From cloudstack-dev-return-19150-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org Sat Jan 26 16:09:14 2013 Return-Path: X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7A766E543 for ; Sat, 26 Jan 2013 16:09:14 +0000 (UTC) Received: (qmail 81209 invoked by uid 500); 26 Jan 2013 16:09:13 -0000 Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org Received: (qmail 81113 invoked by uid 500); 26 Jan 2013 16:09:13 -0000 Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cloudstack-dev@incubator.apache.org Delivered-To: mailing list cloudstack-dev@incubator.apache.org Received: (qmail 81081 invoked by uid 99); 26 Jan 2013 16:09:12 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 26 Jan 2013 16:09:12 +0000 Date: Sat, 26 Jan 2013 16:09:12 +0000 (UTC) From: "Hugo Trippaers (JIRA)" To: cloudstack-dev@incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (CLOUDSTACK-1069) Document workaround for: CS and LDAP user validation can't happen simultaneously MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CLOUDSTACK-1069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13563536#comment-13563536 ] Hugo Trippaers commented on CLOUDSTACK-1069: -------------------------------------------- Actually it should still work, the password is now always sent in plaintext to the server. The server will create the hash and compare with the string in the database. I will put this ticket on my name to test this and update the docs if needed. > Document workaround for: CS and LDAP user validation can't happen simultaneously > -------------------------------------------------------------------------------- > > Key: CLOUDSTACK-1069 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1069 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the default.) > Components: Doc > Affects Versions: 4.0.0 > Reporter: Jessica Tomechak > Priority: Minor > > Add the following to the section on LDAP Authentication in the Admin Guide: > LDAP User Authentication > Limitation > CloudStack and LDAP user authentication can't happen simultaneously because the CloudStack user password is MD5 hashed and the LDAP server expects the password in plain text. To workaround: > 1. Disable password hashing: > a. Open the sharedFunctions.js file located at /usr/share/cloud/management/webapps/client/ > scripts. > b. Set the following variables to false: > var md5HashedLogin = false; > 2. Open /etc/cloud/management/components.xml file. > 3. Change the following: > > to > > 4. Restart the Cloud Management service. > service cloud-management restart > Now, the users can successfully log in by using either the LDAP credentials or the CloudStack credentials. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira