LDAP Authentication 3.2

The LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively centralizing authentication. Enabling it will let any correctly authenticated LDAP user to use OpenNebula.

Prerequisites

This Addon uses the 'net/ldap' ruby library provided by the 'net-ldap' gem.

This Addon will not install any Ldap server or configure it in any way. It will not create, delete or modify any entry in the Ldap server it connects to. The only requirement is the ability to connect to an already running Ldap server and being able to perform a successful ldapbind operation and have a user able to perform searches of users, therefore no special attributes or values are required in the LDIF entry of the user authenticating.

Configuration

Configuration file for auth module is located at $ONE_LOCATION/etc/auth/ldap_auth.conf. This is the default configuration:

# Ldap user able to query, if not set connects as anonymous

#:user: 'admin'

#:password: 'password'

 

# Ldap authentication method

:auth_method: :simple

 

# Ldap server

:host: localhost

:port: 389

 

# base hierarchy where to search for users and groups

:base: 'dc=domain'

 

# group the users need to belong to. If not set any user will do

:group: 'cn=cloud,ou=groups,dc=domain'

 

# field that holds the user name, if not set 'cn' will be used

:user_field: 'cn'
VARIABLE DESCRIPTION
:user Name of the user that can query ldap. Do not set it if you can perform queries anonymously
:password Password for the user defined in :user. Do not set if anonymous access is enabled
:auth_method Can be set to :simple_tls if ssl connection is needed
:host Host name of the ldap server
:port Port of the ldap server
:base Base leaf where to perform user searches
:group If set the users need to belong to this group
:user_field Field in ldap that holds the user name

To enable ldap authentication the described parameters should be configured. OpenNebula must be also configured to enable external authentication. Uncomment these lines in $ONE_LOCATION/etc/oned.conf and add ldap and default (more on this later) as an enabled authentication method.

AUTH_MAD = [

    executable = "one_auth_mad",

    arguments = "--authz quota --authn server_cipher,ldap,default"

]

To be able to use this driver for users that are still not in the user database you must set it to the default driver. To do this go to the auth drivers directory and symlink the directory ldap to default. In system-wide installation you can do this using this command:

$ ln -s /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

User Management

Using LDAP authentication module the administrator doesn't need to create users with oneuser command as this will be automatically done. The user should add its credentials to $ONE_AUTH file (usually $HOME/.one/one_auth) in this fashion:

user_dn_or_username:user_password

LDAP Authentication for openNebula3.2的更多相关文章

  1. LDAP Authentication Handler

    Including the Handler In the pom.xml file for your CAS Maven2 WAR Overlay, add the following depende ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  3. opennebula extend(expending) auth module ldap

    LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively cent ...

  4. net-ldap for ruby openNebula ldap

    preface:ldap 主要概念及术语 OpenNebula issues:missing step to use LDAP as default driver cp -r /var/lib/one ...

  5. Spring Security(二十四):6.6 The Authentication Manager and the Namespace

    The main interface which provides authentication services in Spring Security is the AuthenticationMa ...

  6. Spring Security(十五):5.6 Authentication

    Thus far we have only taken a look at the most basic authentication configuration. Let’s take a look ...

  7. 将 LDAP 目录用于 Samba 认证

    原文地址: http://www.ibm.com/developerworks/cn/education/linux/smb-ldap/smb-ldap.html 开放源码 Samba 将 Unix ...

  8. ldap集成nexus

    nexus版本:2.14.4 添加nexus支持ldap认证: 管理员登录,点击 Administration --> Server -->Security Settings,将 OSS ...

  9. Confluence 6 使用 LDAP 授权连接一个内部目录 - 成员 Schema 设置

    请注意:这部分仅在拷贝用户登录(Copy User on Login)和 同步组成员(Synchronize Group Memberships)被启用后可见. 用户组成员属性(Group Membe ...

随机推荐

  1. 三篇编译libcurl,附下载 good

    http://download.csdn.net/detail/flyliying/2982867 http://download.csdn.net/detail/wojiushiwo987/9113 ...

  2. docker 运行挂载磁盘

    docker:/data# mkdir /awp docker:/data# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAM ...

  3. JVM(Java虚拟机)优化大全和案例实战

    堆内存设置 原理 JVM堆内存分为2块:Permanent Space 和 Heap Space. Permanent 即 持久代(Permanent Generation),主要存放的是Java类定 ...

  4. javascript第六课类型转换

    1.parseint(参数): 转换为整数,即使参数中的字符串包含字母数字混合,此方法也会自动一个一个判断和转换   parseInt(参数,进制);将参数通过几进制的方式转为数字 2.parsefl ...

  5. UVALive 3635 Pie 切糕大师 二分

    题意:为每个小伙伴切糕,要求每个小盆友(包括你自己)分得的pie一样大,但是每个人只能分得一份pie,不能拿两份凑一起的. 做法:二分查找切糕的大小,然后看看分出来的个数有没有大于小盆友们的个数,它又 ...

  6. swipe方法

    /** * @author zhousg * @Date 2016-02-04 * @Method 滑动方法 针对一个大容器内部的容器做滑动封装 * @param * args args.swipeD ...

  7. javascript高级知识点——内置对象原型

    代码信息来自于http://ejohn.org/apps/learn/. 可以修改内置对象的方法. if (!Array.prototype.forEach) { Array.prototype.fo ...

  8. linux查看与设置主机名

    1.设置主机名    通过编辑/etc/sysconfig/network文件中的HOSTNAME字段就可以修改主机名.如下所示:     [root@zijuan /]# vim /etc/sysc ...

  9. C++学习笔录2

    1.如果一个类要成为基类,那么它的成员变量声明成受保护的变量,既用关键字protected修饰. 2.处理共同继承产生的二义性:采用虚继承方式,当出现两个相同的成员时,编译器会自动删除其中一个.其方法 ...

  10. 怎样在超级终端和PC之间通过串口传输文件

    Windows环境下,通过SecureCRT软件,用串口向ARM开发板发送文件: 输入命令 rz,可以看到如下图所示: 选择路径点击上传即可. 如果是想从Arm开发板中把文件Down下来,则可以按照下 ...