Econe server and LDAP authentication

Hi all,

I setup my OpenNebula daemon and Sunstone to authenticate the users agains a LDAP server. So far, so good, but now I would like to use the same mechanism also for the EC2 interface, a.k.a. econe-server. What prevented me to do that:

  • the LDAP authentication needs the password in clear text
  • on the other end, the EC2 client sends the password hashed by SHA1 (which is then compared with the user’s password stored in the backend DB).
    Did anyone looked into that or can confirm my thoughts?


PS: the situation is not that bad after all, LDAP users can still use econe. Each ONE user has a password stored in the backend DB, even if the auth driver is LDAP. That token can be used for the EC2 interface. My question is related to the convenience of using the same authentication mechanism for both ONE and econe.

Hi Matteo,

LDAP authentication is not supported though EC2 server, since clients that implement the EC2 API will also implement the Signature based authentication. As a workaround you can define a password as you said and use it for EC2.


Hi Daniel,

thanks for the feedback, I’ll ask the user to set their own password.