[ome-users] OMERO how to get short ou value to group name

Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
Mon Aug 3 12:41:21 BST 2015 

Ola,

It works.

Thank You for help.

Best regards
Wojtek

    Hey Wojtek,

    Your Omero LDAP settings should be:


    omero.ldap.user_filter=(objectClass=person)


    # you were missing underscore on user_mapping

    omero.ldap.user_mapping
    'omeName=uid,firstName=givenName,lastName=sn,email=mail'


    omero.ldap.group_filter '(objectClass=group)'


    # I am not sure why you want the entire DN being mapped to name. CN
    is enough as entries are unique. As you want group name being
    'spinlab-uslugi_grupowe'

    omero.ldap.group_mapping=name=cn


    # members of a group will be filter using member attribute

    # spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl
    # dn:
    CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
    # objectClass: group
    # cn: spinlab-uslugi_grupowe
    # member:
    CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl

    omero.ldap.new_user_group ':query:(member=@{dn})'

    omero.ldap.sync_on_login true

    Let me know if that helps. Please attache errors from
    var/log/Blitz-0.log if that is still failing

    Kind regards
    Ola

W dniu 03.08.2015 o 11:18, Wojciech Kaczmarczyk pisze:
> Dear Open Microscopy Mainainers,
>
> I try set up a OMERO.server-5.1.3-ice35-b52 server with configuration 
> to get users and groups from Active Directory.
>
> How to set up short values of my group names in my omero ldap settings?
>
> i.e. I am member of omero group:
> dn: 
> CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s
>  cience,DC=pl
>
> I want to be member of omero group:
> spinlab-uslugi_grupowe
>
> When I change omero.ldap.group_mapping name name=cn, I can not find 
> correct value to omero.ldap.new_user_group or another mix of values.
>
> Thank You for help.
>
> Wojciech Kaczmarczyk
>
> My working ldap omero configuration is:
>
> Omero LDAP settings are:
> omero.ldap.user_filter (objectClass=person)
> omero.ldap.user_mapping ome Name=uid,firstName=givenName,lastName=sn
> omero.ldap.group_filter  (objectClass=group)
> omero.ldap.group_mapping name *name=dn
> *omero.ldap.new_user_group :attribute:memberOf
> omero.ldap.sync_on_login true
>
>
> My group AD example entry is:
>
> # spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl
> dn: 
> CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s
>  cience,DC=pl
> objectClass: top
> objectClass: group
> cn: spinlab-uslugi_grupowe
> member: .... (cut)
> member: 
> CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
> member: ....(cut)
> distinguishedName: 
> CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,
>  DC=e-sci,DC=e-science,DC=pl
> instanceType: 4
> whenCreated: 20150130093600.0Z
> whenChanged: 20150611082904.0Z
> displayName: Uslugi Grupowe
> uSNCreated: 12970
> uSNChanged: 443524
> name: spinlab-uslugi_grupowe
> objectGUID:: C1PPQYYXokuhk+YL5nS6kA==
> objectSid:: AQUAAAAAAAUVAAAAj+/aqojK9qSkjDPiwAgAAA==
> sAMAccountName: spinlab-uslugi_grupowe
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: 
> CN=Group,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=p
>  l
> dSCorePropagationData: 16010101000000.0Z
> mail: uslugi_grupowe at spinlab.e-science.pl
> gidNumber: 30065
> (cut)
> memberUid: wojtek
> (cut)
> mgrpAllowedDomain: open
>
>
>
> My people AD example entry dn record is:
>
> dn: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: wojtek
> sn: K
> telephoneNumber: 4745
> givenName: Wojciech
> distinguishedName: 
> CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-sc
>  ience,DC=pl
> instanceType: 4
> whenCreated: 20140820125719.0Z
> whenChanged: 20150728060320.0Z
> displayName: Wojciech K
> uSNCreated: 12963
> memberOf: 
> CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,
>  DC=e-science,DC=pl
> memberOf:: 
> Q049VcW8eXRrb3duaWN5IGRvbWVueSxDTj1Vc2VycyxEQz1lLXNjaSxEQz1lLXNjaWV
>  uY2UsREM9cGw=
> uSNChanged: 808877
> name: wojtek
> objectGUID:: 1g6hIaCpEUWkuj/J8SC5jA==
> userAccountControl: 66048
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> homeDirectory: /home/spinlab/Personal/wojtek
> badPasswordTime: 130827176653875873
> lastLogon: 130826268091324773
> pwdLastSet: 130689139032131884
> primaryGroupID: 1230
> objectSid:: AQUAAAAAAAUVAAAA
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: wojtek
> sAMAccountType: 805306368
> userPrincipalName: wojciech.kaczmarczyk at maildomain
> objectCategory: 
> CN=Person,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=
>  pl
> dSCorePropagationData: 16010101000000.0Z
> lastLogonTimestamp: 130825370007850204
> uid: wojtek
> mail: wojtek at maildomain
> uidNumber: 58072
> gidNumber: 30001
> unixHomeDirectory: /home/spinlab/Personal/wojtek
> loginShell: /bin/bash
> maildrop: wojciech.kaczmarczyk at maildomain
>
>
>
>
> -- 
> Wojciech Kaczmarczykwojciech.kaczmarczyk at pwr.edu.pl
> Wrocławskie Centrum Sieciowo-Superkomputerowe
> tel: +48 71 320 47 45,http://www.wcss.pl

-- 
Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
Wrocławskie Centrum Sieciowo-Superkomputerowe
tel: +48 71 320 47 45, http://www.wcss.pl

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20150803/ca5185c8/attachment.html>

More information about the ome-users mailing list