Bug #2644

Support for group parameter with Active Directory Authentication

Added by Julius Härtl over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:01/15/2014
Priority:NormalDue date:
Assignee:Javi Fontan% Done:


Category:Drivers - Auth
Target version:Release 4.6
Resolution:worksforme Pull request:
Affected Versions:OpenNebula 4.4


This patch makes the group option in ldap_auth.conf working with Active Directory servers.

0001-Support-for-group-parameter-with-Active-Directory.patch Magnifier (1.43 KB) Julius Härtl, 01/15/2014 09:38 AM


#1 Updated by Ruben S. Montero over 7 years ago

  • Tracker changed from Feature to Bug
  • Status changed from Pending to New
  • Assignee set to Javi Fontan
  • Target version set to Release 4.6
  • Affected Versions OpenNebula 4.4 added

This seems to be more a bug than a feature... Moving it to the bug track

#2 Updated by Javi Fontan over 7 years ago

The proposed change will make the ldap configuration parameter user_group_field unusable. The driver was tested with Active directory ad groups seem to work. The values used in the tested configuration:

server 1:
    :user: 'some_user@OPENNEBULA.ORG'
    :password: 'the_password'
    :auth_method: :simple
    :host: localhost
    :port: 389
    :base: 'dc=opennebula,dc=org'

    # Make sure you use the full DN of the group
    :group: 'CN=Administrators,CN=Builtin,DC=opennebula,DC=org'
    :user_field: 'sAMAccountName'
    :group_field: 'member'

    - server 1

The driver does not recursively search for the groups a user belongs to so they should be directly in that group, not in a group that belongs to that group.

#3 Updated by Ruben S. Montero over 7 years ago

  • Status changed from New to Closed
  • Resolution set to worksforme

Also available in: Atom PDF