I've tested the driver from 4.2 with a Windows 2008 server Active directory and does fail when the password is not correct. Could it be an Active Directory configuration?
On Fri, Sep 6, 2013 at 4:57 PM, Andreas Calvo Gómez <[email protected]> wrote: > Javier, > Thanks for your time. > We are running the latest version of OpenNebula as of today: version 4.2.0. > > > On 06/09/13 15:23, Javier Fontan wrote: >> >> It looks really bad. Could you please give use the OpenNebula version >> you are using? I'll do my tests here and will let you know. >> >> I've created a ticket to keep track of this problem: >> >> http://dev.opennebula.org/issues/2307 >> >> >> On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez >> <[email protected]> wrote: >>> >>> Hi all, >>> I've encountered a strange behavior while trying to configure ONE to >>> authenticate against an AD, either as a proper AD or as a LDAP. >>> If a credential is used to query LDAP and retrieve the complete DN for >>> the >>> user that wants to login, then no matter what password the user has typed >>> it >>> will be listed as authenticated. >>> >>> ldap_auth.conf example: >>> server 1: >>> :user: '[email protected]' >>> :password: 'mypassword' >>> :auth_method: :simple >>> :host: ad.mydomain.com >>> :port: 389 >>> :base: 'dc=mydomain,dc=com' >>> :user_field: 'sAMAccountName' >>> :order: >>> - server 1 >>> >>> If I manually query the authenticate process with a made up password and >>> secret, it is always listed as authenticated. >>> >>> For instance: >>> oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser >>> badpassword badpassword >>> Trying server server 1 >>> ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com >>> >>> My guess is that the same user that is used to look up users, performs >>> the >>> authenticate method and always returns a valid user. >>> >>> Or maybe I'm missing something. >>> >>> Any hint? >>> >>> Thanks! >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> > > -- > Andreas Calvo Gómez > Systems Engineer > Scytl Secure Electronic Voting > Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona > Phone: + 34 934 230 324 > Fax: + 34 933 251 028 > http://www.scytl.com > > NOTICE: The information in this e-mail and in any of its attachments is > confidential and intended solely for the attention and use of the named > addressee(s). If you are not the intended recipient, any disclosure, > copying, > distribution or retaining of this message or any part of it, without the > prior > written consent of Scytl Secure Electronic Voting, SA is prohibited and > may be > unlawful. If you have received this in error, please contact the sender > and > delete the material from any computer. > -- Join us at OpenNebulaConf2013 in Berlin from the 24th to the 26th of September 2013! Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
