[ome-users] OMERO 5.1.3-ice35-b52 how to set second value of ou value to omero group name?
Wojciech Kaczmarczyk
wojciech.kaczmarczyk at pwr.edu.pl
Tue Sep 29 10:12:03 BST 2015
Hi,
I was able to solve this problem by setting:
omero.ldap.group_filter '(objectClass=group)'
omero.ldap.group_mapping 'name=cn'
omero.ldap.new_user_group ':query:(gidNumber=@{gidNumber})'
Josh, thank you for inspiration.
Best Regards
Wojciech Kaczmarczyk
----- oryginalna wiadomość -----
od: Josh Moore <josh at glencoesoftware.com>
data: poniedziałek, wrzesień 28, 2015 11:14
temat: Re: [ome-users] OMERO 5.1.3-ice35-b52 how to set second value of ou value to omero group name?
do: wojciech.kaczmarczyk at pwr.edu.pl, OME User Support List <ome-users at lists.openmicroscopy.org.uk>
> On Mon, Sep 28, 2015 at 10:30 AM, Wojciech Kaczmarczyk
> <wojciech.kaczmarczyk at pwr.edu.pl> wrote:
> > Hi Josh,
> >
> > Thank You for fast answer.
>
> Gladly.
>
>
> > As rightly you noticed
> > omero.ldap.user_filter have value
> (objectClass=organizationalPerson)>
> > and with
> >
> > omero.ldap.new_user_group ':ou:' give me last organizational
> unit as omero
> > group which is consistent with the documentation:
> >
> >
> > "If prefixed with :ou:, then a user’s last organizational unit
> (OU) will be
> > used as his or her group. "
> >
> (http://www.openmicroscopy.org/site/support/omero5.1/sysadmins/server-ldap.html)
> >
> >
> > Is way to set omero.ldap.new_user_group to second
> value organizational
> > unit ?
>
> Ah, now I understand. This isn't possible using the :ou: setting.
> Would :dn_attribute:memberOf perhaps do what you want?
>
> https://www.openmicroscopy.org/site/support/omero5.1/sysadmins/server-ldap.html#group-lookup
>
>
>
> > Best Regards,
> > Wojtek
> >
> >
> > P.S. I'm sorry. I am a temporary member of the mailing list to solve
> > specific configuration problem which can not alone solve.
> >
> >
> > As I see Omero is very good job I rate it highly in terms of
> transparency> install, configuration and documentation.
>
> Thank you very much!
> ~Josh
>
>
>
> > ----- oryginalna wiadomość -----
> > od: Josh Moore <josh at glencoesoftware.com>
> > data: poniedziałek, wrzesień 28, 2015 9:01
> > temat: Re: [ome-users] OMERO 5.1.3-ice35-b52 how to set second
> value of ou
> > value to omero group name?
> > do: OME User Support List <ome-users at lists.openmicroscopy.org.uk>
> >
> >
> >> Hi Wojciech,
> >>
> >> On Fri, Sep 25, 2015 at 3:55 PM, Wojciech Kaczmarczyk
> >> <wojciech.kaczmarczyk at pwr.edu.pl> wrote:
> >> > Dear Open Microscopy Mainainers,
> >> >
> >> > Thank You for last help.
> >> >
> >> > I try change my OMERO.server-5.1.3-ice35-b52 server ldap
> >> setting with
> >> > configuration to get users and groups from Active Directory.
> >> >
> >> >
> >> > My user dn record is:
> >> >
> >> > dn: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-
> sci,DC=e-
> >> science,DC=pl>
> >> > I want to be member of omero group :
> >> > Spinlab
> >> >
> >> > When I set up:
> >> >
> >> >
> >> > omero.ldap.user_filter='(&(objectClass=organizationalUnit)'
> >>
> >> Can you login with this setting? The user_filter is used
> against the
> >> object classes of your own entry, i.e.
> >>
> >> > objectClass: person
> >> > objectClass: organizationalPerson
> >> > objectClass: user
> >>
> >> rather than on the object classes of the group, e.g.:
> >>
> >> > dn: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
> >> > objectClass: top
> >> > objectClass: organizationalUnit
> >>
> >> which means that your user_filter:
> >>
> >> > omero.ldap.user_filter='(&(objectClass=organizationalUnit)'
> >>
> >> should probably use "=organizationalPerson"
> >>
> >>
> >> >
> >>
> >>
> omero.ldap.user_mapping=omeName=cn,firstName=givenName,lastName=sn,email=mail>>> omero.ldap.group_mapping=name=cn
> >> > omero.ldap.new_user_group = ':ou:'
> >> >
> >> >
> >> > I maped to first ou record group People.
> >> >
> >> >
> >> > Problem:
> >> > How/Is possible to set up second value of ou to omero user group?
> >>
> >> I would expect that if a user is part of multiple
> organizational units
> >> that they would each get added as an OMERO group.
> >>
> >> Cheers,
> >> ~Josh.
> >>
> >>
> >>
> >>
> >> > Thank You for help.
> >> >
> >> > Wojciech Kaczmarczyk
> >> >
> >> >
> >> > My people AD example entry dn record is:
> >> >
> >> > objectClass: top
> >> > objectClass: person
> >> > objectClass: organizationalPerson
> >> > objectClass: user
> >> > cn: wojtek
> >> > sn: K
> >> > telephoneNumber: 4745
> >> > givenName: Wojciech
> >> > distinguishedName:
> >> > CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-sc
> >> > ience,DC=pl
> >> > instanceType: 4
> >> > whenCreated: 20140820125719.0Z
> >> > whenChanged: 20150728060320.0Z
> >> > displayName: Wojciech K
> >> > uSNCreated: 12963
> >> > memberOf:
> >> > CN=spinlab-
> >> uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,
> >> > DC=e-science,DC=pl
> >> > memberOf::
> >> >
> Q049VcW8eXRrb3duaWN5IGRvbWVueSxDTj1Vc2VycyxEQz1lLXNjaSxEQz1lLXNjaWV>> > uY2UsREM9cGw=
> >> > uSNChanged: 808877
> >> > name: wojtek
> >> > objectGUID:: 1g6hIaCpEUWkuj/J8SC5jA==
> >> > userAccountControl: 66048
> >> > badPwdCount: 0
> >> > codePage: 0
> >> > countryCode: 0
> >> > homeDirectory: /home/spinlab/Personal/wojtek
> >> > badPasswordTime: 130827176653875873
> >> > lastLogon: 130826268091324773
> >> > pwdLastSet: 130689139032131884
> >> > primaryGroupID: 1230
> >> > objectSid:: AQUAAAAAAAUVAAAA
> >> > accountExpires: 9223372036854775807
> >> > logonCount: 0
> >> > sAMAccountName: wojtek
> >> > sAMAccountType: 805306368
> >> > userPrincipalName: wojciech.kaczmarczyk at maildomain
> >> > objectCategory:
> >> > CN=Person,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=
> >> > pl
> >> > dSCorePropagationData: 16010101000000.0Z
> >> > lastLogonTimestamp: 130825370007850204
> >> > uid: wojtek
> >> > mail: wojtek at maildomain
> >> > uidNumber: 58072
> >> > gidNumber: 30001
> >> > unixHomeDirectory: /home/spinlab/Personal/wojtek
> >> > loginShell: /bin/bash
> >> > maildrop: wojciech.kaczmarczyk at maildomain
> >> >
> >> > Organizational Unit SpinLab Entry
> >> >
> >> >
> >> >
> >> > # Spinlab, Projekty, e-sci.e-science.pl
> >> > dn: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
> >> > objectClass: top
> >> > objectClass: organizationalUnit
> >> > ou: Spinlab
> >> > distinguishedName: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-
> >> science,DC=pl> instanceType: 4
> >> > whenCreated: 20140624213713.0Z
> >> > whenChanged: 20150218170112.0Z
> >> > uSNCreated: 12422
> >> > uSNChanged: 12422
> >> > name: Spinlab
> >> > objectGUID:: azRCPrfwcESx5kXQ5PrNyg==
> >> > objectCategory:
> >> > CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=e-sci,DC=
> >> > e-science,DC=pl
> >> > dSCorePropagationData: 16010101000000.0Z
> >> >
> >> >
> >> >
> >> >
> >>
> >>
> ================================================================================>>> OMERO Diagnostics 5.1.3-ice35-b52
> >> >
> >>
> >>
> ================================================================================>>> > Commands: java -
> >>
> version 1.7.0 (/usr/bin/java)
> >> > Commands: python -
> >>
> V 2.7.6 (/usr/bin/python)
> >> > Commands: icegridnode --
> >> version
> 3.5.1 (/usr/bin/icegridnode)
> >> > Commands: icegridadmin --
> >> version
> 3.5.1 (/usr/bin/icegridadmin)
> >> > Commands: psql --
> >>
> version 9.3.9 (/usr/bin/psql)
> >> >
> >> >
> >> > Server:
> >>
> icegridnode running
> >> > Server: Blitz-
> >>
> 0 active (pid = 1416, enabled)
> >> > Server:
> >>
> DropBox active (pid = 1430, enabled)
> >> > Server:
> >>
> FileServer active (pid = 1438, enabled)
> >> > Server: Indexer-
> >>
> 0 active (pid = 1440, enabled)
> >> > Server:
> >>
> MonitorServer active (pid = 1441, enabled)
> >> > Server:
> >>
> OMERO.Glacier2 active (pid = 1443, enabled)
> >> > Server:
> >>
> OMERO.IceStorm active (pid = 1447, enabled)
> >> > Server: PixelData-
> >>
> 0 active (pid = 1444, enabled)
> >> > Server: Processor-
> >>
> 0 active (pid = 1456, enabled)
> >> > Server: Tables-
> >>
> 0 active (pid = 1473, enabled)
> >> > Server:
> >>
> TestDropBox inactive (enabled)
> >> >
> >> >
> >> > Log dir: /home/omero/OMERO.server-5.1.3-
> >> ice35-b52/var/log exists
> >> >
> >> >
> >> > Log files: Blitz-
> >>
> 0.log 147.0 MB errors=1074
> >> > warnings=177
> >> > Log files:
> >>
> DropBox.log 47.0 KB errors=2
> >> > warnings=16
> >> > Log files:
> >>
> FileServer.log 6.0 KB
> >> > Log files: Indexer-
> >>
> 0.log 1.0 MB
> >> > Log files:
> >>
> MonitorServer.log 25.0 KB
> >> > Log files:
> >>
> OMEROweb.lock 0.0 KB
> >> > Log files:
> >>
> OMEROweb.log 231.0 KB errors=0
> >> > warnings=1
> >> > Log files:
> >>
> OMEROweb_request.lock 0.0 KB
> >> > Log files:
> >>
> OMEROweb_request.log 0.0 KB
> >> > Log files: PixelData-
> >>
> 0.log 430.0 KB
> >> > Log files: Processor-
> >>
> 0.log 3.0 MB errors=985
> >> > warnings=12
> >> > Log files: Tables-
> >>
> 0.log 32.0 KB errors=0
> >
> >> > warnings=12
> >> > Log files:
> >>
> TestDropBox.log n/a
> >> > Log files:
> >>
> master.err 17.0 KB errors=0
> >> > warnings=12
> >> > Log files:
> >>
> master.out 0.0 KB
> >> > Log files: Total
> >>
> size 153.46 MB
> >> >
> >> >
> >> >
> >> >
> >> > Environment:OMERO_HOME=(unset)
> >> > Environment:OMERO_NODE=(unset)
> >> > Environment:OMERO_MASTER=(unset)
> >> > Environment:OMERO_USERDIR=(unset)
> >> > Environment:OMERO_TMPDIR=(unset)
> >> >
> >>
> >>
> Environment:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games>>> Environment:PYTHONPATH=(unset)
> >> > Environment:ICE_HOME=(unset)
> >> > Environment:LD_LIBRARY_PATH=(unset)
> >> > Environment:DYLD_LIBRARY_PATH=(unset)
> >> >
> >> >
> >> > OMERO SSL port:4064
> >> > OMERO TCP port:4063
> >> > OMERO data
> >>
> dir:'/OMERO' Exists? True Is writable? True
> >> > OMERO temp
> >>
> dir:'/home/omero/omero/tmp' Exists? True Is writable? True
> >> > (Size: 0)
> >> >
> >> >
> >> > JVM settings:
> >>
> Blitz -Xmx1260m -XX:MaxPermSize=1g
> >> > -XX:+IgnoreUnrecognizedVMOptions
> >> > JVM settings:
> >>
> Indexer -Xmx840m -XX:MaxPermSize=1g
> >> > -XX:+IgnoreUnrecognizedVMOptions
> >> > JVM settings:
> >>
> Pixeldata -Xmx1260m -XX:MaxPermSize=1g
> >> > -XX:+IgnoreUnrecognizedVMOptions
> >> > JVM settings:
> >>
> Repository -Xmx840m -XX:MaxPermSize=1g
> >> > -XX:+IgnoreUnrecognizedVMOptions
> >> >
> >> >
> >> > OMERO.web status... [RUNNING] (PID 1717)
> >> >
> >> >
> >> > --
> >> > Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
> >> > Wrocławskie Centrum Sieciowo-Superkomputerowe
> >> > tel: +48 71 320 47 45, http://www.wcss.pl
> >> >
> >> >
> >> > _______________________________________________
> >> > ome-users mailing list
> >> > ome-users at lists.openmicroscopy.org.uk
> >> > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
> >> >
> >> _______________________________________________
> >> ome-users mailing list
> >> ome-users at lists.openmicroscopy.org.uk
> >> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
> >
> > --
> > Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
> > Wrocławskie Centrum Sieciowo-Superkomputerowe
> > tel: +48 71 320 47 45, http://www.wcss.pl
> >
> >
> > _______________________________________________
> > ome-users mailing list
> > ome-users at lists.openmicroscopy.org.uk
> > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
> >
--
Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
Wrocławskie Centrum Sieciowo-Superkomputerowe
tel: +48 71 320 47 45, http://www.wcss.pl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20150929/7f03a92c/attachment.html>
More information about the ome-users
mailing list