It looks really bad. Could you please give use the OpenNebula version you are using? I'll do my tests here and will let you know.
I've created a ticket to keep track of this problem: http://dev.opennebula.org/issues/2307 On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez <[email protected]> wrote: > Hi all, > I've encountered a strange behavior while trying to configure ONE to > authenticate against an AD, either as a proper AD or as a LDAP. > If a credential is used to query LDAP and retrieve the complete DN for the > user that wants to login, then no matter what password the user has typed it > will be listed as authenticated. > > ldap_auth.conf example: > server 1: > :user: '[email protected]' > :password: 'mypassword' > :auth_method: :simple > :host: ad.mydomain.com > :port: 389 > :base: 'dc=mydomain,dc=com' > :user_field: 'sAMAccountName' > :order: > - server 1 > > If I manually query the authenticate process with a made up password and > secret, it is always listed as authenticated. > > For instance: > oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser > badpassword badpassword > Trying server server 1 > ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com > > My guess is that the same user that is used to look up users, performs the > authenticate method and always returns a valid user. > > Or maybe I'm missing something. > > Any hint? > > Thanks! > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org -- Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of September 2013! Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
