Post

3 followers Follow
0
Avatar

LDAPS authnetication does not work

I followed the OpenNebula LDAP authenticatoin steps. In my case, I added the net: ldap gem to ruby and I get too many errors running the authenticate instruction. I think ruby is missing too many dependencies and cannot make a proper ldaps query. LDAPS was tested on the server using LDP.exe and works over 636 using the CN=myserver,DC=southcentralus,DC=cloudapp,DC=azure,DC=com  

The account used in ldap config is a dom admin. I am testing auth for a user, and no niether account works using the ruby script but works locally on server

 

/etc/one/auth/ldap_auth.conf

:order:
- myserver.southcentralus.cloudapp.azure.com
myserver.southcentralus.cloudapp.azure.com:
  :mapping_generate: true
  :mapping_timeout: 300
  :mapping_filename: server1.yaml
  :mapping_key: GROUP_DN
  :mapping_default: 1
  :user: CN=ldap-account,CN=Users,DC=myserver,DC=southcentralus,DC=cloudapp,DC=azure,DC=com
  :password: 'password here'
  :auth_method: :simple
  :encryption: :simple_tls
  :host: myserver.southcentralus.cloudapp.azure.com
  :port: 636
#  :base: myserver
  :base: CN=myserver,DC=southcentralus,DC=cloudapp,DC=azure,DC=com
 
Here are the authenticate results:


ruby -wd /var/lib/one/remotes/auth/ldap/authenticate ldap-user-account - userpasswordhere
Exception `LoadError' at /usr/share/rubygems/rubygems.rb:1096 - cannot load such file -- rubygems/defaults/ruby
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- abrt
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:141 - cannot load such file -- abrt
/var/lib/one/remotes/auth/ldap/authenticate:42: warning: assigned but unused variable - pass
Exception `NameError' at /usr/share/ruby/psych/core_ext.rb:16 - method `to_yaml' not defined in Object
Exception `NameError' at /usr/share/ruby/psych/core_ext.rb:29 - method `yaml_as' not defined in Module
Exception `NameError' at /usr/share/ruby/psych/deprecated.rb:80 - undefined method `to_yaml_properties' for class `Object'
/usr/lib/one/ruby/opennebula/xml_utils.rb:90: warning: `-' after local variable is interpreted as binary operator
/usr/lib/one/ruby/opennebula/xml_utils.rb:90: warning: even though it seems like unary operator
/usr/lib/one/ruby/opennebula/xml_pool.rb:25: warning: method redefined; discarding old initialize
/usr/lib/one/ruby/opennebula/xml_element.rb:406: warning: previous definition of initialize was here
/usr/lib/one/ruby/opennebula/xml_pool.rb:31: warning: method redefined; discarding old each_element
/usr/lib/one/ruby/opennebula/xml_element.rb:412: warning: previous definition of each_element was here
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- nokogiri
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- ox
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- xmlparser
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:141 - cannot load such file -- xmlparser
/usr/lib/one/ruby/opennebula/virtual_machine_pool.rb:297: warning: assigned but unused variable - acct_hash
/usr/lib/one/ruby/opennebula/host.rb:125: warning: ambiguous first argument; put parentheses or even spaces
/usr/lib/one/ruby/opennebula/vdc.rb:176: warning: method redefined; discarding old add_host
/usr/lib/one/ruby/opennebula/vdc.rb:164: warning: previous definition of add_host was here
/usr/lib/one/ruby/opennebula/vdc.rb:192: warning: method redefined; discarding old del_host
/usr/lib/one/ruby/opennebula/vdc.rb:186: warning: previous definition of del_host was here
Exception `LoadError' at /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:55 - cannot load such file -- net/ldap
/usr/local/share/gems/gems/net-ldap-0.14.0/lib/net/ldap/password.rb:22: warning: assigned but unused variable - attribute_value
/usr/local/share/gems/gems/net-ldap-0.14.0/lib/net/ldap/instrumentation.rb:15: warning: shadowing outer local variable - payload
/usr/local/share/gems/gems/net-ldap-0.14.0/lib/net/ldap/connection.rb:44: warning: assigned but unused variable - encryption
/usr/local/share/gems/gems/net-ldap-0.14.0/lib/net/ldap/connection.rb:283: warning: assigned but unused variable - sort_control
Trying server myserver.southcentralus.cloudapp.azure.com
Exception `Errno::EINPROGRESS' at /usr/share/ruby/socket.rb:54 - Operation now in progress - connect(2) would block
Exception `Errno::EINPROGRESS' at /usr/share/ruby/socket.rb:54 - Operation now in progress - connect(2) would block
Exception `Errno::EINPROGRESS' at /usr/share/ruby/socket.rb:54 - Operation now in progress - connect(2) would block
User ldap-user-account not found
Could not authenticate user ldap-user-account

 

Any ideas?

J Fer

Please sign in to leave a comment.

3 comments

0
Avatar

The error seems to be this one:

Exception `Errno::EINPROGRESS' at /usr/share/ruby/socket.rb:54 - Operation now in progress - connect(2) would block

Can you check that you can reach the ldap server machine from the vonecloud appliance? To test this you can install telnet and try to connect to the server machine and port. Something like this:

# yum install telnet

# telnet myserver.southcentralus.cloudapp.azure.com 636

Also, is the server an Active Directory? If this is the case you are missing this line in the configuration:

:user_field: 'sAMAccountName'

 

Javier Fontán 0 votes
Comment actions Permalink
0
Avatar

Yes, I did try this. Using openssl s_client -connect to the fqdn presents the certs. I also added the sAMAccountName.

What about all the ruby errors? I think the connections never gets constructed because of all the errors.

J Fer 0 votes
Comment actions Permalink
0
Avatar

I know that we are nearly a year on from this issue, but I wanted to ask if it has been resolved.  I am seeing the same issue when I try to test authentication with ruby.  Active Directory integration is the only thing standing between me and getting vOneCloud fully integrated into my workflow.

Chris Morrell 0 votes
Comment actions Permalink