-
Notifications
You must be signed in to change notification settings - Fork 0
Examples. OpenNebula
Miguel Cabrerizo edited this page Sep 17, 2022
·
2 revisions
This page shows how you can OpenNebula to authenticate users with Glim. OpenNebula documentation provides full information about LDAP configuration.
In our example, only users that are members of a group called 'one' that I've previously created will be able to log on. We'll use the following settings for the /etc/one/auth/ldap_auth.conf file.
server 1:
:user: 'cn=search,dc=example,dc=org'
:password: 'test'
:auth_method: :simple
:host: 127.0.0.1
:port: 1636
:encryption: :simple_tls
:base: 'ou=Users,dc=example,dc=org'
:group_base: 'ou=Groups,dc=example,dc=org'
:group: 'cn=one,ou=Groups,dc=example,dc=org'
:user_field: 'uid'
:group_field: 'member'
:user_group_field: 'memberOf'
:mapping_generate: true
:mapping_timeout: 300
:mapping_filename: server1.yaml
:mapping_key: GROUP_DN
:mapping_default: 1
Sample log showing successful authentication, user information retrieval, getting groups...:
2022-09-17T17:17:33+02:00 [LDAP] ⇨ serving LDAPS connection from 127.0.0.1:45582
2022-09-17T17:17:33+02:00 [LDAP] ⇨ bind requested by client: 127.0.0.1:45582
2022-09-17T17:17:33+02:00 [LDAP] ⇨ bind protocol version: 3 client 127.0.0.1:45582
2022-09-17T17:17:33+02:00 [LDAP] ⇨ bind name: cn=search,dc=example,dc=org client 127.0.0.1:45582
2022-09-17T17:17:33+02:00 [LDAP] ⇨ bind password: ********** client 127.0.0.1:45582
2022-09-17T17:17:34+02:00 [LDAP] ⇨ success: valid credentials provided
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search requested by client 127.0.0.1:45582
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search base object: ou=Users,dc=example,dc=org
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search scope: wholeSubtree
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search maximum number of entries to be returned (0 - No limit restriction): 0
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search maximum time limit (0 - No limit restriction): 0
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search show types only: false
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search filter: (uid=doncicuto)
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search attributes: memberOf uid memberOf
2022-09-17T17:17:34+02:00 [LDAP] ⇨ connection closed by client 127.0.0.1:45582
2022-09-17T17:17:34+02:00 [LDAP] ⇨ serving LDAPS connection from 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind requested by client: 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind protocol version: 3 client 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind name: cn=search,dc=example,dc=org client 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind password: ********** client 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ success: valid credentials provided
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search requested by client 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search base object: cn=one,ou=Groups,dc=example,dc=org
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search scope: wholeSubtree
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search maximum number of entries to be returned (0 - No limit restriction): 0
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search maximum time limit (0 - No limit restriction): 0
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search show types only: false
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search filter: (member=cn=one,ou=Groups,dc=example,dc=org)
2022-09-17T17:17:34+02:00 [LDAP] ⇨ search attributes: member
2022-09-17T17:17:34+02:00 [LDAP] ⇨ connection closed by client 127.0.0.1:45592
2022-09-17T17:17:34+02:00 [LDAP] ⇨ serving LDAPS connection from 127.0.0.1:45608
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind requested by client: 127.0.0.1:45608
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind protocol version: 3 client 127.0.0.1:45608
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind name: uid=doncicuto,ou=Users,dc=example,dc=org client 127.0.0.1:45608
2022-09-17T17:17:34+02:00 [LDAP] ⇨ bind password: ********** client 127.0.0.1:45608
2022-09-17T17:17:34+02:00 [LDAP] ⇨ success: valid credentials provided
2022-09-17T17:17:34+02:00 [LDAP] ⇨ connection closed by client 127.0.0.1:45608
The Glim Project - 2022