Creating manually a user with driver ldap, username the same as the one in ldap and a dummy password (for example -) should do the trick. That's what the driver does.
On Thu, Feb 6, 2014 at 1:01 PM, Nicolas Bélan <[email protected]> wrote: > Thank you for the explanation. > > I am trying to detail more the steps I am using. > > I have a LDAP tree with users (eg foobar user). > I will setup a VM in one-4.4 and I would like to assign it to foobar. > But, foobar does not exists yet in one (especially sunstone) until > foobar logged in, right ? > So, I would like to add it before any login, and assign its VM to its > user id. So, I create a foobar user (same UID as LDAP) in one. > > But, If I create with "oneuser foobar" and set its auth engine to LDAP, > it seems that one do no find it. > It creates a new User ID when foobar logs in. (In fact, if I understand, > it finds the ldap one, and display it without any search in one users DB). > I have two users with the same ID (but numeric ID different), the LDAP > one and the ONE-4.4 one ( :-) ). Which seems "right" with your description. > > Is there a way to "map" the oneuser foobar and the ldap one ? or to > "link" both ? > > To be clear, I would like to authentify the one user to LDAP, but only > auth may be externalized to ldap. > > Thank you > Nicolas > > > Le 06/02/2014 12:24, Javier Fontan a écrit : >> I'm not sure I've understood the problem. Maybe this explanation helps. >> >> The user name of a user with ldap driver is used to find it in ldap. >> It first searches for an ldap user with a DN equal to the OpenNebula >> user name. This way you can set the OpenNebula user name to a full dn >> of a user. >> >> In case there's no user with that dn it searches for users that have a >> field that are equal to the OpenNebula user name. By default this >> field is "cn" but it can be changed in ldap auth configuration file: >> >> --8<------ >> # field that holds the user name, if not set 'cn' will be used >> :user_field: 'cn' >> ------>8-- >> >> In this example the field that we want to use as user name is "uid": >> >> --8<------ >> dn: cn=Robert Smith,ou=people,dc=example,dc=com >> objectclass: inetOrgPerson >> cn: Robert Smith >> cn: Robert J Smith >> cn: bob smith >> sn: smith >> uid: rjsmith >> userpassword: rJsmitH >> ou: Human Resources >> ------>8-- >> >> And we can change the ldap auth "user_field" to "uid". >> >> The user in OpenNebula should have >> >> user name: rjsmith >> password: - >> driver: ldap >> >> On Wed, Feb 5, 2014 at 10:41 AM, Nicolas Bélan <[email protected]> >> wrote: >>> Hello, >>> >>> I tried successfully the LDAP auth using one 4.4, with the 'default' >>> auth engine. >>> >>> So, I am able to log on Sunstone with a user in the right LDAP group, if >>> it is not created on the one user DB. >>> >>> But, I am trying to answer this use case, and I can't achieve it: >>> >>> 1) create a user through sunstone and set it a LDAP scheme auth. >>> 2) assign VM to this user (let's say uid 2) >>> 3) create a correct CN in LDAP DB, and assign it to the right group >>> 4) auth with sunstone GUI >>> >>> I creates a user 3, without any VM (same filter id ...) >>> >>> I would like to (pre)create user in sunstone, and give them accesses >>> later through LDAP auth. >>> Is it possible ? >>> >>> Thank you >>> Best regards, >>> Nicolas. >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> > -- Javier Fontán Muiños Developer OpenNebula - The Open Source Toolkit for Data Center Virtualization www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
