DaD
(Daniel Dehennin)
1
Hello,
Our OpenNebula (4.10.2) use LDAP authentication for most users, so I enabled :encode_user_password:
.
A core
user with non ASCII letters in it’s password can not authenticate through sunstone, but it works with CLI.
I reproduced the problem with a test user, here is the HTTP dialog between sunstone and OpenNebula XML RPC (formated for readability):
POST /RPC2 HTTP/1.1
User-Agent: XMLRPC::Client (Ruby 1.9.3)
Content-Type: text/xml; charset=utf-8
Content-Length: 228
Connection: close
Accept-Encoding: identity
Accept: */*
Host: localhost:2633
<?xml version="1.0" ?>
<methodCall>
<methodName>one.user.info</methodName>
<params>
<param>
<value>
<string>test:some%C3%A8character</string>
</value>
</param>
<param>
<value>
<i4>-1</i4>
</value>
</param>
</params>
</methodCall>
The response:
HTTP/1.1 200 OK
Content-type: text/xml; charset=utf-8
Content-length: 317
Connection: close
Date: Tue, 13 Oct 2015 12:03:21 UTC
Server: Xmlrpc-c_Abyss/1.33.6
<?xml version="1.0" encoding="UTF-8"?>
<methodResponse>
<params>
<param><value><array><data>
<value><boolean>0</boolean></value>
<value><string>[UserInfo] User couldn't be authenticated, aborting call.</string></value>
<value><i4>256</i4></value>
</data></array></value></param>
</params>
</methodResponse>
Any idea?
Regards.
jfontan
(Javi Fontán)
2
Is it possible that the browser is not in UTF-8. I’ve tested using non ASCII characters in Sunstone and works OK. Also with an LDAP server.
DaD
(Daniel Dehennin)
3
Javi Fontán forum@opennebula.org writes:
Is it possible that the browser is not in UTF-8. I’ve tested using non ASCII characters in Sunstone and works OK. Also with an LDAP server.
Hello,
I made a test with fresh OpenNebula 4.14.2 without LDAP server.
Create a test user:
oneuser create test Testuserwithé
echo 'test:Testuserwithé' > ~/test_one_auth
Activate password encoding:
sed -i -E 's,^#(:encode),\1,' /etc/one/sunstone-server.conf
service opennebula-sunstone restart
Try CLI login:
ONE_AUTH=~/test_one_auth oneuser list -l NAME
NAME
test
Here is a wireshark display of capture during login:
POST /login HTTP/1.1
Host: igor.eole.lan
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:42.0) Gecko/20100101
Firefox/42.0 Iceweasel/42.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Authorization: Basic dGVzdDpUZXN0dXNlcndpdGjDqQ==
X-Requested-With: XMLHttpRequest
Referer: http://igor.eole.lan/login
Content-Length: 14
Cookie: sunstone=2186eaf4cd50d4c4c95450d9761ff3d3b3a3da1b3005fec705837e8a64b08c33; one-user=test
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
remember=false
The “Authorization” field is base64 encoding of “test:Testuserwithé”.
Regards.
Daniel Dehennin
Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
Fingerprint: 3E69 014E 5C23 50E8 9ED6 2AAD CC1E 9E5B 7A6F E2DF
signature.asc (342 Bytes)