Thx Rolandas and Daniel for your answers. Both were really useful.
On Thu, Feb 7, 2013 at 8:28 AM, Rolandas Naujikas <[email protected]> wrote: > Hi, > > We made Opennebula (3.8.3) Self Service portal (OCCI web UI) to work with > LDAP authentication by using this patch: > > sed -i 's/CryptoJS.SHA1(password)/password/' /(location of depends on > installation)/occi/ui/public/js/login.js > > and putting ":auth: occi" to occi-server.conf > > That is because OCCI transfers SHA1 hashed password to occi-server and it > could not do LDAP bind with it (exept if your LDAP contains clear text > passwords or SHA1 hash). With this patch clear password is transported to > occi-server and it could do LDAP bind against LDAP users. > > Regards, Rolandas Naujikas > > P.S. We are using https reverse proxy also. > > On 2013-02-06 15:15, Vassilis Vatikiotis wrote: >> >> Hello all, >> >> I'm trying to enable the LDAP auth method so my users can login to >> OCCI web UI and although I've followed the steps from the docs in ONE >> site so far I haven;t managed it. >> >> The /etc/one/oned.conf AUTH_MAD section is: >> AUTH_MAD = [ >> executable = "one_auth_mad", >> authn = "ssh,x509,ldap,default,server_cipher,server_x509" >> ] >> >> The /etc/one/auth/ldap_auth.conf is: >> server 1: >> :user: 'cn=xxx,ou=xxxx,dc=xxx,dc=xxx,dc=xxx' >> :password: 'xxxx' >> :auth_method: :simple >> :host: 'ldap.xxx.xxx.xxx' >> :port: 389 >> :base: 'ou=xxx,dc=xxx,dc=xxx,dc=xxx' >> :user_field: 'uid' >> >> :order: >> - server 1 >> >> The above ldap setting work as I've tested them inside irb, using the >> ruby class defined in /etc/lib/one/ruby/ldap_auth.rb. I can search my >> LDAP database and get results >> >> I've also copied the ldap directory to a default one, like, >> $ cp -R /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default >> >> What puzzles me is that whenever I try to login to OCCI (or sunstone) >> I cannot see any auth related queries in /var/log/one/oned.log. It's >> as if the ldap and default settings in authn of AUTH_MAD are completly >> ignored. At the same time, no queries are performed in the LDAP >> backend. >> >> I haven't done the last step where a $HOME/.one/one_auth file >> containing a user_dn:password >> entry cause I'm unsure of what it means. >> >> Any ideas? >> >> >> >> > _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
