incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Musayev, Ilya" <imusa...@webmd.net>
Subject RE: Status of LDAP/AD integration and CS4
Date Thu, 25 Oct 2012 17:01:36 GMT
Does not work and I sort of expected that. The md5 encryption takes place on the user level
(browser session) as its hardcoded into sharedFunctoins.js

The components.xml take effect post user session.

Just like in CS3, if you were to modify the adapter name="MD5" class="com.cloud.server.auth.PlainTextUserAuthenticator"
you will break the *local* user authentication, because passwords are md5 encrypted. 

I reverted back the change and will submit a patch. It will need to be reviewed by someone
who does a much better CSS and JS than I do.

Regards
ilya









-----Original Message-----
From: Suresh Sadhu [mailto:Suresh.Sadhu@citrix.com] 
Sent: Thursday, October 25, 2012 2:36 AM
To: cloudstack-dev@incubator.apache.org
Subject: RE: Status of LDAP/AD integration and CS4


Can you try this:(refer this bug:    CS-14680 CS and Ldap user validation can't happen simultaneously
due to current limitation)

Jessica Tomechak added a comment - 04/Oct/12 12:17 PM Additional information from Abhinandan
P:
Both cloudstack and LDAP account should work. In component.xml change this:

<adapter name="MD5" class="com.cloud.server.auth.MD5UserAuthenticator"/>

To

<adapter name="MD5" class="com.cloud.server.auth.PlainTextUserAuthenticator"/>

If not already done.

-abhi


Thanks
Sadhu



-----Original Message-----
From: Kelcey Damage (BBITS) [mailto:kelcey@bbits.ca]
Sent: 25 October 2012 03:19
To: cloudstack-dev@incubator.apache.org
Subject: RE: Status of LDAP/AD integration and CS4

This interests me greatly.

KELCEY DAMAGE
Infrastructure Systems Architect
www.backbonetechnology.com
-------------------------------------------------------------------------
kelcey@bbits.ca 

address: 55 East 7th Ave, Vancouver, BC, V5T 1M4
tel: +1 604 713 8560 ext:114
fax: +1 604 605 0964
skype: kelcey.damage 
 

-----Original Message-----
From: Musayev, Ilya [mailto:imusayev@webmd.net]
Sent: Wednesday, October 24, 2012 2:36 PM
To: cloudstack-dev@incubator.apache.org
Subject: Status of LDAP/AD integration and CS4

In CS3.x, the Microsoft Active directory LDAP integration did not work because when password
was submitted on login page, the sharedFunctions.js file has md5hashedLogin set to true, which
in turn would encrypt user password as MD5  and then submit to management core to verify.
This auth method works fine for regular local auth and probably other LDAP servers but definitely
not with MS LDAP as it does not support MD5 hashed passwords as input.

Is it still the case with CS4 or has anything changed? 

I wrote a fix for CS3.x and posted the solution on original/old bug tracker. I'm not certain
if I need to do the same fix for 4.0 or we have this addressed. I looked at sharedFunctions.js
file and it appears we are still doing the same thing. My AD login fails with invalid username
and password - because CS4 submits my password as MD5 hash.

As always, your feedback is appreciated.

Thanks
Ilya



Mime
View raw message