Bug #2307
LDAP auth authenticates with any password to Active Directory
Status: | Closed | Start date: | 09/06/2013 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Javi Fontan | % Done: | 0% | |
Category: | Drivers - Auth | |||
Target version: | Release 4.4 | |||
Resolution: | worksforme | Pull request: | ||
Affected Versions: | OpenNebula 4.2 |
Description
From mailing list (Andreas Calvo Gómez, http://lists.opennebula.org/pipermail/users-opennebula.org/2013-August/024350.html)
I've encountered a strange behavior while trying to configure ONE to authenticate against an AD, either as a proper AD or as a LDAP.
If a credential is used to query LDAP and retrieve the complete DN for the user that wants to login, then no matter what password the user has typed it will be listed as authenticated.ldap_auth.conf example:
server 1:
:user: 'myuser@mydomain.com'
:password: 'mypassword'
:auth_method: :simple
:host: ad.mydomain.com
:port: 389
:base: 'dc=mydomain,dc=com'
:user_field: 'sAMAccountName'
:order:
- server 1If I manually query the authenticate process with a made up password and secret, it is always listed as authenticated.
For instance:
oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser badpassword badpassword
Trying server server 1
ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=comMy guess is that the same user that is used to look up users, performs the authenticate method and always returns a valid user.
History
#1 Updated by Andreas Calvo almost 8 years ago
OpenNebula version is 4.2.0
#2 Updated by Ruben S. Montero almost 8 years ago
- Target version set to Release 4.4
#3 Updated by Javi Fontan almost 8 years ago
I am not able to reproduce this problem. When a password is not correct the user cannot authenticate.
Are the drivers changed in any way?
#4 Updated by Javi Fontan almost 8 years ago
- Status changed from Pending to Closed
- Resolution set to worksforme