RE: XO Community Edition - Ldap Plugin not working ?

Just a reminder for myself, or other people in need in the future
thanks again for all people who helped me understanding this

Had to reinstall my entire XCP system, and almost forget how to configure Ldap plugin to only allow my admin accout to login

So here's my Ldap plugin conf, to allow only admin user (member of specific group) to login.
my AD is a windows 2K19 server with active directory without ssl.

URI : ldap://dc.domain.net:389
no certificate info
base : dc=domain,dc=net

Credential : Fill = tick
DN = full DN of service user (CN=xen,OU=service_account,DC=domain,DC=net)
password = password of this account
it's a simple account with no specific right, can only read AD and login

User Filter, where it can stuck
(&(sAMAccountName={{name}})(memberOf=CN=SG-XCP_Admin,OU=service_account,DC=domain,DC=net))

• in real my OU have spaces inside their name, it work anyway.
• SG-XCP_Admin is a security group having my admin users inside

ID Attribute : sAMAccountName

and that's all.

Ok this is it

seems some Ubuntu mirror are having issue, install offline by disconnecting lan card, install finished fine.

Hi

Is there a way to prevent XOCE to rename an ISO file upload via XOCE ?

for example : if i upload the iso file : linux-mint.iso, after upload to the nfs storage, it is renamed a04e750f-ba9a-4e58-b3f7-35e04ce3c979.img

thing is, it's pretty anoying, because the same iso source is used for other virtual environement, and having iso file with a UUID is not usable elswhere, because if i'm not on XOCE, i can't know what iso is

Hi

Is there a way to prevent XOCE to rename an ISO file upload via XOCE ?

for example : if i upload the iso file : linux-mint.iso, after upload to the nfs storage, it is renamed a04e750f-ba9a-4e58-b3f7-35e04ce3c979.img

thing is, it's pretty anoying, because the same iso source is used for other virtual environement, and having iso file with a UUID is not usable elswhere, because if i'm not on XOCE, i can't know what iso is

@dinhngtu Hi
For my i made on offline Install to solve my issue, installed failed when downloading the kernel from servers, so offline install worked fine for me.

Just a reminder for myself, or other people in need in the future
thanks again for all people who helped me understanding this

Had to reinstall my entire XCP system, and almost forget how to configure Ldap plugin to only allow my admin accout to login

So here's my Ldap plugin conf, to allow only admin user (member of specific group) to login.
my AD is a windows 2K19 server with active directory without ssl.

URI : ldap://dc.domain.net:389
no certificate info
base : dc=domain,dc=net

Credential : Fill = tick
DN = full DN of service user (CN=xen,OU=service_account,DC=domain,DC=net)
password = password of this account
it's a simple account with no specific right, can only read AD and login

User Filter, where it can stuck
(&(sAMAccountName={{name}})(memberOf=CN=SG-XCP_Admin,OU=service_account,DC=domain,DC=net))

• in real my OU have spaces inside their name, it work anyway.
• SG-XCP_Admin is a security group having my admin users inside

ID Attribute : sAMAccountName

and that's all.

@acebmxer Maybe, did you try an offline install, this solved my issue, then after install i could update/upgrade normally.

Ok this is it

seems some Ubuntu mirror are having issue, install offline by disconnecting lan card, install finished fine.

@dinhngtu
iso : ubuntu-24.04.3-live-server-amd64.iso
Sha256 is correct comparing to Ubuntu web site.

But, it may not be because of Xcp :
Tries installaling a new VM on our Vsphere, with the same Iso from different source, same error
seems to be an issue when kernel is downloading from web during install

@olivierlambert only on console screen

HI

I recentrly updated my nodes from xcp-ng 8.2 to 8.3
on theses newly installed nodes, i install XOA from auto-deploy.

I'm trying to install a Linux Ubuntu server 24, but keeps failing during install.
tried using uefi (non secure) or bios, each time install failes.

ISOs comme from my NAS, and VM disk are hosted on a ISCSI Lun

on 8.2 was exactly the same conf, sources, all worked fine, but now i can't :/, and i'm unable to understand the report, i only it failed during kernel install.

my Isos are the same i used for 8.2, on the same NFS Share.

tried installing a win 2K19 server, seems ok, but Ubuntu server can't (even tried a ubuntu server 22, same)

@kagbasi-ngc

tries this a while ago, but my default group are in OU having , or () in their name (i know it's very bad but it's been there before my arrival)

tried with a security group in a simple OU
this time it worked using fully DN.

@kagbasi-ngc
just tried with a group name having no space, still the same for me.
my user only have 3 groups memberships.

thing is, it only failed if i want to filter memberof.

if in filter i only put : (&(sAMAccountName={{name}}))
anyone in my AD can login to xcp, even those having 6 groups member, and that's not that i want.

(&(sAMAccountName={{name}})(memberOf=SG-XCP_Admin))
not working, still having the could not authenticate user

Code: -32000

Message: could not authenticate user

{
  "message": "could not authenticate user",
  "name": "Error",
  "stack": "Error: could not authenticate user\n    at /opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:246:15\n    at default.testPlugin (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.mjs:285:5)\n    at Xo.test (file:///opt/xen-orchestra/packages/xo-server/src/api/plugin.mjs:109:3)\n    at Task.runInside (/opt/xen-orchestra/@vates/task/index.js:175:22)\n    at Task.run (/opt/xen-orchestra/@vates/task/index.js:159:20)\n    at Api.#callApiMethod (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.mjs:469:18)"
}