Hi! I’m using 5.2.1 version of OpenNebula.
I have ldap auth enabled and configured. It works fine. And i have Group Mapping enabled and configured, but it works kinda weird - i have 1 user, that is assigning to appointed group according to AD group membership. But other users assigned to default group no matter what i do. They are in same AD group.
server 1:
# Ldap user able to query, if not set connects as anonymous. For
# Active Directory append the domain name. Example:
# Administrator@my.domain.com
:user: 'user'
:password: '123'
# Ldap authentication method
:auth_method: :simple
# Ldap server
:host: 127.0.0.2
:port: 389
# Uncomment this line for tsl conections
#:encryption: :simple_tls
# base hierarchy where to search for users and groups
:base: 'DC=domain,DC=lan'
# group the users need to belong to. If not set any user will do
#:group: 'cn=cloud,ou=groups,dc=domain'
# field that holds the user name, if not set 'cn' will be used
#:user_field: 'cn'
# for Active Directory use this user_field instead
:user_field: 'sAMAccountName'
# field name for group membership, by default it is 'member'
#:group_field: 'member'
# user field that that is in in the group group_field, if not set 'dn' will be used
#:user_group_field: 'dn'
# Generate mapping file from group template info
:mapping_generate: true
# Seconds a mapping file remain untouched until the next regeneration
:mapping_timeout: 300
# Name of the mapping file in OpenNebula var diretory
:mapping_filename: server1.yaml
# Key from the OpenNebula template to map to an AD group
:mapping_key: GROUP_DN
# Default group ID used for users in an AD group not mapped
:mapping_default: 1
# this example server wont be called as it is not in the :order list
#server 2:
# :auth_method: :simple
# :host: localhost
# :port: 389
# :base: 'dc=domain'
# #:group: 'cn=cloud,ou=groups,dc=domain'
# :user_field: 'cn'
# List the order the servers are queried
:order:
- server 1
#- server 2
server1.yaml
CN=onenebula,OU=Groups,OU=City,OU=Company,DC=domain,DC=lan: ‘101’