XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. Chico008
    C
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 5
    • Posts 19
    • Groups 0

    Chico008

    @Chico008

    0
    Reputation
    4
    Profile views
    19
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online

    Chico008 Unfollow Follow

    Latest posts made by Chico008

    • RE: XO Community Edition - Ldap Plugin not working ?

      @kagbasi-ngc

      tries this a while ago, but my default group are in OU having , or () in their name (i know it's very bad but it's been there before my arrival)

      tried with a security group in a simple OU
      this time it worked using fully DN.

      posted in Xen Orchestra
      C
      Chico008
    • RE: XO Community Edition - Ldap Plugin not working ?

      @kagbasi-ngc
      just tried with a group name having no space, still the same for me.
      my user only have 3 groups memberships.

      thing is, it only failed if i want to filter memberof.

      if in filter i only put : (&(sAMAccountName={{name}}))
      anyone in my AD can login to xcp, even those having 6 groups member, and that's not that i want.

      (&(sAMAccountName={{name}})(memberOf=SG-XCP_Admin))
      not working, still having the could not authenticate user

      Code: -32000
      
      Message: could not authenticate user
      
      {
        "message": "could not authenticate user",
        "name": "Error",
        "stack": "Error: could not authenticate user\n    at /opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:246:15\n    at default.testPlugin (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.mjs:285:5)\n    at Xo.test (file:///opt/xen-orchestra/packages/xo-server/src/api/plugin.mjs:109:3)\n    at Task.runInside (/opt/xen-orchestra/@vates/task/index.js:175:22)\n    at Task.run (/opt/xen-orchestra/@vates/task/index.js:159:20)\n    at Api.#callApiMethod (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.mjs:469:18)"
      }
      
      posted in Xen Orchestra
      C
      Chico008
    • Ldap plugin : filter to allow only specific group to login ?

      Hi

      I' setting up the Ldap plugin on my XOCE.

      My conf seems to be OK, but i can't figure out how i can filter only user from specific group to login and refuse other.

      My conf for now
      Uri : ldap://s-ad.domain.net:389
      base : OU=company,DC=domain,DC=net
      credential : account used to connect to Active Directory

      userfilter : my problem
      Id attribut : sAMAccountName

      if i put userfiler : &(sAMAccountName={{name}})
      every user in my company can login
      if i put (&(sAMAccountName={{name}})(memberOf=CN="XCP Admin"))
      no one can login, even users member of "XCP Admin" group.

      How can i set filter to allow only users of this group to be able to login ?

      posted in Xen Orchestra
      C
      Chico008
    • RE: XO Community Edition - Ldap Plugin not working ?

      hi, just made a test today after updating to commit 5a501

      in my filter i got this :
      (&(sAMAccountName={{name}})(memberOf=CN="Admins du domaine"))
      because i only want my domain admins to login.

      test failed.

      but, if i only use filter &(sAMAccountName={{name}}))
      test works
      event with my domain admin account who is member of 4 groups.

      now how can i set my filter to only allow domain admin 'Admins du domaine' to be able to login as XO admin ?
      also tried with full DN (CN=Admins du domaine,CN=Users,DC=company,DC=net) but not working either

      posted in Xen Orchestra
      C
      Chico008
    • RE: Acl setting not clear, how to

      @DustinB
      just tried, it's indeed way better than i thought using self-service 🙂

      thanks

      posted in Xen Orchestra
      C
      Chico008
    • Acl setting not clear, how to

      Hi

      I'm trying to understand Acl, but can't find out how this effectly works.

      I got 2 local users.
      admin, can do everything
      guest, limited action.

      i want guest user to only create/run/manage his VM on the existing pool.
      i don't want him to change setting, disconnect SR/network, only create/run/manage HIS vm, not others.

      how can i archive that ?

      if i make guest admin on the pool, he can do almost everything
      if i make it operator, he can stop/launch, but not create VM.

      i dont really understand how acl works, any official doc or else ?

      posted in Xen Orchestra
      C
      Chico008
    • RE: XOCE - Language not keep when i come back (surrely dumb question)

      @olivierlambert too bad, could be better if pref could be stored in database instead >_<

      posted in Xen Orchestra
      C
      Chico008
    • RE: XOCE - Language not keep when i come back (surrely dumb question)

      @Danp
      My VM is a Ubuntu server 24.01
      i'll try on a debian 12, maybe a docker image to check if it works better or not.

      edit : tested on another server OS (Debian), and tested a docker version
      Still the same
      i can change language, it's set for the sessions running.
      but when i come back and login again, laguage set to english by default again.

      My browser clear cache and cookie on exit.

      posted in Xen Orchestra
      C
      Chico008
    • RE: XOCE - Language not keep when i come back (surrely dumb question)

      @Danp
      61009f83-79b1-44c0-a6b2-d3f66026326c-image.png

      posted in Xen Orchestra
      C
      Chico008
    • RE: XO Community Edition - Ldap Plugin not working ?

      @kagbasi-ngc

      Using DN i have a totally different error on testing connection
      Code: -32000

      Message: 80090308: LdapErr: DSID-0C090511, comment: AcceptSecurityContext error, data 52e, v4563 Code: 0x31
      
      {
        "code": 49,
        "message": "80090308: LdapErr: DSID-0C090511, comment: AcceptSecurityContext error, data 52e, v4563\u0000 Code: 0x31",
        "name": "Error",
        "stack": "Error: 80090308: LdapErr: DSID-0C090511, comment: AcceptSecurityContext error, data 52e, v4563\u0000 Code: 0x31\n    at Function.parse (/opt/xen-orchestra/node_modules/ldapts/StatusCodeParser.ts:99:16)\n    at Client._sendBind (/opt/xen-orchestra/node_modules/ldapts/Client.ts:638:30)\n    at Client.bind (/opt/xen-orchestra/node_modules/ldapts/Client.ts:272:5)\n    at AuthLdap._authenticate (/opt/xen-orchestra/packages/xo-server-auth-ldap/src/index.js:270:11)\n    at default.testPlugin (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/plugins.mjs:285:5)\n    at Xo.test (file:///opt/xen-orchestra/packages/xo-server/src/api/plugin.mjs:109:3)\n    at Task.runInside (/opt/xen-orchestra/@vates/task/index.js:172:22)\n    at Task.run (/opt/xen-orchestra/@vates/task/index.js:156:20)\n    at Api.#callApiMethod (file:///opt/xen-orchestra/packages/xo-server/src/xo-mixins/api.mjs:469:18)"
      }
      

      The account i'm testing with have 4 security groups
      Service account using to bind only have 1 security group (domain user)
      same user is used to bind ldap to other website or software, and works fine.

      posted in Xen Orchestra
      C
      Chico008