<div dir="ltr">Hello Josh,<div><br></div><div>Our LDAP managed by another team and they decide on the changes in LDAP using their own procedures.</div><div>In my opinion there is no need to keep DN in the DB at all.</div><div>
Keeping "<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">omeName" as user ID in the DB would suffice in most cases.</span></div><div>
<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "><br></span></div><div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">That's what most LDAP enabled Apps do (like Confluence and JIRA etc.).</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">Let the LDAP do what it's do best (provide directory services) and use the data pulled from LDAP on the fly (during login stage).</span></div>
<div><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "><br></span></div><div><font class="Apple-style-span" face="arial, sans-serif"><br></font></div>
<div><div dir="ltr"><span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse;color:rgb(80, 0, 80)"><div>Cheers,</div><div>Leon Kolchinsky</div><div>Senior Software Specialist (Collaborative Applications)<br>
ITS Research Support Services<br>Monash e-Research Centre (MeRC)<br></div>Monash University</span><div><font color="#500050" face="arial, sans-serif"><span style="border-collapse:collapse">tel: +61 3 99059560</span></font></div>
</div><br>
<br><br><div class="gmail_quote">On Thu, Sep 29, 2011 at 16:14, Josh Moore <span dir="ltr"><<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Leon,<br>
<div class="im"><br>
On Sep 29, 2011, at 2:08 AM, Leon Kolchinsky wrote:<br>
<br>
> Hi Josh,<br>
><br>
> 1) Yep, I've checked "bin/omero ldap setdn --help" and<br>
> <a href="http://www.openmicroscopy.org/site/support/faq/omero/how-do-you-convert-a-non-ldap-user-to-using-ldap" target="_blank">http://www.openmicroscopy.org/site/support/faq/omero/how-do-you-convert-a-non-ldap-user-to-using-ldap</a><br>
<br>
</div>Ok, thanks.<br>
<div class="im"><br>
> and didn't see any mention of "bin/omero login root@localhost"<br>
<br>
bin/omero login root@localhost<br>
<br>
</div>is the same as using the following:<br>
<br>
Server: [localhost]<br>
Username: [omero]root<br>
Password:<br>
<br>
but it definitely needs to be clearer that the bin/omero ldap setdn command is an admin tool for changing values for users.<br>
<div class="im"><br>
> 2) Another thing that bothers me with this LDAP change is that we use "uid"<br>
> to identify user during login and DN of our users changes once in a while.<br>
> This way after every change in LDAP (causing DN change for the users) I'll<br>
> have to go and manually update users' DN's in OMERO DB.<br>
> Why can't it just compare output of login name (during login)<br>
> and omero.ldap.user_filter result?<br>
<br>
</div>It could. The issue as always with LDAP is the wide number of ways that people can use it. In this case, we erred on the side of caution assuming that there could be a case of DN changes with unintended consequences.<br>
<br>
But, in your opinion, if the DN changes but the user_filter still matches, the DN should be updated? Can you think of any exceptions? And for everyone, would there need to be a configuration option to prevent the DN modification?<br>
<br>
In the upcoming 4.3.3 bug fix release[1], there will be the opportunity to rollback to the previous LdapPasswordProvider logic[2]. This would solve your situation. Though it would be good to know, in general, if the strict DN checking is actually not desired by LDAP-using administrators. If not, then it can be removed. If the vote is not clear, perhaps there does in fact need to be a configuration option.<br>
<br>
Cheers,<br>
~Josh.<br>
<br>
[1] <a href="https://trac.openmicroscopy.org.uk/ome/milestone/OMERO-Beta4.3.3" target="_blank">https://trac.openmicroscopy.org.uk/ome/milestone/OMERO-Beta4.3.3</a><br>
[2] <a href="http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002808.html" target="_blank">http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002808.html</a><br>
<div><div></div><div class="h5"><br>
<br>
> Configuration snap:<br>
> $ /srv/omeroserver/bin/omero config get<br>
> omero.ldap.base=o=Monash University,c=au<br>
> omero.ldap.config=true<br>
> omero.ldap.user_filter=(&(objectClass=inetOrgPerson)(uid=*))<br>
> omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail<br>
><br>
><br>
> Cheers,<br>
> Leon Kolchinsky<br>
> Senior Software Specialist (Collaborative Applications)<br>
> ITS Research Support Services<br>
> Monash e-Research Centre (MeRC)<br>
> Monash University<br>
> tel: <a href="tel:%2B61%203%2099059560" value="+61399059560">+61 3 99059560</a><br>
><br>
><br>
><br>
> On Wed, Sep 28, 2011 at 16:23, Josh Moore <<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>> wrote:<br>
><br>
>><br>
>> On Sep 28, 2011, at 8:00 AM, Leon Kolchinsky wrote:<br>
>><br>
>>> Thanks Josh,<br>
>><br>
>> Gladly.<br>
>><br>
>>> I just couldn't find in the docs that I need to login as admin user<br>
>> first...<br>
>>> ;)<br>
>><br>
>> Again, sorry for the confusion. I'll look into making it clearer:<br>
>><br>
>> <a href="https://trac.openmicroscopy.org.uk/ome/ticket/6868" target="_blank">https://trac.openmicroscopy.org.uk/ome/ticket/6868</a><br>
>><br>
>> Did you look at "bin/omero ldap setdn -h" or anywhere else in particular?<br>
>><br>
>> ~Josh.<br>
>><br>
>><br>
>>> Cheers,<br>
>>> Leon Kolchinsky<br>
>>> Senior Software Specialist (Collaborative Applications)<br>
>>> ITS Research Support Services<br>
>>> Monash e-Research Centre (MeRC)<br>
>>> Monash University<br>
>>> tel: <a href="tel:%2B61%203%2099059560" value="+61399059560">+61 3 99059560</a><br>
>>><br>
>>><br>
>>><br>
>>> On Wed, Sep 28, 2011 at 15:54, Josh Moore <<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>><br>
>> wrote:<br>
>>><br>
>>>> Hi Leon,<br>
>>>><br>
>>>> sorry for the confusion, but the command is intended for administrators.<br>
>>>> I.e. you're changing the value for afelcher, so you'd need to login as<br>
>> root<br>
>>>> or similar:<br>
>>>><br>
>>>> /srv/omeroserver/bin/omero login root@localhost<br>
>>>><br>
>>>> /srv/omeroserver/bin/omero ldap setdn afulcher 'cn=Alex<br>
>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\,<br>
>> Nursing<br>
>>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>><br>
>>>><br>
>>>> But changing it in the DB is also just fine! Glad to hear it's working.<br>
>>>><br>
>>>> ~Josh.<br>
>>>><br>
>>>><br>
>>>> On Sep 28, 2011, at 2:15 AM, Leon Kolchinsky wrote:<br>
>>>><br>
>>>>> Hello Josh,<br>
>>>>><br>
>>>>> Thanks.<br>
>>>>> I've tried your syntax but it didn't work (using a dummy password as I<br>
>>>>> don't know users LDAP password):<br>
>>>>><br>
>>>>> [omero@vera143 ~]$ /srv/omeroserver/bin/omero ldap setdn afulcher<br>
>>>> 'cn=Alex<br>
>>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\,<br>
>> Nursing<br>
>>>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>> Server: [localhost]<br>
>>>>> Username: [omero]afulcher<br>
>>>>> Password:<br>
>>>>> Internal error. Please contact your administrator:<br>
>>>>> DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>> Fulcher,ou=School<br>
>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>> Password:<br>
>>>>> Internal error. Please contact your administrator:<br>
>>>>> DNs don't match: 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>> Fulcher,ou=School<br>
>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>> Password:<br>
>>>>> 3 incorrect password attempts<br>
>>>>><br>
>>>>> So I just changed the dn in the DB like this:<br>
>>>>><br>
>>>>> UPDATE password set dn = E'cn=Alex Fulcher,ou=School of Biomedical<br>
>>>>> Sciences,ou=Faculty of Medicine\\, Nursing and Health<br>
>>>>> Sciences,ou=Staff,o=Monash University,c=au' where experimenter_id=504;<br>
>>>>><br>
>>>>> And confirmed the result:<br>
>>>>> Select * from password where experimenter_id=504;<br>
>>>>><br>
>>>>> The user was able to login then!!!!<br>
>>>>><br>
>>>>> But I decided to try the syntax of the command line again:<br>
>>>>> [omero@vera143 log]$ /srv/omeroserver/bin/omero ldap setdn afulcher<br>
>>>> 'cn=Alex<br>
>>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\,<br>
>> Nursing<br>
>>>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>> Server: [localhost]<br>
>>>>> Username: [omero]afulcher<br>
>>>>> Password:<br>
>>>>> Password check failed for 'afulcher': [id=504]<br>
>>>>> Password:<br>
>>>>> Password check failed for 'afulcher': [id=504]<br>
>>>>> Password:<br>
>>>>> 3 incorrect password attempts<br>
>>>>><br>
>>>>> Am I doing something wrong on the command line here?<br>
>>>>><br>
>>>>> Cheers,<br>
>>>>> Leon Kolchinsky<br>
>>>>> Senior Software Specialist (Collaborative Applications)<br>
>>>>> ITS Research Support Services<br>
>>>>> Monash e-Research Centre (MeRC)<br>
>>>>> Monash University<br>
>>>>> tel: <a href="tel:%2B61%203%2099059560" value="+61399059560">+61 3 99059560</a><br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> On Tue, Sep 27, 2011 at 21:02, Josh Moore <<a href="mailto:josh@glencoesoftware.com">josh@glencoesoftware.com</a>><br>
>>>> wrote:<br>
>>>>><br>
>>>>>> Hi Leon,<br>
>>>>>><br>
>>>>>> the LDAP login code was indeed changed for 4.3.2 because of possible<br>
>>>>>> security issues[#6248]. Part of this included disallowing differing<br>
>> DNs<br>
>>>>>> between LDAP and OMERO:<br>
>>>>>><br>
>>>>>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>>>>>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>><br>
>>>>>> 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>>>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'<br>
>>>>>><br>
>>>>>> The first value is the current DN for afulcher in OMERO; the second is<br>
>>>> the<br>
>>>>>> current DN for the user in LDAP. It looks pretty clear that this is a<br>
>>>> case<br>
>>>>>> of a minor change in LDAP. You can update afulcher's DN by using<br>
>> setdn:<br>
>>>>>><br>
>>>>>> bin/omero ldap setdn afulcher 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>>>>> Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>><br>
>>>>>> Cheers,<br>
>>>>>> ~Josh<br>
>>>>>><br>
>>>>>> [#6248] <a href="https://trac.openmicroscopy.org.uk/ome/ticket/6248" target="_blank">https://trac.openmicroscopy.org.uk/ome/ticket/6248</a><br>
>>>>>><br>
>>>>>><br>
>>>>>> On Sep 27, 2011, at 7:34 AM, Leon Kolchinsky wrote:<br>
>>>>>><br>
>>>>>>> Hello,<br>
>>>>>>><br>
>>>>>>> I've upgraded previous version of OMERO to 4.3.2 and got complaints<br>
>>>> from<br>
>>>>>> a<br>
>>>>>>> user that he can't login to the server.<br>
>>>>>>> That's what I can see through the logs:<br>
>>>>>>><br>
>>>>>>> 2011-09-27 09:42:52,813 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-2) Excp: ome.conditions.ValidationException: DNs don't<br>
>>>>>> match:<br>
>>>>>>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>>>>>>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>>>>>> Fulcher,ou=Department of Biochemistry and Molecular<br>
>> Biology,ou=Faculty<br>
>>>> of<br>
>>>>>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'<br>
>>>>>>> and 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>>>>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'<br>
>>>>>>> 2011-09-27 09:43:58,977 WARN [<br>
>>>> ome.security.auth.LdapPasswordProvider]<br>
>>>>>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=Department of<br>
>>>>>> Biochemistry<br>
>>>>>>> and Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> 2011-09-27 09:44:02,046 WARN [<br>
>>>> ome.security.auth.LdapPasswordProvider]<br>
>>>>>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=Department of<br>
>>>>>> Biochemistry<br>
>>>>>>> and Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> 2011-09-27 09:44:05,060 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Excp: ome.conditions.ValidationException: DNs don't<br>
>>>>>> match:<br>
>>>>>>> 'cn=Alex Fulcher,ou=Department of Biochemistry and Molecular<br>
>>>>>>> Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>>>>>> Fulcher,ou=Department of Biochemistry and Molecular<br>
>> Biology,ou=Faculty<br>
>>>> of<br>
>>>>>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'<br>
>>>>>>> and 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>>>>>> Medicine\, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'<br>
>>>>>>> 2011-09-27 14:53:20,124 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-9) Rslt: cn=Alex Fulcher,ou=Department of Biochemistry<br>
>>>> and<br>
>>>>>>> Molecular Biology,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au<br>
>>>>>>><br>
>>>>>>><br>
>>>>>>> So, I've updated his DN (in the DB) to reflect what I can see in the<br>
>>>> LDAP<br>
>>>>>>> (without \):<br>
>>>>>>><br>
>>>>>>> UPDATE password set dn = 'cn=Alex Fulcher,ou=School of Biomedical<br>
>>>>>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' where<br>
>> experimenter_id=504;<br>
>>>>>>><br>
>>>>>>> But he still can't connect, although in the webadmin panel I can see<br>
>>>> that<br>
>>>>>> DN<br>
>>>>>>> changed to 'cn=Alex Fulcher,ou=School of Biomedical<br>
>> Sciences,ou=Faculty<br>
>>>>>> of<br>
>>>>>>> Medicine, Nursing and Health Sciences,ou=Staff,o=Monash<br>
>>>> University,c=au'.<br>
>>>>>>><br>
>>>>>>> Here is what I see in the logs:<br>
>>>>>>><br>
>>>>>>> 2011-09-27 15:21:47,476 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Executor.doWork --<br>
>>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(afulcher)<br>
>>>>>>> 2011-09-27 15:21:47,477 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Args: [null, InternalSF@812610706]<br>
>>>>>>> 2011-09-27 15:21:47,478 INFO [<br>
>>>> ome.security.basic.EventHandler]<br>
>>>>>>> (l.Server-7) Auth:<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> user=0,group=0,event=null(Sessions),sess=95fa5807-9883-4ae1-9418-dbb1f7140b9d<br>
>>>>>>> 2011-09-27 15:21:47,524 WARN [<br>
>>>> ome.security.auth.LdapPasswordProvider]<br>
>>>>>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=School of<br>
>> Biomedical<br>
>>>>>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> 2011-09-27 15:21:47,524 WARN [<br>
>>>> ome.security.auth.LoginAttemptListener]<br>
>>>>>>> (l.Server-7) 21 failed logins for afulcher. Throttling for 3000<br>
>>>>>>> 2011-09-27 15:21:50,530 INFO [<br>
>>>> org.perf4j.TimingLogger]<br>
>>>>>>> (l.Server-7) start[1317100907477] time[3053]<br>
>>>>>>><br>
>>>><br>
>> tag[omero.call.success.ome.services.sessions.SessionManagerImpl$8.doWork]<br>
>>>>>>> 2011-09-27 15:21:50,530 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Rslt: null<br>
>>>>>>> 2011-09-27 15:21:50,531 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Executor.doWork --<br>
>>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(afulcher)<br>
>>>>>>> 2011-09-27 15:21:50,531 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Args: [null, InternalSF@812610706]<br>
>>>>>>> 2011-09-27 15:21:50,558 INFO [<br>
>>>> ome.security.basic.EventHandler]<br>
>>>>>>> (l.Server-7) Auth:<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> user=0,group=0,event=61003(Sessions),sess=95fa5807-9883-4ae1-9418-dbb1f7140b9d<br>
>>>>>>> 2011-09-27 15:21:50,599 WARN [<br>
>>>> ome.security.auth.LdapPasswordProvider]<br>
>>>>>>> (l.Server-7) DNs don't match: 'cn=Alex Fulcher,ou=School of<br>
>> Biomedical<br>
>>>>>>> Sciences,ou=Faculty of Medicine, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>> Fulcher,ou=School<br>
>>>>>>> of Biomedical Sciences,ou=Faculty of Medicine\, Nursing and Health<br>
>>>>>>> Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> 2011-09-27 15:21:50,599 WARN [<br>
>>>> ome.security.auth.LoginAttemptListener]<br>
>>>>>>> (l.Server-7) 22 failed logins for afulcher. Throttling for 3000<br>
>>>>>>> 2011-09-27 15:21:53,613 INFO [<br>
>>>> org.perf4j.TimingLogger]<br>
>>>>>>> (l.Server-7) start[1317100910531] time[3082]<br>
>> tag[omero.call.exception]<br>
>>>>>>> 2011-09-27 15:21:53,613 INFO [<br>
>>>> ome.services.util.ServiceHandler]<br>
>>>>>>> (l.Server-7) Excp: ome.conditions.ValidationException: DNs don't<br>
>>>>>> match:<br>
>>>>>>> 'cn=Alex Fulcher,ou=School of Biomedical Sciences,ou=Faculty of<br>
>>>> Medicine,<br>
>>>>>>> Nursing and Health Sciences,ou=Staff,o=Monash University,c=au' and<br>
>>>>>> 'cn=Alex<br>
>>>>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\,<br>
>>>> Nursing<br>
>>>>>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> 2011-09-27 15:21:53,614 ERROR<br>
>>>> [services.blitz.fire.PermissionsVerifierI]<br>
>>>>>>> (l.Server-7) Exception thrown while checking password for:afulcher<br>
>>>>>>> ome.conditions.ValidationException: DNs don't match: 'cn=Alex<br>
>>>>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine,<br>
>>>> Nursing<br>
>>>>>> and<br>
>>>>>>> Health Sciences,ou=Staff,o=Monash University,c=au' and 'cn=Alex<br>
>>>>>>> Fulcher,ou=School of Biomedical Sciences,ou=Faculty of Medicine\,<br>
>>>> Nursing<br>
>>>>>>> and Health Sciences,ou=Staff,o=Monash University,c=au'<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:126)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42)<br>
>>>>>>> at ome.logic.AdminImpl.checkPassword(AdminImpl.java:1194)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl$9.doWork(SessionManagerImpl.java:978)<br>
>>>>>>> at sun.reflect.GeneratedMethodAccessor250.invoke(Unknown Source)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)<br>
>>>>>>> at java.lang.reflect.Method.invoke(Method.java:597)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)<br>
>>>>>>> at<br>
>>>>>>> ome.services.util.Executor$Impl$Interceptor.invoke(Executor.java:440)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at ome.security.basic.EventHandler.invoke(EventHandler.java:150)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:231)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at<br>
>>>>>> ome.services.util.ServiceHandler.invoke(ServiceHandler.java:116)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)<br>
>>>>>>> at $Proxy64.doWork(Unknown Source)<br>
>>>>>>> at ome.services.util.Executor$Impl.execute(Executor.java:371)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(SessionManagerImpl.java:973)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl.executeCheckPassword(SessionManagerImpl.java:945)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.services.sessions.SessionManagerImpl.executePasswordCheck(SessionManagerImpl.java:920)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> ome.services.blitz.fire.PermissionsVerifierI.checkPermissions(PermissionsVerifierI.java:135)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> Glacier2._PermissionsVerifierDisp.___checkPermissions(_PermissionsVerifierDisp.java:90)<br>
>>>>>>> at<br>
>>>>>>><br>
>>>>>><br>
>>>><br>
>> Glacier2._PermissionsVerifierDisp.__dispatch(_PermissionsVerifierDisp.java:118)<br>
>>>>>>> at IceInternal.Incoming.invoke(Incoming.java:159)<br>
>>>>>>> at Ice.ConnectionI.invokeAll(ConnectionI.java:2037)<br>
>>>>>>> at Ice.ConnectionI.message(ConnectionI.java:972)<br>
>>>>>>> at IceInternal.ThreadPool.run(ThreadPool.java:577)<br>
>>>>>>> at IceInternal.ThreadPool.access$100(ThreadPool.java:12)<br>
>>>>>>> at<br>
>>>>>>> IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:971)<br>
>>>>>>><br>
>>>>>>> Any advise/solution?<br>
>><br>
>> _______________________________________________<br>
>> ome-users mailing list<br>
>> <a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a><br>
>> <a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br>
>><br>
<br>
</div></div><br>_______________________________________________<br>
ome-users mailing list<br>
<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a><br>
<a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users" target="_blank">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br>
<br></blockquote></div><br></div></div>