1,安装net-ldap  addon ruby library for openldap

ldap for ruby implements client access LDAP protocol

use ldap as openNebula default auth module

OpenNebula issues:

missing step to use LDAP as default driver

cp -r /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default

To make it working, we must add default in AUTH_MAD like in the following:

oned.conf

AUTH_MAD = [     executable = "one_auth_mad",   authn = "ssh,x509,ldap,server_cipher,server_x509" authn = "default,ssh,x509,ldap,server_cipher,server_x509" ] SESSION_EXPIRATION_TIME = 900 great regards

The problem is that oneuser create myuser --driver ldap requires a password or an authentication method:

oneadmin@one:~$ oneuser create myldapuser --driver ldapYou have to specify an Auth method or define a password

This could be made optional, or even disabled per driver.

In LDAP you can create a special group for OpenNebula and in "auth.conf" set the group field (filter) accordingly. We got something like this:

1. group the users need to belong to. If not set any user will do
   :group: 'cn=opennebula,ou=roles,dc=domain,dc=tld'

Only users that are a member of group "opennebula" are able to authenticate