Econe server and LDAP authentication

Matteo_Lanati · April 28, 2015, 12:49pm

Hi all,

I setup my OpenNebula daemon and Sunstone to authenticate the users agains a LDAP server. So far, so good, but now I would like to use the same mechanism also for the EC2 interface, a.k.a. econe-server. What prevented me to do that:

the LDAP authentication needs the password in clear text
on the other end, the EC2 client sends the password hashed by SHA1 (which is then compared with the user’s password stored in the backend DB).
Did anyone looked into that or can confirm my thoughts?
Thanks,

Matteo

PS: the situation is not that bad after all, LDAP users can still use econe. Each ONE user has a password stored in the backend DB, even if the auth driver is LDAP. That token can be used for the EC2 interface. My question is related to the convenience of using the same authentication mechanism for both ONE and econe.

dmolina · May 4, 2015, 9:10am

Hi Matteo,

LDAP authentication is not supported though EC2 server, since clients that implement the EC2 API will also implement the Signature based authentication. As a workaround you can define a password as you said and use it for EC2.

Cheers

Matteo_Lanati · May 4, 2015, 9:35am

Hi Daniel,

thanks for the feedback, I’ll ask the user to set their own password.
Bets,

Matteo

Topic		Replies	Views
Problems with Active Directory authentication via LDAPS Community Support	12	5754	September 3, 2015
Freeipa / kerberos support Community Support	2	1821	August 26, 2015
Error LDAP user not found Community Support	10	2651	November 7, 2022
Authentication to LDAP/AD for Sunstone fails Community Support	9	2054	August 30, 2017
LDAP login failure GUI - Sunstone	3	398	October 22, 2021

Econe server and LDAP authentication

Related Topics