure Electronic Voting, SA is prohibited and
may be
unlawful. If you have received this in error, please contact the sender
and
delete the material from any computer.
_______________________________________________
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
