LDAP Authentication 3.2

The LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively centralizing authentication. Enabling it will let any correctly authenticated LDAP user to use OpenNebula.

Prerequisites

This Addon uses the 'net/ldap' ruby library provided by the 'net-ldap' gem.

This Addon will not install any Ldap server or configure it in any way. It will not create, delete or modify any entry in the Ldap server it connects to. The only requirement is the ability to connect to an already running Ldap server and being able to perform a successful ldapbind operation and have a user able to perform searches of users, therefore no special attributes or values are required in the LDIF entry of the user authenticating.

Configuration

Configuration file for auth module is located at $ONE_LOCATION/etc/auth/ldap_auth.conf. This is the default configuration:

# Ldap user able to query, if not set connects as anonymous

#:user: 'admin'

#:password: 'password'

 

# Ldap authentication method

:auth_method: :simple

 

# Ldap server

:host: localhost

:port: 389

 

# base hierarchy where to search for users and groups

:base: 'dc=domain'

 

# group the users need to belong to. If not set any user will do

:group: 'cn=cloud,ou=groups,dc=domain'

 

# field that holds the user name, if not set 'cn' will be used

:user_field: 'cn'
VARIABLE DESCRIPTION
:user Name of the user that can query ldap. Do not set it if you can perform queries anonymously
:password Password for the user defined in :user. Do not set if anonymous access is enabled
:auth_method Can be set to :simple_tls if ssl connection is needed
:host Host name of the ldap server
:port Port of the ldap server
:base Base leaf where to perform user searches
:group If set the users need to belong to this group
:user_field Field in ldap that holds the user name

To enable ldap authentication the described parameters should be configured. OpenNebula must be also configured to enable external authentication. Uncomment these lines in $ONE_LOCATION/etc/oned.conf and add ldap and default (more on this later) as an enabled authentication method.

AUTH_MAD = [

    executable = "one_auth_mad",

    arguments = "--authz quota --authn server_cipher,ldap,default"

]

To be able to use this driver for users that are still not in the user database you must set it to the default driver. To do this go to the auth drivers directory and symlink the directory ldap to default. In system-wide installation you can do this using this command:

$ ln -s /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

User Management

Using LDAP authentication module the administrator doesn't need to create users with oneuser command as this will be automatically done. The user should add its credentials to $ONE_AUTH file (usually $HOME/.one/one_auth) in this fashion:

user_dn_or_username:user_password

LDAP Authentication for openNebula3.2的更多相关文章

  1. LDAP Authentication Handler

    Including the Handler In the pom.xml file for your CAS Maven2 WAR Overlay, add the following depende ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  3. opennebula extend(expending) auth module ldap

    LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively cent ...

  4. net-ldap for ruby openNebula ldap

    preface:ldap 主要概念及术语 OpenNebula issues:missing step to use LDAP as default driver cp -r /var/lib/one ...

  5. Spring Security(二十四):6.6 The Authentication Manager and the Namespace

    The main interface which provides authentication services in Spring Security is the AuthenticationMa ...

  6. Spring Security(十五):5.6 Authentication

    Thus far we have only taken a look at the most basic authentication configuration. Let’s take a look ...

  7. 将 LDAP 目录用于 Samba 认证

    原文地址: http://www.ibm.com/developerworks/cn/education/linux/smb-ldap/smb-ldap.html 开放源码 Samba 将 Unix ...

  8. ldap集成nexus

    nexus版本:2.14.4 添加nexus支持ldap认证: 管理员登录,点击 Administration --> Server -->Security Settings,将 OSS ...

  9. Confluence 6 使用 LDAP 授权连接一个内部目录 - 成员 Schema 设置

    请注意:这部分仅在拷贝用户登录(Copy User on Login)和 同步组成员(Synchronize Group Memberships)被启用后可见. 用户组成员属性(Group Membe ...

随机推荐

  1. Amazon MWS 上传数据 (一) 设置服务

    Amazon 上传数据的流程为: 通过 SubmitFeed 操作.加密标头和所有必需的元数据(包括 FeedType 的值在内),来提交 XML 或文本型数据文件.正如亚马逊 MWS的所有提交内容一 ...

  2. IC卡、M1卡、CPU卡、SAM卡、PSAM卡的联系与区别

    一. 技术方面(非接触式IC卡)  1. 逻辑加密卡又叫存储卡,卡内的集成电路具有加密逻辑和EEPROM(电可擦除可编程只读存储器).  2. CPU卡又叫智能卡,卡内的集成电路包括中央处理器(CPU ...

  3. Cortex-M3和Cortex-M4 Fault异常应用之二 ----- Fault处理函数的实现

    在项目处于调试期间,Fault处理程序可能只是一个断点指令,调试器遇到这个指令后停止程序的运行.默认情况下,由于非硬Fault被禁能,所有发生的非Fault都会上访成硬Fault,因此只要在硬Faul ...

  4. web编码(转)

    问题2.浏览器编码方式是根据“响应标头-response header”中的键为“Content-Type”的值来自动选择判断,而不会简单的根据你在html中看到的标签值<meta http-e ...

  5. 剑指Offer:面试题25

    题目描述: 输入一颗二叉树和一个整数,打印出二叉树中结点值的和为输入整数的所有路径.路径定义为从树的根结点开始往下一直到叶结点所经过的结点形成一条路径.九度OJ地址:http://ac.jobdu.c ...

  6. aix archPlat

    #++++++++++++++++++++++++++++++++++++++++++++++++++++ #+ Ruiy(R) Techdiss contact: 150 5519 8367 #+ ...

  7. Aix_bugzilla

    原创作品,转载请注明出处! Bugzilla在AIX上部署,网上看到的不多.我耗费了很长时间才算部署完,记录在这里,以防忘记了. 一.    下载安装文件或源代码 1. 下载Bugzilla 3.6. ...

  8. Cocoa 之 Core Data(2)- 代码示例

    前面详 细讲解了 Core Data 的框架以及设计的类,下面我们来讲解一个完全手动编写代码 使用这些类的示例,这个例子来自 苹果官方示例.在这个例子里面,我们打算做这样一件事 情:记录程序运行记录( ...

  9. mount CIFS return ERR -12 and report Cannot allocate memory

    When I mount CIFS on board, it encountered error as below: # mount -t cifs //192.168.1.28/98share /t ...

  10. javascript高级知识点——指定上下文实现

    代码信息来自于http://ejohn.org/apps/learn/. 当我们将一个对象的点击事件绑定到一个事件触发元素时会发生什么? <ul id="results"&g ...