By default, vOneCloud authentication uses an internal user/password system with user and group information stored in an internal database.
vOneCloud can pull users from a corporate Active Directory (or LDAP), all the needed components are enabled and just an extra configuration step is needed. As requirements, you will need an Active Directory server with support for simple user/password authentication, as well as a user with read permissions in the Active Directory user’s tree.
You will need to access the Control Panel in order to configure the Active Directory support in vOneCloud. After the configuration is done, users that exist in Active Directory can begin using vOneCloud.
Step 1. Configure Active Directory support¶
Click on the “Configure OpenNebula” button
In the following screen, select the “Add Active Directory” category
Fill the needed fields following the criteria described in the next table
|Server Name||Chosen name for the authentication backend|
|User||Active Directory user with read permissions in the user’s tree plus the domain.|
|Password||Active Directory user password|
|Authentication method||Active Directory server authentication method (eg simple)|
|Encryption||simple or simple_tls|
|Host||hostname or IP of the Domain Controller|
|Port||port of the Domain Controller|
|Base Domain||base hierarchy where to search for users and groups|
|Group||group the users need to belong to. If not set any user will do|
|User Field||Should use sAMAccountName for Active Directory. Holds the user name, if not set ‘cn’ will be used|
|Group Field||field name for group membership, by default it is ‘member’|
|User Group Field||user field that that is in in the group group_field, if not set ‘dn’ will be used|
Click on the “Apply Settings” button when done.
Step 2. Restart vOneCloud services¶
For changes to take effect, you need to restart vOneCloud services and wait for OpenNebula state to be ON.
You can find more infromation on the integration with Active Directory in this guide.
vOneCloud supports are a variety of other authentication methods with advanced configuration, follow the links to find the configuration steps needed (Advanced Login needed):
|X509 Authentication||Strengthen your cloud infrastructure security|
|SSH Authentication||Users will generate login tokens based on standard ssh rsa keypairs for authentication|