[ome-users] LDAP question

Wood, Christopher CJW at stowers.org
Wed Mar 30 22:40:32 BST 2011 

Thanks Josh,

I was able to change my username to lower case and login with ldap as you suggested.

Can the omero admin create ldap users? For example, if user joe (or JOE) wants to use omero, can I create an ldap user without knowing joe's password?
Or can I get a list of usernames and write a script to do the mapping between omero username and ldap username?

Chris


-----Original Message-----
From: Josh Moore [mailto:josh at glencoesoftware.com] 
Sent: Wednesday, March 30, 2011 2:24 PM
To: Wood, Christopher
Cc: OME Users
Subject: Re: [ome-users] LDAP question

Thanks for the log, Chris. I stand corrected; the issue is a bit more complicated. In OMERO, case exactness is enforced during password checking to prevent collisions between users (cjw and CJW, for example). We would need to provide a constraint to prevent two users from having names that match in all but case if we allow the LDAP check to be case-insensitive.

I've created http://trac.openmicroscopy.org.uk/ome/ticket/4821
to track the feature.

If you have any thoughts or suggestions, please let us know.
~Josh.

On Mar 30, 2011, at 3:15 PM, Wood, Christopher wrote:

> Hi Josh,
> Here is the log file,  look for the login attempts for cjw and CJW
> 
> Thanks for your help.
> Chris
> 
> -----Original Message-----
> From: Josh Moore [mailto:josh at glencoesoftware.com] 
> Sent: Wednesday, March 30, 2011 7:13 AM
> To: Wood, Christopher
> Cc: ome-users at lists.openmicroscopy.org.uk
> Subject: Re: [ome-users] LDAP question
> 
> 
> On Mar 30, 2011, at 12:04 AM, Wood, Christopher wrote:
> 
>> Hi,
> 
> Hi Chris,
> 
>> We have just set up an omero 4.2.2 server to use ldap. I seems to work, but we are having an issue with upper/lower case usernames.
>> 
>> Our domain usernames are usually our initials, so I we login to everything as 'abc'. I always use lower case without problems. When I tried to login to omero for the first time with abc, I could not login. Logging in with all upper case ABC worked, and it created an ldap omero user as 'ABC', all caps (as it should).
>> Another person logged in with lower case, 'xyz', and it worked. It seems that the case of the username depends on who initially created a user account.
> 
> This certainly sounds odd. Could you possibly send the var/log/Blitz-0.log file (off list if you prefer), so we can see if a particular exception caused the initial failure during your lowercase login.
> 
>> Is there any way to get around this from the omero point of view, so all usernames can be lowercase, regardless of the case on the ldap server
> 
> You should be able to change your username via WebAdmin now, without effecting the LDAP login. What's happened (I think) is that the password check, for whatever reason, required capitals. However, after the successful login your dn was inserted into the password table. That should now be used to perform the lookup, regardless of what your username is.
> 
> At the moment, there's no way to set a flag to have all usernames lower cased. By subclassing on of the LDAP extension points, however, it should be achievable.
> 
>> Thanks
>> Chris
> 
> Cheers,
> ~Josh.
> <Blitz-0.zip>

More information about the ome-users mailing list