Can you check with ldapsearch command? Can you authenticate with that command and an invalid password? Are you using ssl?
For our tests we use slapd as ldap server and a Windows 2008 Server as Active Directory server. On Tue, Oct 1, 2013 at 9:52 AM, Andreas Calvo Gómez <[email protected]> wrote: > Javier, > We are not using a true AD; instead, we are using Samba 4 as an AD. > However, it fails either being configured as AD or just plain LDAP. > I may provide the configuration if necessary, just let me know. > > Regards, > > On 24/09/13 10:56, Javier Fontan wrote: >> >> I've tested the driver from 4.2 with a Windows 2008 server Active >> directory and does fail when the password is not correct. Could it be >> an Active Directory configuration? >> >> On Fri, Sep 6, 2013 at 4:57 PM, Andreas Calvo Gómez >> <[email protected]> wrote: >>> >>> Javier, >>> Thanks for your time. >>> We are running the latest version of OpenNebula as of today: version >>> 4.2.0. >>> >>> >>> On 06/09/13 15:23, Javier Fontan wrote: >>>> >>>> It looks really bad. Could you please give use the OpenNebula version >>>> you are using? I'll do my tests here and will let you know. >>>> >>>> I've created a ticket to keep track of this problem: >>>> >>>> http://dev.opennebula.org/issues/2307 >>>> >>>> >>>> On Wed, Aug 28, 2013 at 6:46 PM, Andreas Calvo Gómez >>>> <[email protected]> wrote: >>>>> >>>>> Hi all, >>>>> I've encountered a strange behavior while trying to configure ONE to >>>>> authenticate against an AD, either as a proper AD or as a LDAP. >>>>> If a credential is used to query LDAP and retrieve the complete DN for >>>>> the >>>>> user that wants to login, then no matter what password the user has >>>>> typed >>>>> it >>>>> will be listed as authenticated. >>>>> >>>>> ldap_auth.conf example: >>>>> server 1: >>>>> :user: '[email protected]' >>>>> :password: 'mypassword' >>>>> :auth_method: :simple >>>>> :host: ad.mydomain.com >>>>> :port: 389 >>>>> :base: 'dc=mydomain,dc=com' >>>>> :user_field: 'sAMAccountName' >>>>> :order: >>>>> - server 1 >>>>> >>>>> If I manually query the authenticate process with a made up password >>>>> and >>>>> secret, it is always listed as authenticated. >>>>> >>>>> For instance: >>>>> oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser >>>>> badpassword badpassword >>>>> Trying server server 1 >>>>> ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com >>>>> >>>>> My guess is that the same user that is used to look up users, performs >>>>> the >>>>> authenticate method and always returns a valid user. >>>>> >>>>> Or maybe I'm missing something. >>>>> >>>>> Any hint? >>>>> >>>>> Thanks! >>>>> _______________________________________________ >>>>> Users mailing list >>>>> [email protected] >>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >>>> >>>> >>>> >>> -- >>> Andreas Calvo Gómez >>> Systems Engineer >>> Scytl Secure Electronic Voting >>> Plaça Gal·la Placidia, 1-3, 1st floor · 08006 Barcelona >>> Phone: + 34 934 230 324 >>> Fax: + 34 933 251 028 >>> http://www.scytl.com >>> >>> NOTICE: The information in this e-mail and in any of its attachments is >>> confidential and intended solely for the attention and use of the named >>> addressee(s). If you are not the intended recipient, any disclosure, >>> copying, >>> distribution or retaining of this message or any part of it, without the >>> prior >>> written consent of Scytl Secure Electronic Voting, SA is prohibited and >>> may be >>> unlawful. If you have received this in error, please contact the sender >>> and >>> delete the material from any computer. >>> >> >> > -- Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
