LDAP Authentication 3.2

The LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively centralizing authentication. Enabling it will let any correctly authenticated LDAP user to use OpenNebula.

Prerequisites

This Addon uses the 'net/ldap' ruby library provided by the 'net-ldap' gem.

This Addon will not install any Ldap server or configure it in any way. It will not create, delete or modify any entry in the Ldap server it connects to. The only requirement is the ability to connect to an already running Ldap server and being able to perform a successful ldapbind operation and have a user able to perform searches of users, therefore no special attributes or values are required in the LDIF entry of the user authenticating.

Configuration

Configuration file for auth module is located at $ONE_LOCATION/etc/auth/ldap_auth.conf. This is the default configuration:

# Ldap user able to query, if not set connects as anonymous

#:user: 'admin'

#:password: 'password'

 

# Ldap authentication method

:auth_method: :simple

 

# Ldap server

:host: localhost

:port: 389

 

# base hierarchy where to search for users and groups

:base: 'dc=domain'

 

# group the users need to belong to. If not set any user will do

:group: 'cn=cloud,ou=groups,dc=domain'

 

# field that holds the user name, if not set 'cn' will be used

:user_field: 'cn'
VARIABLE DESCRIPTION
:user Name of the user that can query ldap. Do not set it if you can perform queries anonymously
:password Password for the user defined in :user. Do not set if anonymous access is enabled
:auth_method Can be set to :simple_tls if ssl connection is needed
:host Host name of the ldap server
:port Port of the ldap server
:base Base leaf where to perform user searches
:group If set the users need to belong to this group
:user_field Field in ldap that holds the user name

To enable ldap authentication the described parameters should be configured. OpenNebula must be also configured to enable external authentication. Uncomment these lines in $ONE_LOCATION/etc/oned.conf and add ldap and default (more on this later) as an enabled authentication method.

AUTH_MAD = [

    executable = "one_auth_mad",

    arguments = "--authz quota --authn server_cipher,ldap,default"

]

To be able to use this driver for users that are still not in the user database you must set it to the default driver. To do this go to the auth drivers directory and symlink the directory ldap to default. In system-wide installation you can do this using this command:

$ ln -s /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

User Management

Using LDAP authentication module the administrator doesn't need to create users with oneuser command as this will be automatically done. The user should add its credentials to $ONE_AUTH file (usually $HOME/.one/one_auth) in this fashion:

user_dn_or_username:user_password

LDAP Authentication for openNebula3.2的更多相关文章

  1. LDAP Authentication Handler

    Including the Handler In the pom.xml file for your CAS Maven2 WAR Overlay, add the following depende ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  3. opennebula extend(expending) auth module ldap

    LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively cent ...

  4. net-ldap for ruby openNebula ldap

    preface:ldap 主要概念及术语 OpenNebula issues:missing step to use LDAP as default driver cp -r /var/lib/one ...

  5. Spring Security(二十四):6.6 The Authentication Manager and the Namespace

    The main interface which provides authentication services in Spring Security is the AuthenticationMa ...

  6. Spring Security(十五):5.6 Authentication

    Thus far we have only taken a look at the most basic authentication configuration. Let’s take a look ...

  7. 将 LDAP 目录用于 Samba 认证

    原文地址: http://www.ibm.com/developerworks/cn/education/linux/smb-ldap/smb-ldap.html 开放源码 Samba 将 Unix ...

  8. ldap集成nexus

    nexus版本:2.14.4 添加nexus支持ldap认证: 管理员登录,点击 Administration --> Server -->Security Settings,将 OSS ...

  9. Confluence 6 使用 LDAP 授权连接一个内部目录 - 成员 Schema 设置

    请注意:这部分仅在拷贝用户登录(Copy User on Login)和 同步组成员(Synchronize Group Memberships)被启用后可见. 用户组成员属性(Group Membe ...

随机推荐

  1. 一元云购qq互联回调地址错误解决办法

    经过追踪,点击登录后调用 system/modules/api/下面的qqlogin.action.class.php 里面又调用了qq 互联php接口样例里的QC.php的QC类的方法qq_logi ...

  2. virtualBox 安装CentOS 全屏

    在VirtualBox里安装CentOS系统,会遇到“增强工具”无法正常安装,主要的原因是出在Kernel 库找不到. 错误提示如下: 通过查看日志文件: cat /var/log/vboxadd-i ...

  3. 关于 java.io.IOException: open failed: EACCES (Permission denied)

    今天解决了一个问题,不得不来和大家分享.就是关于 java.io.IOException: open failed: EACCES (Permission denied)的问题,网上也有很多人把这个问 ...

  4. C++字符串之一(字符表示)

    在C++中有两种类型可以用于表示字符,char和wchar_t. 但是字符串格式的标准却有很多种,如ASCII,UTF8,UTF16,UTF32等等.字符串的格式和char/wchar_t 的关系是什 ...

  5. google自定义站内搜索

    ttps://www.google.com/cse/docs/cref.html?hl=zh-cn 重要表单参数: action 字段:您希望存储结果的网址(在该例中,我们使用 http://www. ...

  6. linux下创建用户并且限定用户主目录

    Linux 系统是一个多用户多任务的分时操作系统,任何一个要使用系统资源的用户,都必须首先向系统管理员申请一个账号,然后以这个账号的身份进入系统.用户的账号 一方面可以帮助系统管理员对使用系统的用户进 ...

  7. C#根据汉字生成拼音首字母全称

    static void Main(string[] args) { string s = GetChineseSpell("周杰伦"); Console.WriteLine(s.T ...

  8. 场景切换特效Transition——Cocos2d-x学习历程(十二)

    Transition 场景切换 在游戏中通常会用到一些场景的切换,比如从加载界面切换到欢迎界面.游戏中的所有场景存放在一个栈中,有且只有一个场景可以处于激活状态.直接replaceScene(即不适用 ...

  9. 开发环境配置--Ubuntu+Qt4+OpenCV(一)

    同系列的文章 1. 开发环境配置--Ubuntu+Qt4+OpenCV(一) 2. 开发环境配置--Ubuntu+Qt4+OpenCV(二) 3. 开发环境配置--Ubuntu+Qt4+OpenCV( ...

  10. leetcode Minimum Depth of Binary Tree python

    # Definition for a binary tree node. # class TreeNode(object): # def __init__(self, x): # self.val = ...