LDAP Authentication 3.2

The LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively centralizing authentication. Enabling it will let any correctly authenticated LDAP user to use OpenNebula.

Prerequisites

This Addon uses the 'net/ldap' ruby library provided by the 'net-ldap' gem.

This Addon will not install any Ldap server or configure it in any way. It will not create, delete or modify any entry in the Ldap server it connects to. The only requirement is the ability to connect to an already running Ldap server and being able to perform a successful ldapbind operation and have a user able to perform searches of users, therefore no special attributes or values are required in the LDIF entry of the user authenticating.

Configuration

Configuration file for auth module is located at $ONE_LOCATION/etc/auth/ldap_auth.conf. This is the default configuration:

# Ldap user able to query, if not set connects as anonymous

#:user: 'admin'

#:password: 'password'

 

# Ldap authentication method

:auth_method: :simple

 

# Ldap server

:host: localhost

:port: 389

 

# base hierarchy where to search for users and groups

:base: 'dc=domain'

 

# group the users need to belong to. If not set any user will do

:group: 'cn=cloud,ou=groups,dc=domain'

 

# field that holds the user name, if not set 'cn' will be used

:user_field: 'cn'
VARIABLE DESCRIPTION
:user Name of the user that can query ldap. Do not set it if you can perform queries anonymously
:password Password for the user defined in :user. Do not set if anonymous access is enabled
:auth_method Can be set to :simple_tls if ssl connection is needed
:host Host name of the ldap server
:port Port of the ldap server
:base Base leaf where to perform user searches
:group If set the users need to belong to this group
:user_field Field in ldap that holds the user name

To enable ldap authentication the described parameters should be configured. OpenNebula must be also configured to enable external authentication. Uncomment these lines in $ONE_LOCATION/etc/oned.conf and add ldap and default (more on this later) as an enabled authentication method.

AUTH_MAD = [

    executable = "one_auth_mad",

    arguments = "--authz quota --authn server_cipher,ldap,default"

]

To be able to use this driver for users that are still not in the user database you must set it to the default driver. To do this go to the auth drivers directory and symlink the directory ldap to default. In system-wide installation you can do this using this command:

$ ln -s /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

User Management

Using LDAP authentication module the administrator doesn't need to create users with oneuser command as this will be automatically done. The user should add its credentials to $ONE_AUTH file (usually $HOME/.one/one_auth) in this fashion:

user_dn_or_username:user_password

LDAP Authentication for openNebula3.2的更多相关文章

  1. LDAP Authentication Handler

    Including the Handler In the pom.xml file for your CAS Maven2 WAR Overlay, add the following depende ...

  2. SPRING IN ACTION 第4版笔记-第九章Securing web applications-007-设置LDAP server比较密码(contextSource、root()、ldif()、)

    一.LDAP server在哪 By default, Spring Security’s LDAP authentication assumes that the LDAP server is li ...

  3. opennebula extend(expending) auth module ldap

    LDAP Authentication addon permits users to have the same credentials as in LDAP, so effectively cent ...

  4. net-ldap for ruby openNebula ldap

    preface:ldap 主要概念及术语 OpenNebula issues:missing step to use LDAP as default driver cp -r /var/lib/one ...

  5. Spring Security(二十四):6.6 The Authentication Manager and the Namespace

    The main interface which provides authentication services in Spring Security is the AuthenticationMa ...

  6. Spring Security(十五):5.6 Authentication

    Thus far we have only taken a look at the most basic authentication configuration. Let’s take a look ...

  7. 将 LDAP 目录用于 Samba 认证

    原文地址: http://www.ibm.com/developerworks/cn/education/linux/smb-ldap/smb-ldap.html 开放源码 Samba 将 Unix ...

  8. ldap集成nexus

    nexus版本:2.14.4 添加nexus支持ldap认证: 管理员登录,点击 Administration --> Server -->Security Settings,将 OSS ...

  9. Confluence 6 使用 LDAP 授权连接一个内部目录 - 成员 Schema 设置

    请注意:这部分仅在拷贝用户登录(Copy User on Login)和 同步组成员(Synchronize Group Memberships)被启用后可见. 用户组成员属性(Group Membe ...

随机推荐

  1. div中嵌套div速度将会同样很慢

    ---恢复内容开始--- div中嵌套了div速度将会同样很慢   最近很多老板在我们公司做企业站的时候都会要求说:我要div+css的,不要表格建的那种,那样不利于优化.但我们发现就算给他们用div ...

  2. TensorFlow 深度学习笔记 Logistic Classification

    Logistic Classification Github工程地址:https://github.com/ahangchen/GDLnotes 欢迎star,有问题可以到Issue区讨论 官方教程地 ...

  3. Java输入输出流(转载)

    转自http://blog.csdn.net/hguisu/article/details/7418161 目录(?)[+] 1.什么是IO Java中I/O操作主要是指使用Java进行输入,输出操作 ...

  4. Oracle字符编码

    .检查服务器编码: 执行SQL语法: Java代码 select * from v$nls_parameters; 或 Java代码 select * from nls_database_parame ...

  5. 第一个使用Writer写的博客

    今天开通的博客园的博客账户,先来尝试一下用哪种方式最适合写博. 目前用Live Writer. 以后计划在这里分享数据技术的技术体会和学习心得,尤其是大数据和数据仓库相关的知识.Hello my bl ...

  6. OpenLayers 添加OpenStreetMap(OSM)瓦片层示例

    This article from:http://wiki.openstreetmap.org/wiki/OpenLayers_Simple_Example Deploy an OpenStreetM ...

  7. poj 1007 纯水题 排序

    #include<stdio.h> #include<string.h> #include<algorithm> #include<stdlib.h> ...

  8. 网易云课堂_程序设计入门-C语言_第五周:函数_2完数

    2 完数(5分) 题目内容: 一个正整数的因子是所有可以整除它的正整数.而一个数如果恰好等于除它本身外的因子之和,这个数就称为完数.例如6=1+2+3(6的因子是1,2,3). 现在,你要写一个程序, ...

  9. iOS第三方开源库的吐槽和备忘(转)

    原文:http://www.cocoachina.com/industry/20140123/7746.html 做iOS开发总会接触到一些第三方库,这里整理一下,做一些吐槽.   目前比较活跃的社区 ...

  10. Mysql 计算时间间隔函数

    #计算两个时间的间隔 #计算间隔天数 select TIMESTAMPDIFF(day,'2014-06-01',date(now())) #计算间隔月数 select TIMESTAMPDIFF(m ...