From 1f9b8fd1f92f3b8464a7d8b7895ccef469829e77 Mon Sep 17 00:00:00 2001 From: Mikalai Kutouski Date: Mon, 3 Nov 2025 12:08:00 +0200 Subject: [PATCH] M #-: Enable LDAP users auto-creation Signed-off-by: Mikalai Kutouski --- .../authentication/ldap.rst | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/source/installation_and_configuration/authentication/ldap.rst b/source/installation_and_configuration/authentication/ldap.rst index 4f7514c1c9..d29ac64963 100644 --- a/source/installation_and_configuration/authentication/ldap.rst +++ b/source/installation_and_configuration/authentication/ldap.rst @@ -23,6 +23,23 @@ This authentication mechanism is enabled by default. If it doesn't work, make su AUTHN = "ssh,x509,ldap,server_cipher,server_x509" ] +If you want to enable LDAP users auto-creation in the OpenNebula then you need to add ``default`` method in the ``AUTHN`` attribute of the ``AUTH_MAD`` section as shown below: + +.. code-block:: bash + + AUTH_MAD = [ + EXECUTABLE = "one_auth_mad", + AUTHN = "default,ssh,x509,ldap,server_cipher,server_x509" + ] + +and create a symlink as `root` user on the OpenNebula front-end node: + +.. code-block:: bash + + ln -s /var/lib/one/remotes/auth/ldap /var/lib/one/remotes/auth/default + + + Authentication driver ``ldap`` can be customized in ``/etc/one/auth/ldap_auth.conf``. This is the default configuration: .. code-block:: yaml @@ -188,7 +205,7 @@ To enable ``ldap`` authentication the described parameters should be configured. User Management =============== -Using the LDAP authentication module, the administrator doesn't need to create users with the ``oneuser`` command, as this will be done automatically. +Enabling LDAP users auto-creation in the OpenNebula as described above eliminates the need for the administrator to create users with the ``oneuser`` command manually. Users can store their credentials into a file referenced by environment variable ``$ONE_AUTH`` (usually ``$HOME/.one/one_auth``) in this fashion: