[ome-users] Adding LDAP to user

Mon Jun 20 19:31:56 BST 2011

Bernie,

glad to hear it! If you are more adventurous (which roughly means having the "ldap" module installed for Python), then you can try the "discover" command:

~/git/dist $ bin/omero ldap discover --commands --urls=ldap://localhost:1389 --base=ou=lifesci,o=dundee
...
Connecting to ldap://localhost:1389...
bin/omero ldap setdn root uid=root,ou=people,ou=lifesci,o=dundee
bin/omero ldap setdn colin uidnumber=cccc,ou=ddd,ou=people,ou=lifesci,o=dundee
bin/omero ldap setdn jmoore uidnumber=xxx,ou=yyy,ou=people,ou=lifesci,o=dundee
bin/omero ldap setdn jburel cn=jburel,ou=zzz,ou=people,ou=lifesci,o=dundee

which are commands that you can cut and paste into bash. The use of --urls and --base is only necessary if the proper configuration values aren't present in the output of bin/omero config. Be careful of the "root" entry though. You almost certainly do NOT want your root entry based on LDAP. ~J.

Cheers,
~Josh

On Jun 20, 2011, at 3:16 PM, Bernie Broughton wrote:

> Hi Josh,
> 
> Ok. I will work out the exact DN, use "omero ldap setdn", look at the "password table" for peace of mind (and check behaviour is as expected), and then continue with "omero ldap setdn". All much easier than I'd feared,
> 
> Thanks,
> 
> Bernie
> 
> -----Original Message-----
> From: Josh Moore [mailto:josh at glencoesoftware.com] 
> Sent: 20 June 2011 13:04
> To: Bernie Broughton
> Cc: 'Will Moore'
> Subject: Re: Adding LDAP to user
> 
> Hi Bernie,
> 
> On Jun 20, 2011, at 1:04 PM, Bernie Broughton wrote:
> 
>> Hi Josh and Will,
>> 
>> Thanks for following this up for me, and also for such a good meeting. Will, I think Alex benefited from spending time with you talking about the scripting aspects of OMERO and hopefully will be fired up and ready to go!
>> 
>> I spent some time talking to one of your colleagues, I think Aleksandra, and she was very helpful. We'd already looked at the tables using pgAdmin III and it would seem that simply adding the correct distinguished name to correct column in the password table works so I thought I'd check it out on our development server,
> 
> Setting the "dn" column of the "password" table is identical to using "omero ldap setdn" except that the former requires PostgreSQL access whereas the second only requires OMERO admin access.
> 
> Cheers,
> ~Josh.
> 
> 
>> Bernie Broughton
>> GDSC IT Manager
>> http://www.sussex.ac.uk/profiles/19643
>>  Please consider the environment before printing this e-mail.
>> 
>> 
>> -----Original Message-----
>> From: Josh Moore [mailto:josh.moore at gmx.de] 
>> Sent: 20 June 2011 10:16
>> To: OME Users
>> Cc: Bernie Broughton
>> Subject: Re: Adding LDAP to user
>> 
>> Hi Bernie et al.
>> 
>> as a response to a similar request on the mailing list (described under http://trac.openmicroscopy.org.uk/ome/ticket/4832) a command-line "ldap" command was added. For example:
>> 
>> ~/git/dist $ bin/omero ldap setdn --help
>> usage: bin/omero ldap setdn [-h] username dn
>> 
>> Set DN for user
>> 
>> Positional Arguments:
>> username            User's OMERO login name
>> dn                  User's LDAP distinguished name. If empty, LDAP will be disabled for the user
>> 
>> Optional Arguments:
>> In addition to any higher level options
>> 
>> -h, --help          show this help message and exit
>> 
>> 
>> Note: once the DN is set for a user, the password set via OMERO is ignored, and any attempt to change it will result in an error. When you remove the DN, the previous password will be in effect, but if the user never had a password, one will need to be set!
>> 
>> Hope that helps.
>> ~Josh
>> 
>> 
>> 
>> On Jun 20, 2011, at 9:58 AM, Will Moore wrote:
>> 
>>> 
>>> Hi Josh,
>>> 
>>> Just before I forget, you seemed to have an answer to Bernie's question of how to take an existing (non-LDAP) user and 'upgrade' them to using LDAP without creating a new account?
>>> 
>>> I can't remember the details but perhaps you could go over them again, and reply to the lists I guess!
>>> 
>>> Cheers,
>>> 
>>> Will.
>> 
> 