Hi all,
I've encountered a strange behavior while trying to configure ONE to
authenticate against an AD, either as a proper AD or as a LDAP.
If a credential is used to query LDAP and retrieve the complete DN for
the user that wants to login, then no matter what password the user has
typed it will be listed as authenticated.
ldap_auth.conf example:
server 1:
:user: '[email protected]'
:password: 'mypassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
:base: 'dc=mydomain,dc=com'
:user_field: 'sAMAccountName'
:order:
- server 1
If I manually query the authenticate process with a made up password and
secret, it is always listed as authenticated.
For instance:
oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser
badpassword badpassword
Trying server server 1
ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
My guess is that the same user that is used to look up users, performs
the authenticate method and always returns a valid user.
Or maybe I'm missing something.
Any hint?
Thanks!
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
