You can configure ldap with this parameters to make it work: The same functionality can be done changing the configuration file:
# field that holds the user name, if not set 'cn' will be used :user_field: 'uid' # field name for group membership, by default it is 'member' :group_field: 'memberUid' # user field that that is in in the group group_field, if not set 'dn' will be used :user_group_field: 'uid' Cheers On Fri, Oct 10, 2014 at 2:42 PM, Manuel Alfonso López Rourich <alfonso.lo...@cenits.es> wrote: > Hello, > > Thank you very much for your so quickly response, but I would prefer not to > change any OpenNebula script. > > Anyway, I wonder why that simple configuration doesn't work. Could someone > who has integrated OpenLDAP groups with OpenNebula let us know his > configuration and OpenLDAP entry types? > > Thank you very much > > Best regards > > 2014-10-08 12:42 GMT+02:00 Marcin Stolarek <ms...@icm.edu.pl>: >> >> >> >> On 10/08/2014 12:32 PM, Manuel Alfonso López Rourich wrote: >>> >>> Good morning, >>> >>> I'd like to ask you about an issue with user authentication in SunStone: >>> >>> I've configured SunStone so that new users from an OpenLDAP directory >>> can log in (the user is created automatically in OpenNebula). It works >>> fine but when I configure *:group* in *ldap_auth.conf*, I can't >>> authenticate new users within a LDAP group. The error that ONE throws is >>> clear (*"User ulopez is not in group >>> cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es"*) but I don't know what could >>> >>> be do so that it works. The documentation about LDAP groups with ONE is >>> not very clear for me. >>> >>> The LDAP configuration is: >>> >>> server 1: >>> :auth_method: :simple >>> :host: 10.12.0.3 >>> :port: 389 >>> :base: 'dc=one,dc=es' >>> >>> # group the users need to belong to. If not set any user will do >>> :group: 'cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es' >>> >>> # field that holds the user name, if not set 'cn' will be used >>> :user_field: 'uid' >>> # field name for group membership, by default it is 'member' >>> :group_field: 'memberUid' >>> >>> # user field that that is in in the group group_field, if not set >>> 'dn' will be used >>> #user_group_field: 'gidNumber' >>> >>> The directory entry for the group is the next one: >>> >>> # extended LDIF >>> # >>> # LDAPv3 >>> # base <cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es> with scope subtree >>> # filter: (objectclass=*) >>> # requesting: ALL >>> # >>> >>> # grupo_nuevo, ou_nueva, one.es <http://one.es> >>> dn: cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es >>> gidNumber: 503 >>> cn: grupo_nuevo >>> objectClass: posixGroup >>> objectClass: top >>> memberUid: ulopez >>> >>> # us_nuevo_lopez, grupo_nuevo, ou_nueva, one.es <http://one.es> >>> dn: cn=us_nuevo_lopez,cn=grupo_nuevo,ou=ou_nueva,dc=one,dc=es >>> givenName: us_nuevo >>> gidNumber: 503 >>> homeDirectory: /home/users/ulopez >>> sn: lopez >>> loginShell: /bin/sh >>> objectClass: inetOrgPerson >>> objectClass: posixAccount >>> objectClass: top >>> uidNumber: 1009 >>> uid: ulopez >>> cn: us_nuevo_lopez >>> >>> Thank you very much, >>> >>> Best regards >>> >>> >>> >>> >>> _______________________________________________ >>> Users mailing list >>> Users@lists.opennebula.org >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >>> >> >> >> Currently openebula supports only scheme with "listofmembers" (not sure if >> haven't make a mistake in name) objecClass. >> >> You can use my patch: >> >> https://github.com/cinek810/one/commit/925a124c96018aa8b4b44805aafa76280830a461 >> >> to support groups in memberUid format. >> >> cheers, >> marcin >> _______________________________________________ >> Users mailing list >> Users@lists.opennebula.org >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Javier Fontán Muiños Developer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org