cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hugo Trippaers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-1069) Document workaround for: CS and LDAP user validation can't happen simultaneously
Date Sat, 26 Jan 2013 16:09:12 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-1069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563536#comment-13563536
] 

Hugo Trippaers commented on CLOUDSTACK-1069:
--------------------------------------------

Actually it should still work, the password is now always sent in plaintext to the server.
The server will create the hash and compare with the string in the database.

I will put this ticket on my name to test this and update the docs if needed.
                
> Document workaround for: CS and LDAP user validation can't happen simultaneously
> --------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1069
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1069
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Doc
>    Affects Versions: 4.0.0
>            Reporter: Jessica Tomechak
>            Priority: Minor
>
> Add the following to the section on LDAP Authentication in the Admin Guide:
> LDAP User Authentication
> Limitation
> CloudStack and LDAP user authentication can't happen simultaneously because the CloudStack
user password is MD5 hashed and the LDAP server expects the password in plain text. To workaround:

> 1. Disable password hashing:
> a. Open the sharedFunctions.js file located at /usr/share/cloud/management/webapps/client/
> scripts.
> b. Set the following variables to false:
> var md5HashedLogin = false;
> 2. Open /etc/cloud/management/components.xml file.
> 3. Change the following:
> <adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>
> to
> <adapter name="MD5" class="com.cloud.server.auth.PlainTextUserAuthenticator"/>
> 4. Restart the Cloud Management service.
> service cloud-management restart
> Now, the users can successfully log in by using either the LDAP credentials or the CloudStack
credentials.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message