<div dir="ltr">Thanks Josh,<div><br></div><div>I just couldn't find in the docs that I need to login as admin user first... ;)<br clear="all"><div dir="ltr"><span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse;color:rgb(80, 0, 80)"><div>

<br></div><div>Cheers,</div><div>Leon Kolchinsky</div><div>Senior Software Specialist (Collaborative Applications)<br>ITS Research Support Services<br>Monash e-Research Centre (MeRC)<br></div>Monash University</span><div>

<font color="#500050" face="arial, sans-serif"><span style="border-collapse:collapse">tel: +61 3 99059560</span></font></div></div><br>
<br><br><div class="gmail_quote">On Wed, Sep 28, 2011 at 15:54, Josh Moore <span dir="ltr"><<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

Hi Leon,<br>
<br>
sorry for the confusion, but the command is intended for administrators. I.e. you're changing the value for afelcher, so you'd need to login as root or similar:<br>
<br>
  /srv/omeroserver/bin/omero login root@localhost<br>
<div class="im"><br>
  /srv/omeroserver/bin/omero ldap setdn afulcher 'cn=Alex<br>
Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\, Nursing<br>
and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
<br>
<br>
</div>But changing it in the DB is also just fine! Glad to hear it's working.<br>
<font color="#888888"><br>
~Josh.<br>
</font><div><div></div><div class="h5"><br>
<br>
On Sep 28, 2011, at 2:15 AM, Leon Kolchinsky wrote:<br>
<br>
> Hello Josh,<br>
><br>
> Thanks.<br>
> I've tried your syntax but it didn't work (using a dummy password as I<br>
> don't know users LDAP password):<br>
><br>
> [omero@vera143 ~]$ /srv/omeroserver/bin/omero ldap setdn afulcher 'cn=Alex<br>
> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\, Nursing<br>
> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
> Server: [localhost]<br>
> Username: [omero]afulcher<br>
> Password:<br>
> Internal error. Please contact your administrator:<br>
> DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex Fulcher,ou=School<br>
> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
> Sciences,ou=Staff,o=Monash University,c=au'<br>
> Password:<br>
> Internal error. Please contact your administrator:<br>
> DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex Fulcher,ou=School<br>
> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
> Sciences,ou=Staff,o=Monash University,c=au'<br>
> Password:<br>
> 3 incorrect password attempts<br>
><br>
> So I just changed the dn in the DB like this:<br>
><br>
> UPDATE password set dn = E'cn=Alex Fulcher,ou=School of Biomedical<br>
> Sciences,ou=Faculty of Medicine\\, Nursing and Health<br>
> Sciences,ou=Staff,o=Monash University,c=au' where experimenter_id=504;<br>
><br>
> And confirmed the result:<br>
> Select * from password where experimenter_id=504;<br>
><br>
> The user was able to login then!!!!<br>
><br>
> But I decided to try the syntax of the command line again:<br>
> [omero@vera143 log]$ /srv/omeroserver/bin/omero ldap setdn afulcher 'cn=Alex<br>
> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\, Nursing<br>
> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
> Server: [localhost]<br>
> Username: [omero]afulcher<br>
> Password:<br>
> Password check failed for 'afulcher': [id=504]<br>
> Password:<br>
> Password check failed for 'afulcher': [id=504]<br>
> Password:<br>
> 3 incorrect password attempts<br>
><br>
> Am I doing something wrong on the command line here?<br>
><br>
> Cheers,<br>
> Leon Kolchinsky<br>
> Senior Software Specialist (Collaborative Applications)<br>
> ITS Research Support Services<br>
> Monash e-Research Centre (MeRC)<br>
> Monash University<br>
> tel: <a href="tel:%2B61%203%2099059560" value="+61399059560">+61 3 99059560</a><br>
><br>
><br>
><br>
> On Tue, Sep 27, 2011 at 21:02, Josh Moore <<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>> wrote:<br>
><br>
>> Hi Leon,<br>
>><br>
>> the LDAP login code was indeed changed for 4.3.2 because of possible<br>
>> security issues[#6248]. Part of this included disallowing differing DNs<br>
>> between LDAP and OMERO:<br>
>><br>
>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>><br>
>>  'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>><br>
>> The first value is the current DN for afulcher in OMERO; the second is the<br>
>> current DN for the user in LDAP. It looks pretty clear that this is a case<br>
>> of a minor change in LDAP. You can update afulcher's DN by using setdn:<br>
>><br>
>> bin/omero ldap setdn afulcher 'cn=Alex Fulcher,ou=School of Biomedical<br>
>> Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>><br>
>> Cheers,<br>
>> ~Josh<br>
>><br>
>> [#6248] <a href="https://trac.openmicroscopy.org.uk/ome/ticket/6248" target="_blank">https://trac.openmicroscopy.org.uk/ome/ticket/6248</a><br>
>><br>
>><br>
>> On Sep 27, 2011, at 7:34 AM, Leon Kolchinsky wrote:<br>
>><br>
>>> Hello,<br>
>>><br>
>>> I've upgraded previous version of OMERO to 4.3.2 and got complaints from<br>
>> a<br>
>>> user that he can't login to the server.<br>
>>> That's what I can see through the logs:<br>
>>><br>
>>> 2011-09-27 09:42:52,813 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-2)  Excp:    ome.conditions.ValidationException: DNs don't<br>
>> match:<br>
>>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>> Fulcher,ou=Department of Biochemistry and Molecular Biology,ou=Faculty of<br>
>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> and 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 09:43:58,977 WARN  [  ome.security.auth.LdapPasswordProvider]<br>
>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=Department of<br>
>> Biochemistry<br>
>>> and Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 09:44:02,046 WARN  [  ome.security.auth.LdapPasswordProvider]<br>
>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=Department of<br>
>> Biochemistry<br>
>>> and Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 09:44:05,060 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Excp:    ome.conditions.ValidationException: DNs don't<br>
>> match:<br>
>>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>> Fulcher,ou=Department of Biochemistry and Molecular Biology,ou=Faculty of<br>
>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> and 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 14:53:20,124 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-9)  Rslt:    cn=Alex Fulcher,ou=Department of Biochemistry and<br>
>>> Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au<br>
>>><br>
>>><br>
>>> So, I've updated his DN (in the DB) to reflect what I can see in the LDAP<br>
>>> (without \):<br>
>>><br>
>>> UPDATE password set dn = 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' where experimenter_id=504;<br>
>>><br>
>>> But he still can't connect, although in the webadmin panel I can see that<br>
>> DN<br>
>>> changed to 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty<br>
>> of<br>
>>> Medicine, Nursing and Health Sciences,ou=Staff,o=Monash University,c=au'.<br>
>>><br>
>>> Here is what I see in the logs:<br>
>>><br>
>>> 2011-09-27 15:21:47,476 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Executor.doWork --<br>
>>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(afulcher)<br>
>>> 2011-09-27 15:21:47,477 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Args:    [null, InternalSF@812610706]<br>
>>> 2011-09-27 15:21:47,478 INFO  [         ome.security.basic.EventHandler]<br>
>>> (l.Server-7)  Auth:<br>
>>><br>
>> user=0,group=0,event=null(Sessions),sess=95fa5807-9883-4ae1-9418-dbb1f7140b9d<br>
>>> 2011-09-27 15:21:47,524 WARN  [  ome.security.auth.LdapPasswordProvider]<br>
>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 15:21:47,524 WARN  [  ome.security.auth.LoginAttemptListener]<br>
>>> (l.Server-7) 21 failed logins for afulcher. Throttling for 3000<br>
>>> 2011-09-27 15:21:50,530 INFO  [                 org.perf4j.TimingLogger]<br>
>>> (l.Server-7) start[1317100907477] time[3053]<br>
>>> tag[omero.call.success.ome.services.sessions.SessionManagerImpl$8.doWork]<br>
>>> 2011-09-27 15:21:50,530 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Rslt:    null<br>
>>> 2011-09-27 15:21:50,531 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Executor.doWork --<br>
>>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(afulcher)<br>
>>> 2011-09-27 15:21:50,531 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Args:    [null, InternalSF@812610706]<br>
>>> 2011-09-27 15:21:50,558 INFO  [         ome.security.basic.EventHandler]<br>
>>> (l.Server-7)  Auth:<br>
>>><br>
>> user=0,group=0,event=61003(Sessions),sess=95fa5807-9883-4ae1-9418-dbb1f7140b9d<br>
>>> 2011-09-27 15:21:50,599 WARN  [  ome.security.auth.LdapPasswordProvider]<br>
>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>> Fulcher,ou=School<br>
>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 15:21:50,599 WARN  [  ome.security.auth.LoginAttemptListener]<br>
>>> (l.Server-7) 22 failed logins for afulcher. Throttling for 3000<br>
>>> 2011-09-27 15:21:53,613 INFO  [                 org.perf4j.TimingLogger]<br>
>>> (l.Server-7) start[1317100910531] time[3082] tag[omero.call.exception]<br>
>>> 2011-09-27 15:21:53,613 INFO  [        ome.services.util.ServiceHandler]<br>
>>> (l.Server-7)  Excp:    ome.conditions.ValidationException: DNs don't<br>
>> match:<br>
>>> 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine,<br>
>>> Nursing and Health Sciences,ou=Staff,o=Monash University,c=au' and<br>
>> 'cn=Alex<br>
>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\, Nursing<br>
>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>> 2011-09-27 15:21:53,614 ERROR [services.blitz.fire.PermissionsVerifierI]<br>
>>> (l.Server-7) Exception thrown while checking password for:afulcher<br>
>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine, Nursing<br>
>> and<br>
>>> Health Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\, Nursing<br>
>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>       at<br>
>>><br>
>> ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:126)<br>
>>>       at<br>
>>><br>
>> ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42)<br>
>>>       at ome.logic.AdminImpl.checkPassword(AdminImpl.java:1194)<br>
>>>       at<br>
>>><br>
>> ome.services.sessions.SessionManagerImpl$9.doWork(SessionManagerImpl.java:978)<br>
>>>       at sun.reflect.GeneratedMethodAccessor250.invoke(Unknown Source)<br>
>>>       at<br>
>>><br>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<br>
>>>       at java.lang.reflect.Method.invoke(Method.java:597)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)<br>
>>>       at<br>
>>> ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:440)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at ome.security.basic.EventHandler.invoke(EventHandler.java:150)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at<br>
>>><br>
>> org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at<br>
>>><br>
>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at<br>
>>><br>
>> ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at<br>
>> ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>       at<br>
>>><br>
>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)<br>
>>>       at $Proxy64.doWork(Unknown Source)<br>
>>>       at ome.services.util.Executor$Impl.execute(Executor.java:371)<br>
>>>       at<br>
>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(SessionManagerImpl.java:973)<br>
>>>       at<br>
>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:945)<br>
>>>       at<br>
>>><br>
>> ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:920)<br>
>>>       at<br>
>>><br>
>> ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:135)<br>
>>>       at<br>
>>><br>
>> Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:90)<br>
>>>       at<br>
>>><br>
>> Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:118)<br>
>>>       at IceInternal.Incoming.invoke(Incoming.java:159)<br>
>>>       at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)<br>
>>>       at Ice.ConnectionI.message(ConnectionI.java:972)<br>
>>>       at IceInternal.ThreadPool.run(ThreadPool.java:577)<br>
>>>       at IceInternal.ThreadPool.access$100(ThreadPool.java:12)<br>
>>>       at<br>
>>> IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)<br>
>>><br>
>>> Any advise/solution?<br>
>>><br>
>>> Cheers,<br>
>>> Leon Kolchinsky<br>
>>> Senior Software Specialist (Collaborative Applications)<br>
>>> ITS Research Support Services<br>
>>> Monash e-Research Centre (MeRC)<br>
>>> Monash University<br>
>>> tel: <a href="tel:%2B61%203%2099059560" value="+61399059560">+61 3 99059560</a><br>
>>> _______________________________________________<br>
>>> ome-users mailing list<br>
>>> <a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a><br>
>>> <a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> ome-users mailing list<br>
>> <a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a><br>
>> <a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br>
>><br>
>><br>
<br>
</div></div><br>_______________________________________________<br>
ome-users mailing list<br>
<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a><br>
<a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br>
<br></blockquote></div><br></div></div>