Greetings,
This is a new configuration, we are trying to integrate our Sunstone/OpenNebula configuration with LDAP-Active Directory. We could log in with oneadmin no problem but when we try to log in with domain users, it states invalid username and password, here is the error from the oned.log

Wed Jun 3 12:49:42 2015 [Z0][AuM][I]: Command execution fail: /var/lib/one/remotes/auth/default/authenticate domain%5Cuser02 - ****
Wed Jun 3 12:49:42 2015 [Z0][AuM][D]: Message received: LOG I 4 sh: /var/lib/one/remotes/auth/default/authenticate: Permission denied

Wed Jun 3 12:49:42 2015 [Z0][AuM][I]: sh: /var/lib/one/remotes/auth/default/authenticate: Permission denied
Wed Jun 3 12:49:42 2015 [Z0][AuM][D]: Message received: LOG I 4 ExitCode: 126

Wed Jun 3 12:49:42 2015 [Z0][AuM][I]: ExitCode: 126
Wed Jun 3 12:49:42 2015 [Z0][AuM][D]: Message received: AUTHENTICATE FAILURE 4 -

Wed Jun 3 12:49:42 2015 [Z0][AuM][E]: Auth Error:
Wed Jun 3 12:49:42 2015 [Z0][ReM][D]: Req:6848 UID:-1 UserInfo invoked , -1
Wed Jun 3 12:49:42 2015 [Z0][ReM][E]: Req:6848 UID:- UserInfo result FAILURE [UserInfo] User couldn’t be authenticated, aborting call.

Here is ldap_auth.conf;

----------------------------------------------------------------------------

Copyright 2010-2015, C12G Labs S.L

Licensed under the Apache License, Version 2.0 (the “License”); you may

not use this file except in compliance with the License. You may obtain

a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an “AS IS” BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

----------------------------------------------------------------------------

server 1:
# Ldap user able to query, if not set connects as anonymous. For
# Active Directory append the domain name. Example:
# Administrator@my.domain.com
:user: ‘test’
:password: ‘test’

# Ldap authentication method
:auth_method: :simple

# Ldap server
:host: usildc01.test.com
:port: 389

# Uncomment this line for tsl conections
#:encryption: :simple_tls

# base hierarchy where to search for users and groups
:base: 'dc=test,dc=com'

# group the users need to belong to. If not set any user will do
#:group: 'cn=cloud,ou=groups,dc=domain'

# field that holds the user name, if not set 'cn' will be used
#:user_field: 'cn'

# for Active Directory use this user_field instead
:user_field: 'sAMAccountName'

# field name for group membership, by default it is 'member'
#:group_field: 'member'

# user field that that is in in the group group_field, if not set 'dn' will be used
#:user_group_field: 'dn'

# Generate mapping file from group template info
:mapping_generate: true

# Seconds a mapping file remain untouched until the next regeneration
:mapping_timeout: 300

# Name of the mapping file in OpenNebula var diretory
:mapping_filename: server1.yaml

# Key from the OpenNebula template to map to an AD group
:mapping_key: GROUP_DN

# Default group ID used for users in an AD group not mapped
:mapping_default: 1

this example server wont be called as it is not in the :order list

server 2:
:auth_method: :simple
:host: localhost
:port: 389
:base: ‘dc=domain’
#:group: ‘cn=cloud,ou=groups,dc=domain’
:user_field: ‘cn’

List the order the servers are queried

:order:
- server 1
#- server 2

I guess you followed the quick-start guide for LDAP and opennebula.
In there it states that you copy the ldap driver to the default driver, and I’m guessing you did that as root.
This caused the copy called " /var/lib/one/remotes/auth/default/" to be owned by root, and it should be owned by oneadmin, or oneadmin will not be able to use it, hence the error message:

Message received: LOG I 4 sh: /var/lib/one/remotes/auth/default/authenticate: Permission denied

make sure you chown the files to oneadmin instead of root ?

Hope this helps!

Thanks Roland, this is fixed.