Backlog #3015
Multi (domain) LDAP authentication support
Status: | Pending | Start date: | 06/30/2014 | |
---|---|---|---|---|
Priority: | High | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | Drivers - Auth | |||
Target version: | - |
Description
In order to utilize the LDAP server of an external organisation for authenticating users "multi domain" support is needed. This seems escpecially useful for virtual Data Center users. Instead of having to create local accounts (local ldap or opennebula built-in) the authentication could be relayed to the organisation itself. The organisation has full control over password policies, enabled/disabled accounts etc. A possible way of implementing this in OpenNebula (with only minor adjustments and backwards compatibility) User names should have a "@domain.tld" appended if they want to make use of the (external) LDAP of organisation $some.domain.tld. The "@domain.tld" part has to be split from the "user" part. In /etc/one/auth/ldap_auth there should be a "$some.domain.tld" section to be used for user "user@some.domain.tld". So instead of a "ordered" list (array) a lookup should be done if "some.domain.tld" exists in the array. If so -> use that server, if not, default to local ldap.
History
#1 Updated by Ruben S. Montero about 7 years ago
- Tracker changed from Feature to Backlog
- Category set to Drivers - Auth
- Priority changed from Normal to High
Make sense, moving this to backlog with high priority to evaluate this after 4.8