[ome-users] OMERO ldap users lifecycle
Josh Moore
josh at glencoesoftware.com
Fri Oct 16 17:12:45 BST 2015
Hi Sebastien,
On Fri, Oct 16, 2015 at 5:34 PM, S Simard <ssimard at pasteur.fr> wrote:
> Hi all,
>
> Please find some steps below to illustrate a corner case we ran into - this
> occurred on OMERO 5.1.4, but it looks like it might be related to the 5.1
> OMERO LDAP rework, as a quick check against version 5.0.2 does not exhibit
> the issue.
>
> To reproduce:
> - create a new LDAP-enabled OMERO user (say "foo")
> - delete the "foo" user from the LDAP directory
> - as the OMERO "root" user, attempt to edit "foo" via the web ui or read it
> with "bin/omero ldap getdn --user-name foo"
> This should raise an exception: "ome.conditions.ApiUsageException: Cannot
> find unique user DistinguishedName: found=0".
>
> Albeit it is possible to work around the issue by toggling the user's LDAP
> flag beforehand ("bin/omero ldap setdn --user-name foo false"), for
> convenience it could be useful to allow for more lenient DN checks in the
> context of read/edit operations.
Thanks for the detailed report! This goes along with
https://trac.openmicroscopy.org/ome/ticket/13060#comment:2 --
disabling LDAP should certainly be possible from the UI.
For bin/omero ldap getdn, we are no longer storing the DN in OMERO so
a query against LDAP must be performed. What result would you have
expected?
Cheers,
~Josh.
> Thanks
>
> Regards,
> Sebastien
More information about the ome-users
mailing list