Thank you for the explanation. I am trying to detail more the steps I am using.
I have a LDAP tree with users (eg foobar user). I will setup a VM in one-4.4 and I would like to assign it to foobar. But, foobar does not exists yet in one (especially sunstone) until foobar logged in, right ? So, I would like to add it before any login, and assign its VM to its user id. So, I create a foobar user (same UID as LDAP) in one. But, If I create with "oneuser foobar" and set its auth engine to LDAP, it seems that one do no find it. It creates a new User ID when foobar logs in. (In fact, if I understand, it finds the ldap one, and display it without any search in one users DB). I have two users with the same ID (but numeric ID different), the LDAP one and the ONE-4.4 one ( :-) ). Which seems "right" with your description. Is there a way to "map" the oneuser foobar and the ldap one ? or to "link" both ? To be clear, I would like to authentify the one user to LDAP, but only auth may be externalized to ldap. Thank you Nicolas Le 06/02/2014 12:24, Javier Fontan a écrit : > I'm not sure I've understood the problem. Maybe this explanation helps. > > The user name of a user with ldap driver is used to find it in ldap. > It first searches for an ldap user with a DN equal to the OpenNebula > user name. This way you can set the OpenNebula user name to a full dn > of a user. > > In case there's no user with that dn it searches for users that have a > field that are equal to the OpenNebula user name. By default this > field is "cn" but it can be changed in ldap auth configuration file: > > --8<------ > # field that holds the user name, if not set 'cn' will be used > :user_field: 'cn' > ------>8-- > > In this example the field that we want to use as user name is "uid": > > --8<------ > dn: cn=Robert Smith,ou=people,dc=example,dc=com > objectclass: inetOrgPerson > cn: Robert Smith > cn: Robert J Smith > cn: bob smith > sn: smith > uid: rjsmith > userpassword: rJsmitH > ou: Human Resources > ------>8-- > > And we can change the ldap auth "user_field" to "uid". > > The user in OpenNebula should have > > user name: rjsmith > password: - > driver: ldap > > On Wed, Feb 5, 2014 at 10:41 AM, Nicolas Bélan <[email protected]> > wrote: >> Hello, >> >> I tried successfully the LDAP auth using one 4.4, with the 'default' >> auth engine. >> >> So, I am able to log on Sunstone with a user in the right LDAP group, if >> it is not created on the one user DB. >> >> But, I am trying to answer this use case, and I can't achieve it: >> >> 1) create a user through sunstone and set it a LDAP scheme auth. >> 2) assign VM to this user (let's say uid 2) >> 3) create a correct CN in LDAP DB, and assign it to the right group >> 4) auth with sunstone GUI >> >> I creates a user 3, without any VM (same filter id ...) >> >> I would like to (pre)create user in sunstone, and give them accesses >> later through LDAP auth. >> Is it possible ? >> >> Thank you >> Best regards, >> Nicolas. >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
