Hi Carlos, Let's try the driver by hand again, but also with the authentication part:
# ruby -dw $ONE_LOCATION/lib/mads/one_auth_mad.rb AUTHENTICATE 0 -1 <LDAP_DN> - <LDAP_DN:plain:LDAP_PASSWORD> this will tell if the failure is in the driver or the core. Regards, -Tino -- Constantino Vázquez Blanco, MSc OpenNebula Major Contributor www.OpenNebula.org | @tinova79 On Mon, Jun 13, 2011 at 9:16 PM, Carlos A. <[email protected]> wrote: > Hi again, > > more on this! I managed to get a user without whitespaces and I have bad > news: > > while stating a wrong DN/pass is almost instant to refuse connection by > stating an authentication error, I cannot manage to authenticate using the > proper DN/pass. I'm back to the original situation: the execution expired > message. > > In the log I can see the following message for the wrong ID: > > Mon Jun 13 21:11:56 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 0 > false > > Mon Jun 13 21:11:56 2011 [AuM][E]: Auth Error: false > Mon Jun 13 21:11:56 2011 [ReM][E]: [VirtualMachinePoolInfo] User couldn't > be authenticated, aborting call. > > But nothing for the right ID. > > Any idea on this? > > Regards. > > > El 13/06/11 18:42, Carlos A. escribió: > > Hi Tino, >> >> finally I think that I got it. The problem is that my DN has spaces in the >> CN. >> So I think that the one_auth file is not properly handled and it results >> in a >> failure whenever an space is used in this file. That is why I got the same >> failure when changing the authentication method to "simple" or to even a >> nonexistent method. It is simply because the authentication method was not >> launched at all because of a previous error. >> >> The current problem is that I cannot authenticate because my DN has spaces >> ;) so >> I cannot use it whithin Open Nebula. But at least I do not get the >> "expired >> time" error and it outputs an authentication error. >> >> Any workaround on this? >> >> Regards, >> Carlos A. >> >> Mensaje citado por "Carlos A."<[email protected]>: >> >> Hi, >>> i get the expected output >>> -- >>> Enviado desde mi teléfono Android con K-9 Mail. Disculpa mi brevedad >>> >>> Tino Vazquez<[email protected]> escribió: >>> >>> Hi Carlos, >>> >>> Let's try executing the auth mad by hand (the error, from your input, >>> seems not to be exclusive of the ldap addon, but rather of the auth >>> module), to discard missing gems >>> >>> # $ONE_LOCATION/lib/mads/one_auth_mad >>> >>> after hitting return, it will wait for input, type >>> >>> INIT >>> >>> you should get >>> >>> INIT SUCCESS - - >>> >>> Regards, >>> >>> -Tino >>> >>> -- >>> Constantino Vázquez Blanco, MSc >>> OpenNebula Major Contributor >>> www.OpenNebula.org | @tinova79 >>> >>> >>> >>> On Mon, Jun 13, 2011 at 1:29 PM, Carlos A.<[email protected]> wrote: >>> >>>> Hi Tino, >>>> >>>> more info on this. >>>> >>>> While using my test script to authenticate I can see the sucess in the >>>> ldap >>>> server, I cannot see any information when trying to authenticate using >>>> ONE >>>> >>>> El 13/06/11 12:43, Tino Vazquez escribió: >>>> >>>>> Hi Carlos, >>>>> >>>>> This may be due to a eager timeout that the core imposes over the ldap >>>>> driver. >>>>> >>>>> Please find attached a patch for the OpenNebula source code, please >>>>> apply it, recompile and reinstall, we would appreciate feedback on >>>>> wether this fixes the improper ldap plugin behavior or not. >>>>> >>>>> Regards, >>>>> >>>>> -Tino >>>>> >>>>> -- >>>>> Constantino Vázquez Blanco, MSc >>>>> OpenNebula Major Contributor >>>>> www.OpenNebula.org | @tinova79 >>>>> >>>>> >>>>> >>>>> On Sat, Jun 11, 2011 at 10:22 AM, Carlos A.<[email protected]> wrote: >>>>> >>>>>> Hello, >>>>>> >>>>>> any help on this? is ldap addon supposed to work with opennebula 2.2? >>>>>> has >>>>>> anyone tried it? >>>>>> >>>>>> El 09/06/2011 10:46, Carlos A. escribió: >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> first of all, thank you for your response. >>>>>>> >>>>>>> Once I have managed to make ldap_auth work, I found the following >>>>>>> issue: >>>>>>> >>>>>>> root@keo01:/srv/cloud/one# onevm list >>>>>>> execution expired >>>>>>> >>>>>>> I cannot manage to athenticate against my ldap server. I have tried >>>>>>> the >>>>>>> ldap authentication that is carried out by ONE >>>>>>> >>>>>>> require 'rubygems' >>>>>>> require 'net/ldap' >>>>>>> ldap = Net::LDAP.new >>>>>>> ldap.host = "my.ldap.server" >>>>>>> ldap.port = 389 >>>>>>> ldap.auth "my-dn", "my-pass" >>>>>>> print ldap.bind >>>>>>> >>>>>>> It is properly working, as my server authenticates me. I have (of >>>>>>> course) >>>>>>> tried changing the password and it works as expected. >>>>>>> >>>>>>> Diving in the code It seems that there is some problem in the file >>>>>>> "src/um/UserPool.cc", at >>>>>>> authm->trigger(AuthManager::AUTHENTICATE,&ar); >>>>>>> ar.wait(); >>>>>>> >>>>>>> Any idea? >>>>>>> >>>>>>> >>>>>>> El 09/06/11 00:51, [email protected] escribió: >>>>>>> >>>>>>>> The official OpenNebula installation instructions for the ldap >>>>>>>> driver >>>>>>>> are >>>>>>>> incomplete and miss to mention some software packages that you have >>>>>>>> to >>>>>>>> install first. I don't remember which ones they were, but you can >>>>>>>> find >>>>>>>> out >>>>>>>> as follows: >>>>>>>> >>>>>>>> * cd to .../lib/ruby >>>>>>>> * execute 'ruby ldap_auth.rb'. >>>>>>>> * Ruby will complain about any missing packages. Install those until >>>>>>>> ruby >>>>>>>> is happy. >>>>>>>> >>>>>>>> Carsten >>>>>>>> >>>>>>>> >>>>>>>> Carsten Friedrich >>>>>>>> Research Team leader >>>>>>>> ICT Centre, GPO Box 664,Canberra, ACT 2601 >>>>>>>> Phone: +61 2 6216 7019 >>>>>>>> Email: [email protected] >>>>>>>> Web: http://www.csiro.au/org/ICT.html >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: [email protected] >>>>>>>> [mailto:[email protected]] On Behalf Of Carlos A. >>>>>>>> Sent: Wednesday, 8 June 2011 18:17 >>>>>>>> To: [email protected] >>>>>>>> Subject: Re: [one-users] Problem with ldap authentication >>>>>>>> >>>>>>>> any help on this? >>>>>>>> >>>>>>>> El 02/06/11 16:55, Carlos A. escribió: >>>>>>>> >>>>>>>>> More information on this: >>>>>>>>> >>>>>>>>> in /srv/cloud/one/var/oned.log I can see >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Init OpenNebula Log system >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Log Level: 3 >>>>>>>>> [0=ERROR,1=WARNING,2=INFO,3=DEBUG] >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: >>>>>>>>> _____________________________________________ >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: OpenNebula Configuration >>>>>>>>> File >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: >>>>>>>>> _____________________________________________ >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: >>>>>>>>> _____________________________________________ >>>>>>>>> AUTH_MAD=EXECUTABLE=/srv/cloud/one/lib/mads/one_auth_mad >>>>>>>>> DB=BACKEND=sqlite >>>>>>>>> DEBUG_LEVEL=3 >>>>>>>>> DEFAULT_DEVICE_PREFIX=hd >>>>>>>>> DEFAULT_IMAGE_TYPE=OS >>>>>>>>> HM_MAD=EXECUTABLE=one_hm >>>>>>>>> HOST_MONITORING_INTERVAL=600 >>>>>>>>> IMAGE_REPOSITORY_PATH=/srv/cloud/one/var//images >>>>>>>>> IM_MAD=ARGUMENTS=-r 0 -t 15 kvm,EXECUTABLE=one_im_ssh,NAME=im_kvm >>>>>>>>> MAC_PREFIX=02:00 >>>>>>>>> MANAGER_TIMER=15 >>>>>>>>> NETWORK_SIZE=254 >>>>>>>>> PORT=2633 >>>>>>>>> SCRIPTS_REMOTE_DIR=/var/tmp/one >>>>>>>>> TM_MAD=ARGUMENTS=tm_nfs/tm_nfs.conf,EXECUTABLE=one_tm,NAME=tm_nfs >>>>>>>>> VM_DIR=/srv/cloud/one/var/ >>>>>>>>> VM_HOOK=ARGUMENTS=$VMID,COMMAND=image.rb,NAME=image,ON=DONE >>>>>>>>> VM_MAD=ARGUMENTS=-t 15 -r 0 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> kvm,DEFAULT=vmm_ssh/vmm_ssh_kvm.conf,EXECUTABLE=one_vmm_ssh,NAME=vmm_kvm,TYPE=kvm >> >>> VM_POLLING_INTERVAL=600 >>>>>>>>> VNC_BASE_PORT=5900 >>>>>>>>> _____________________________________________ >>>>>>>>> Thu Jun 2 16:52:09 2011 [ONE][I]: Bootstraping OpenNebula >>>>>>>>> database. >>>>>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Starting Virtual Machine >>>>>>>>> Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Starting Life-cycle Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [VMM][I]: Virtual Machine Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Starting Information Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [InM][I]: Information Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [LCM][I]: Life-cycle Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Starting Transfer Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Starting Dispatch Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [TrM][I]: Transfer Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [DiM][I]: Dispatch Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting Request Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Starting XML-RPC server, port >>>>>>>>> 2633 >>>>>>>>> ... >>>>>>>>> Thu Jun 2 16:52:09 2011 [ReM][I]: Request Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Starting Hook Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Starting Auth Manager... >>>>>>>>> Thu Jun 2 16:52:09 2011 [AuM][I]: Authorization Manager started. >>>>>>>>> Thu Jun 2 16:52:09 2011 [HKM][I]: Hook Manager started. >>>>>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading Virtual Machine Manager >>>>>>>>> drivers. >>>>>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: vmm_kvm >>>>>>>>> (KVM) >>>>>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Driver vmm_kvm loaded. >>>>>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading Information Manager >>>>>>>>> drivers. >>>>>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Loading driver: im_kvm >>>>>>>>> Thu Jun 2 16:52:11 2011 [InM][I]: Driver im_kvm loaded >>>>>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Loading Transfer Manager drivers. >>>>>>>>> Thu Jun 2 16:52:11 2011 [VMM][I]: Loading driver: tm_nfs >>>>>>>>> Thu Jun 2 16:52:11 2011 [TM][I]: Driver tm_nfs loaded. >>>>>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Loading Hook Manager driver. >>>>>>>>> Thu Jun 2 16:52:11 2011 [HKM][I]: Hook Manager loaded >>>>>>>>> Thu Jun 2 16:52:11 2011 [AuM][I]: Loading Auth. Manager driver. >>>>>>>>> Thu Jun 2 16:52:11 2011 [MAD][E]: MAD did not answer INIT command >>>>>>>>> Thu Jun 2 16:52:12 2011 [ReM][D]: VirtualMachinePoolInfo method >>>>>>>>> invoked >>>>>>>>> Thu Jun 2 16:52:12 2011 [AuM][E]: Auth Error: Could not find >>>>>>>>> Authorization driver >>>>>>>>> Thu Jun 2 16:52:12 2011 [ReM][E]: [VirtualMachinePoolInfo] User >>>>>>>>> couldn't be authenticated, aborting call. >>>>>>>>> >>>>>>>>> It seems that it cannot find the driver as a relative path name, >>>>>>>>> but I >>>>>>>>> have also tried to use the full path of the auth driver. >>>>>>>>> >>>>>>>>> Any help would be appreciated. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Carlos A. >>>>>>>>> >>>>>>>>> >>>>>>>>> El 02/06/11 11:39, Carlos A. escribió: >>>>>>>>> >>>>>>>>>> Hello, >>>>>>>>>> >>>>>>>>>> I have just installed the ldap authentication addon on an fresh >>>>>>>>>> ONE >>>>>>>>>> install. I followed the instructions and I found that I cannot >>>>>>>>>> authenticate against the LDAP server. >>>>>>>>>> >>>>>>>>>> what am I not doing in a wrong way? >>>>>>>>>> >>>>>>>>>> _____________________________________________ >>>>>>>>>> carlos@keo01:~$ onevm list >>>>>>>>>> [VirtualMachinePoolInfo] User couldn't be authenticated, aborting >>>>>>>>>> call. >>>>>>>>>> >>>>>>>>>> carlos@keo01:~$ tail /srv/cloud/one/var/oned.log >>>>>>>>>> (...) >>>>>>>>>> Thu Jun 2 11:27:22 2011 [AuM][E]: Auth Error: Could not find >>>>>>>>>> Authorization driver >>>>>>>>>> Thu Jun 2 11:27:22 2011 [ReM][E]: [VirtualMachinePoolInfo] User >>>>>>>>>> couldn't be authenticated, aborting call. >>>>>>>>>> (...) >>>>>>>>>> >>>>>>>>>> calfonso@keo01:/srv/cloud/one/lib/mads$ ls -l one_auth_mad* >>>>>>>>>> -rwxr-xr-x 1 oneadmin root 1632 Jun 2 09:53 one_auth_mad >>>>>>>>>> -rwxr-xr-x 1 oneadmin root 3341 Jun 2 09:58 one_auth_mad.rb >>>>>>>>>> >>>>>>>>>> carlos@keo01:/srv/cloud/one/lib/mads$ ls -l >>>>>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb >>>>>>>>>> -rw-r--r-- 1 oneadmin cloud 1340 Jun 2 09:58 >>>>>>>>>> /srv/cloud/one/lib/ruby/ldap_auth.rb >>>>>>>>>> >>>>>>>>>> *** content of /srv/cloud/one/etc/auth/auth.conf >>>>>>>>>> :database: sqlite://auth.db >>>>>>>>>> :authentication: ldap >>>>>>>>>> :quota: >>>>>>>>>> :enabled: false >>>>>>>>>> :defaults: >>>>>>>>>> :cpu: 10.0 >>>>>>>>>> :memory: 1048576 >>>>>>>>>> :ldap: >>>>>>>>>> :host: my.ldap.server >>>>>>>>>> :port: 389 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *** content of /srv/cloud/one/etc/oned.conf >>>>>>>>>> (...) >>>>>>>>>> AUTH_MAD = [ >>>>>>>>>> executable = "one_auth_mad" ] >>>>>>>>>> >>>>>>>>>> _____________________________________________ >>>>>>>>>> >>>>>>>>> >>> >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
