LDAP auth authenticates with any password to Active Directory
|Assignee:||Javi Fontan||% Done:|
|Category:||Drivers - Auth|
|Target version:||Release 4.4|
|Affected Versions:||OpenNebula 4.2|
From mailing list (Andreas Calvo Gómez, http://lists.opennebula.org/pipermail/users-opennebula.org/2013-August/024350.html)
I've encountered a strange behavior while trying to configure ONE to authenticate against an AD, either as a proper AD or as a LDAP.
If a credential is used to query LDAP and retrieve the complete DN for the user that wants to login, then no matter what password the user has typed it will be listed as authenticated.
- server 1
If I manually query the authenticate process with a made up password and secret, it is always listed as authenticated.
oneadmin@opennebula:~$ ./remotes/auth/default/authenticate myuser badpassword badpassword
Trying server server 1
ldap myuser CN=myuser,CN=Users,DC=mydomain,DC=com
My guess is that the same user that is used to look up users, performs the authenticate method and always returns a valid user.