<div dir="ltr"><div><div>Hello Blazej,<br><br></div>Thanks for your message and I need more help here.<br><br>Suppose we have a freshly installed clean OME system running, plus we have a known list of users accessing OME, what would be the correct procedure to configure OME so these known usersĀ can login using LDAP credentials?<br><br></div><div>We don't want to have new account automatically created in OME as we have controlled user base. We want to prepare OME so users can login to see their existing images rather than letting them to login in order to create their accounts. Could we first create user accounts in OME using "bin/omero user add" and then configure OME to use LDAP? How do we turn off automatic account creation once we enable LDAP?<br><br></div><div>If LDAP is enabled, would it be possible to login using local root user? Would it be possible to create more local users such as a dedicated local "importer" account, while other users still use LDAP passwords to login?<br><br></div><div>I have read the documentation on converting non-LDAP user to LDAP users (<a href="http://www.openmicroscopy.org/site/support/faq/omero/how-do-you-convert-a-non-ldap-user-to-using-ldap">http://www.openmicroscopy.org/site/support/faq/omero/how-do-you-convert-a-non-ldap-user-to-using-ldap</a>). How does this apply to our scenario?<br><br></div><div>Many thanks,<br>Yanling<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 5, 2014 at 11:28 AM, Blazej Pindelski <span dir="ltr"><<a href="mailto:b.pindelski@dundee.ac.uk" target="_blank">b.pindelski@dundee.ac.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 5 Sep 2014, at 15:56, Yanling Liu <<a href="mailto:vrnova@gmail.com">vrnova@gmail.com</a>> wrote:<br>
> Hello,<br>
<br>
Hi Yanling<br>
<div><div class="h5"><br>
> Could I have some help in configuring OME to use LDAP?<br>
><br>
> Right now I have following information available:<br>
><br>
> domain name<br>
> domain controller<br>
> site/urls<br>
> base<br>
> bind password<br>
><br>
> but how do I put these information into OME? I have checked OME LDAP documentation page but it didn't mention domain name, domain controller, and bind password, when do I need to use them?<br>
><br>
> Any help?<br>
<br>
</div></div>The best starting place would be <a href="http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap.html#minimum-configuration" target="_blank">http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap.html#minimum-configuration</a>.<br>
The settings have to be understood as follows:<br>
- omero.ldap.config=true - switches on the LDAP subsystem in OMERO,<br>
- omero.ldap.urls=ldap://localhost:389 - that is the URL of the LDAP/AD server (site/urls in your case?),<br>
- omero.ldap.username and omero.ldap.password - those are the credentials (I'd imagine "bind password, in your case) used for connecting to the LDAP/AD server,<br>
- omero.ldap.base=ou=example,o=com - this is the base from which OMERO will start to look for users ("base" in your case).<br>
<br>
I hope that helps. If the documentation can be improved, please let us know.<br>
<br>
Regards,<br>
Blazej<br>
<br>
> Thanks,<br>
> Yanling<br>
> _______________________________________________<br>
> ome-devel mailing list<br>
> <a href="mailto:ome-devel@lists.openmicroscopy.org.uk">ome-devel@lists.openmicroscopy.org.uk</a><br>
> <a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel</a><br>
<br>
<br>
The University of Dundee is a registered Scottish Charity, No: SC015096<br>
</blockquote></div><br></div>