There seems to be a problem getting the groups from OpenNebula. Can you send us the output of:
onegroup list -x To fix the problem you can disable mapping generation adding this line to the server configuration: :mapping_generate: false Cheers On Mon Dec 08 2014 at 3:55:46 PM Mr Sensible <[email protected]> wrote: > I am struggling a little bit with hooking my test OpenNebula in to my > existing FreeIPA authentication domain. > > I am currently running OpenNebula 4.10.1 running on Centos 6.5, and I am > trying to connect it to my existing FreeIPA 3.0.0 server. > > I currently have three services authenticating via ldap to the IPA > server, so I "think" that bit is right. > > When I install opennebula for the first time, get everything setup, add > the ldap authentication config, everything looks OK. I create a user in > Sunstone, set the auth method to LDAP, and then successfully sign in to > Sunstone. Happy face. > I change the user to oneadmin group in Sunstone. > > The following day, I am no longer able to log in as that user, and no > amount of deleting user and re-adding user seems to make any difference. > I have also tried NOT creating the user via sunstone, and just logging > in, same errors. > > Does anybody have any idea what I might be doing wrong, or even where I > can look to figure what is not working? Config and log files below. Many > thanks in advance. > > ------------------------------ > oned.conf > --------------------------- > AUTH_MAD = [ > executable = "one_auth_mad", > authn = "ssh,x509,ldap,default,server_cipher,server_x509" > ] > > ------------------------------ > ldap_auth.conf > ---------------------------- > server 1: > # Ldap authentication method > :auth_method: :simple > > # Ldap server > :host: ipa1.lab.company.com > :port: 389 > > # Uncomment this line for tsl conections > #:encryption: :simple_tls > > # base hierarchy where to search for users and groups > :base: 'cn=users,cn=accounts,dc=lab,dc=company,dc=com' > > # group the users need to belong to. If not set any user will do > #:group: 'cn=users,cn=accounts' > > # field that holds the user name, if not set 'cn' will be used > :user_field: 'uid' > > :order: > - server 1 > > ------------------------------ > oned.log > ------------------------------ > Mon Dec 8 13:24:50 2014 [Z0][ReM][D]: Req:8640 UID:-1 GroupPoolInfo > invoked > Mon Dec 8 13:24:50 2014 [Z0][ReM][E]: Req:8640 UID:- GroupPoolInfo > result FAILURE [GroupPoolInfo] User couldn't be authenticated, aborting > call. > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Command > execution fail: /var/lib/one/remotes/auth/ldap/authenticate peter.harris > - **** > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Command execution fail: > /var/lib/one/remotes/auth/ldap/authenticate peter.harris - **** > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Trying > server server 1 > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Trying server server 1 > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > Exception raised authenticating to LDAP > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Exception raised authenticating > to LDAP > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > #<NoMethodError: undefined method `children' for nil:NilClass> > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: #<NoMethodError: undefined method > `children' for nil:NilClass> > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /usr/lib/one/ruby/opennebula/xml_element.rb:357:in `build_hash' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /usr/lib/one/ruby/opennebula/xml_element.rb:341:in `to_hash' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /usr/lib/one/ruby/opennebula/ldap_auth.rb:93:in `generate_mapping' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /usr/lib/one/ruby/opennebula/ldap_auth.rb:69:in `initialize' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /var/lib/one/remotes/auth/ldap/authenticate:69:in `new' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /var/lib/one/remotes/auth/ldap/authenticate:69:in `new' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /var/lib/one/remotes/auth/ldap/authenticate:69 > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /var/lib/one/remotes/auth/ldap/authenticate:69 > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /var/lib/one/remotes/auth/ldap/authenticate:59:in `each' > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /var/lib/one/remotes/auth/ldap/authenticate:59:in `each' > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > /var/lib/one/remotes/auth/ldap/authenticate:59 > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: > /var/lib/one/remotes/auth/ldap/authenticate:59 > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 Could > not authenticate user peter.harris > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: Could not authenticate user > peter.harris > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: LOG I 1 > ExitCode: 255 > > Mon Dec 8 13:24:50 2014 [Z0][AuM][I]: ExitCode: 255 > Mon Dec 8 13:24:50 2014 [Z0][AuM][D]: Message received: AUTHENTICATE > FAILURE 1 - > > Mon Dec 8 13:24:50 2014 [Z0][AuM][E]: Auth Error: > Mon Dec 8 13:24:50 2014 [Z0][ReM][D]: Req:6320 UID:-1 UserInfo invoked , > -1 > Mon Dec 8 13:24:50 2014 [Z0][ReM][E]: Req:6320 UID:- UserInfo result > FAILURE [UserInfo] User couldn't be authenticated, aborting call. > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
