Hi Tino, finally I think that I got it. The problem is that my DN has spaces in the CN. So I think that the one_auth file is not properly handled and it results in a failure whenever an space is used in this file. That is why I got the same failure when changing the authentication method to "simple" or to even a nonexistent method. It is simply because the authentication method was not launched at all because of a previous error.
The current problem is that I cannot authenticate because my DN has spaces ;) so I cannot use it whithin Open Nebula. But at least I do not get the "expired time" error and it outputs an authentication error. Any workaround on this? Regards, Carlos A. Mensaje citado por "Carlos A." <[email protected]>: > Hi, > i get the expected output > -- > Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad > > Tino Vazquez <[email protected]> escribió: > > Hi Carlos, > > Let's try executing the auth mad by hand (the error, from your input, > seems not to be exclusive of the ldap addon, but rather of the auth > module), to discard missing gems > > # $ONE_LOCATION/lib/mads/one_auth_mad > > after hitting return, it will wait for input, type > > INIT > > you should get > > INIT SUCCESS - - > > Regards, > > -Tino > > -- > Constantino Vázquez Blanco, MSc > OpenNebula Major Contributor > www.OpenNebula.org | @tinova79 > > > > On Mon, Jun 13, 2011 at 1:29 PM, Carlos A. <[email protected]> wrote: > > Hi Tino, > > > > more info on this. > > > > While using my test script to authenticate I can see the sucess in the ldap > > server, I cannot see any information when trying to authenticate using ONE > > > > El 13/06/11 12:43, Tino Vazquez escribió: > >> > >> Hi Carlos, > >> > >> This may be due to a eager timeout that the core imposes over the ldap > >> driver. > >> > >> Please find attached a patch for the OpenNebula source code, please > >> apply it, recompile and reinstall, we would appreciate feedback on > >> wether this fixes the improper ldap plugin behavior or not. > >> > >> Regards, > >> > >> -Tino > >> > >> -- > >> Constantino Vázquez Blanco, MSc > >> OpenNebula Major Contributor > >> www.OpenNebula.org | @tinova79 > >> > >> > >> > >> On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<[email protected]> wrote: > >>> > >>> Hello, > >>> > >>> any help on this? is ldap addon supposed to work with opennebula 2.2? has > >>> anyone tried it? > >>> > >>> El 09/06/2011 10:46, Carlos A. escribió: > >>>> > >>>> Hello, > >>>> > >>>> first of all, thank you for your response. > >>>> > >>>> Once I have managed to make ldap_auth work, I found the following issue: > >>>> > >>>> root@keo01:/srv/cloud/one# onevm list > >>>> execution expired > >>>> > >>>> I cannot manage to athenticate against my ldap server. I have tried the > >>>> ldap authentication that is carried out by ONE > >>>> > >>>> require 'rubygems' > >>>> require 'net/ldap' > >>>> ldap = Net::LDAP.new > >>>> ldap.host = "my.ldap.server" > >>>> ldap.port = 389 > >>>> ldap.auth "my-dn", "my-pass" > >>>> print ldap.bind > >>>> > >>>> It is properly working, as my server authenticates me. I have (of > >>>> course) > >>>> tried changing the password and it works as expected. > >>>> > >>>> Diving in the code It seems that there is some problem in the file > >>>> "src/um/UserPool.cc", at > >>>> authm->trigger(AuthManager::AUTHENTICATE,&ar); > >>>> ar.wait(); > >>>> > >>>> Any idea? > >>>> > >>>> > >>>> El 09/06/11 00:51, [email protected] escribió: > >>>>> > >>>>> The official OpenNebula installation instructions for the ldap driver > >>>>> are > >>>>> incomplete and miss to mention some software packages that you have to > >>>>> install first. I don't remember which ones they were, but you can find > >>>>> out > >>>>> as follows: > >>>>> > >>>>> * cd to .../lib/ruby > >>>>> * execute 'ruby ldap_auth.rb'. > >>>>> * Ruby will complain about any missing packages. Install those until > >>>>> ruby > >>>>> is happy. > >>>>> > >>>>> Carsten > >>>>> > >>>>> > >>>>> Carsten Friedrich > >>>>> Research Team leader > >>>>> ICT Centre, GPO Box 664,Canberra, ACT 2601 > >>>>> Phone: +61 2 6216 7019 > >>>>> Email: [email protected] > >>>>> Web: http://www.csiro.au/org/ICT.html > >>>>> > >>>>> > >>>>> > >>>>> -----Original Message----- > >>>>> From: [email protected] > >>>>> [mailto:[email protected]] On Behalf Of Carlos A. > >>>>> Sent: Wednesday, 8 June 2011 18:17 > >>>>> To: [email protected] > >>>>> Subject: Re: [one-users] Problem with ldap authentication > >>>>> > >>>>> any help on this? > >>>>> > >>>>> El 02/06/11 16:55, Carlos A. escribió: > >>>>>> > >>>>>> More information on this: > >>>>>> > >>>>>> in /srv/cloud/one/var/oned.log I can see > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3 > >>>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG] > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: > >>>>>>_____________________________________________ > > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration File > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: > >>>>>>_____________________________________________ > > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: > >>>>>>_____________________________________________ > > >>>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad > >>>>>> DB=BACKEND=sqlite > >>>>>> DEBUG_LEVEL=3 > >>>>>> DEFAULT_DEVICE_PREFIX=hd > >>>>>> DEFAULT_IMAGE_TYPE=OS > >>>>>> HM_MAD=EXECUTABLE=one_hm > >>>>>> HOST_MONITORING_INTERVAL=600 > >>>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images > >>>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm > >>>>>> MAC_PREFIX=02:00 > >>>>>> MANAGER_TIMER=15 > >>>>>> NETWORK_SIZE=254 > >>>>>> PORT=2633 > >>>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one > >>>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs > >>>>>> VM_DIR=/srv/cloud/one/var/ > >>>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE > >>>>>> VM_MAD=ARGUMENTS=-t 15 -r 0 > >>>>>> > >>>>>> > >>>>>> > kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm > >>>>>> VM_POLLING_INTERVAL=600 > >>>>>> VNC_BASE_PORT=5900 > >>>>>>_____________________________________________ > > >>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula database. > >>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port 2633 > >>>>>> ... > >>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager... > >>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started. > >>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started. > >>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager > >>>>>> drivers. > >>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm (KVM) > >>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded. > >>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager > >>>>>> drivers. > >>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm > >>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded > >>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers. > >>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs > >>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded. > >>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver. > >>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded > >>>>>> Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver. > >>>>>> Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command > >>>>>> Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method > >>>>>> invoked > >>>>>> Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find > >>>>>> Authorization driver > >>>>>> Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User > >>>>>> couldn't be authenticated, aborting call. > >>>>>> > >>>>>> It seems that it cannot find the driver as a relative path name, but I > >>>>>> have also tried to use the full path of the auth driver. > >>>>>> > >>>>>> Any help would be appreciated. > >>>>>> > >>>>>> Regards, > >>>>>> Carlos A. > >>>>>> > >>>>>> > >>>>>> El 02/06/11 11:39, Carlos A. escribió: > >>>>>>> > >>>>>>> Hello, > >>>>>>> > >>>>>>> I have just installed the ldap authentication addon on an fresh ONE > >>>>>>> install. I followed the instructions and I found that I cannot > >>>>>>> authenticate against the LDAP server. > >>>>>>> > >>>>>>> what am I not doing in a wrong way? > >>>>>>> > >>>>>>>_____________________________________________ > > >>>>>>> carlos@keo01:~$ onevm list > >>>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting > >>>>>>> call. > >>>>>>> > >>>>>>> carlos@keo01:~$ tail /srv/cloud/one/var/oned.log > >>>>>>> (...) > >>>>>>> Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find > >>>>>>> Authorization driver > >>>>>>> Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User > >>>>>>> couldn't be authenticated, aborting call. > >>>>>>> (...) > >>>>>>> > >>>>>>> calfonso@keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad* > >>>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad > >>>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb > >>>>>>> > >>>>>>> carlos@keo01:/srv/cloud/one/lib/mads$ ls -l > >>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb > >>>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58 > >>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb > >>>>>>> > >>>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf > >>>>>>> :database: sqlite://auth.db > >>>>>>> :authentication: ldap > >>>>>>> :quota: > >>>>>>> :enabled: false > >>>>>>> :defaults: > >>>>>>> :cpu: 10.0 > >>>>>>> :memory: 1048576 > >>>>>>> :ldap: > >>>>>>> :host: my.ldap.server > >>>>>>> :port: 389 > >>>>>>> > >>>>>>> > >>>>>>> *** content of /srv/cloud/one/etc/oned.conf > >>>>>>> (...) > >>>>>>> AUTH_MAD = [ > >>>>>>> executable = "one_auth_mad" ] > >>>>>>> > >>>>>>>_____________________________________________ > > >>>>>>> Users mailing list > >>>>>>> [email protected] > >>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >>>>>> > >>>>>>_____________________________________________ > > >>>>>> Users mailing list > >>>>>> [email protected] > >>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >>>> > >>>>_____________________________________________ > > >>>> Users mailing list > >>>> [email protected] > >>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >>> > >>> -- > >>> Carlos de Alfonso Laguna > >>> Ingeniero de I+D > >>> Tel. +34 963877007, ext. 88254 > >>> mailto: [email protected] > >>> > >>> La información incluida en el presente correo electrónico y, en su > caso, > >>> sus > >>> anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a > >>> quien va dirigido y puede contener información privilegiada, profesional > >>> u > >>> otra clase de información privada. Si usted recibe este mensaje y no es > >>> el > >>> destinatario señalado le informamos de que esta prohibida cualquier > >>> utilización del mismo sin previa autorización y le rogamos que nos lo > >>> notifique inmediatamente de vuelta a la dirección remitente y proceda a > >>> la > >>> destrucción del mismo. > >>> > >>>_____________________________________________ > > >>> Users mailing list > >>> [email protected] > >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > >>> > > > > > > -- > > > > Carlos de Alfonso Laguna > > Ingeniero de I+D > > Tel. +34 963877007, ext. 88254 > > mailto: [email protected] > > > > La información incluida en el presente correo electrónico y, en su caso, > sus > > anexos, es CONFIDENCIAL, siendo para el uso exclusivo del destinatario a > > quien va dirigido y puede contener información privilegiada, profesional u > > otra clase de información privada. Si usted recibe este mensaje y no es el > > destinatario señalado le informamos de que esta prohibida cualquier > > utilización del mismo sin previa autorización y le rogamos que nos lo > > notifique inmediatamente de vuelta a la dirección remitente y proceda a la > > destrucción del mismo. > > > > > > -- _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
