<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>
<div>Hey Wojtek,</div>
<div><br>
</div>
<div>Your Omero LDAP settings should be:</div>
<div>
<div><br>
</div>
<div>
<pre>omero.ldap.user_filter=(objectClass=person)</pre>
<pre><br></pre>
<pre># you were missing underscore on user_mapping</pre>
<pre>omero.ldap.user_mapping 'omeName=uid,firstName=givenName,lastName=sn,email=mail'</pre>
<pre><br></pre>
<pre>omero.ldap.group_filter '(objectClass=group)'</pre>
<pre><br></pre>
<pre><div style="font-family: Calibri, sans-serif; white-space: normal; "><pre># I am not sure why you want the entire DN being mapped to name. CN is enough as entries are unique. As you want group name being 'spinlab-uslugi_grupowe'</pre></div></pre>
</div>
<div>
<pre>omero.ldap.group_mapping=name=cn</pre>
<pre><br></pre>
<pre># members of a group will be filter using member attribute</pre>
<pre># spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl
# dn: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
# objectClass: group
# cn: spinlab-uslugi_grupowe
<b># member: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl</b></pre>
<pre><tt class="docutils literal">omero.ldap.new_user_group ':query:(member=@{dn})'</tt></pre>
</div>
<div>
<pre>omero.ldap.sync_on_login true</pre>
</div>
</div>
<div>
<div><br>
</div>
<div>Let me know if that helps. Please attache errors from var/log/Blitz-0.log if that is still failing</div>
<div><br>
</div>
<div>
<div>Kind regards</div>
<div>Ola</div>
</div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Wojciech Kaczmarczyk <<a href="mailto:wojciech.kaczmarczyk@pwr.edu.pl">wojciech.kaczmarczyk@pwr.edu.pl</a>><br>
<span style="font-weight:bold">Reply-To: </span>OME User Support List <<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Date: </span>Mon, 3 Aug 2015 11:18:37 +0200<br>
<span style="font-weight:bold">To: </span><<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Subject: </span>[ome-users] OMERO how to get short ou value to group name<br>
</div>
<div><br>
</div>
<div>
<div bgcolor="#FFFFFF" text="#000000">Dear Open Microscopy Mainainers,<br>
<br>
I try set up a <span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); ">
OMERO.server-5.1.3-ice35-b52 server with configuration to get users and groups from Active Directory.<br>
<br>
How to set up short values of my group names in my omero ldap settings?<br>
<br>
i.e. I am member of omero group: </span><br>
<span style="color: rgb(0, 0, 0); font-family: 'Times New Roman';
font-size: medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
!important; float: none; background-color: rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); ">dn:
CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s<br>
cience,DC=pl<br>
<br>
I want to be member of omero group:<br>
</span></span><span style="color: rgb(0, 0, 0); font-family:
'Times New Roman'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none; background-color:
rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0);
font-family: 'Times New Roman'; font-size: medium; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans: auto;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline !important;
float: none; background-color: rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman';
font-size: medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none; background-color: rgb(235,
235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); ">spinlab-uslugi_grupowe<br>
<br>
When I change </span></span></span></span><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman';
font-size: medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline
!important; float: none; background-color: rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman';
font-size: medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none; background-color: rgb(235, 235,
250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New
Roman'; font-size: medium; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;
background-color: rgb(235, 235, 250);"><span style="color:
rgb(0, 0, 0); font-family: 'Times New Roman'; font-size:
medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none; background-color: rgb(235,
235, 250);"><span style="color: rgb(0, 0, 0); font-family:
'Times New Roman'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline
!important; float: none; background-color: rgb(235, 235,
250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); ">omero.ldap.group_mapping
name name=cn, I can not find correct value to </span></span></span></span></span></span><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); "><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman';
font-size: medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none; background-color: rgb(235, 235,
250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New
Roman'; font-size: medium; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;
background-color: rgb(235, 235, 250);"><span style="color:
rgb(0, 0, 0); font-family: 'Times New Roman'; font-size:
medium; font-style: normal; font-variant: normal;
font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px; display:
inline !important; float: none; background-color: rgb(235,
235, 250);"><span style="color: rgb(0, 0, 0); font-family:
'Times New Roman'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing:
normal; line-height: normal; orphans: auto; text-align:
start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; display: inline
!important; float: none; background-color: rgb(235, 235,
250);"><span style="color: rgb(0, 0, 0); font-family:
'Times New Roman'; font-size: medium; font-style:
normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
display: inline !important; float: none;
background-color: rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New
Roman'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal; orphans:
auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;
background-color: rgb(235, 235, 250);"><span style="color: rgb(0, 0, 0); font-family: 'Times New
Roman'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal;
letter-spacing: normal; line-height: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows:
auto; word-spacing: 0px; -webkit-text-stroke-width:
0px; display: inline !important; float: none;
background-color: rgb(235, 235, 250);">omero.ldap.new_user_group
or another mix of values. </span></span></span></span></span></span></span><br>
</span><br>
Thank You for help.<br>
<br>
Wojciech Kaczmarczyk<br>
<br>
<span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); "><span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); ">My
working ldap omero configuration is: <br>
<br>
Omero LDAP settings are:<br>
omero.ldap.user_filter (objectClass=person)<br>
omero.ldap.user_mapping ome Name=uid,firstName=givenName,lastName=sn<br>
omero.ldap.group_filter (objectClass=group)<br>
omero.ldap.group_mapping name <b>name=dn<br>
</b>omero.ldap.new_user_group :attribute:memberOf<br>
omero.ldap.sync_on_login true<br>
<br>
</span><br>
My group AD example entry is:<br>
<br>
# spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl<br>
dn: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s<br>
cience,DC=pl<br>
objectClass: top<br>
objectClass: group<br>
cn: spinlab-uslugi_grupowe<br>
member: .... (cut)<br>
member: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl<br>
member: ....(cut)<br>
distinguishedName: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,<br>
DC=e-sci,DC=e-science,DC=pl<br>
instanceType: 4<br>
whenCreated: 20150130093600.0Z<br>
whenChanged: 20150611082904.0Z<br>
displayName: Uslugi Grupowe<br>
uSNCreated: 12970<br>
uSNChanged: 443524<br>
name: spinlab-uslugi_grupowe<br>
objectGUID:: C1PPQYYXokuhk+YL5nS6kA==<br>
objectSid:: AQUAAAAAAAUVAAAAj+/aqojK9qSkjDPiwAgAAA==<br>
sAMAccountName: spinlab-uslugi_grupowe<br>
sAMAccountType: 268435456<br>
groupType: -2147483646<br>
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=p<br>
l<br>
dSCorePropagationData: 16010101000000.0Z<br>
mail: <a class="moz-txt-link-abbreviated" href="mailto:uslugi_grupowe@spinlab.e-science.pl">
uslugi_grupowe@spinlab.e-science.pl</a><br>
gidNumber: 30065<br>
(cut)<br>
memberUid: wojtek<br>
(cut)<br>
mgrpAllowedDomain: open<br>
<br>
<br>
<br>
My people AD example entry dn record is:<br>
</span><br>
dn: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl<br>
objectClass: top<br>
objectClass: person<br>
objectClass: organizationalPerson<br>
objectClass: user<br>
cn: wojtek<br>
sn: K<br>
telephoneNumber: 4745<br>
givenName: Wojciech<br>
distinguishedName: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-sc<br>
ience,DC=pl<br>
instanceType: 4<br>
whenCreated: 20140820125719.0Z<br>
whenChanged: 20150728060320.0Z<br>
displayName: Wojciech K<br>
uSNCreated: 12963<br>
memberOf: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,<br>
DC=e-science,DC=pl<br>
memberOf:: Q049VcW8eXRrb3duaWN5IGRvbWVueSxDTj1Vc2VycyxEQz1lLXNjaSxEQz1lLXNjaWV<br>
uY2UsREM9cGw=<br>
uSNChanged: 808877<br>
name: wojtek<br>
objectGUID:: 1g6hIaCpEUWkuj/J8SC5jA==<br>
userAccountControl: 66048<br>
badPwdCount: 0<br>
codePage: 0<br>
countryCode: 0<br>
homeDirectory: /home/spinlab/Personal/wojtek<br>
badPasswordTime: 130827176653875873<br>
lastLogon: 130826268091324773<br>
pwdLastSet: 130689139032131884<br>
primaryGroupID: 1230<br>
objectSid:: AQUAAAAAAAUVAAAA<br>
accountExpires: 9223372036854775807<br>
logonCount: 0<br>
sAMAccountName: wojtek<br>
sAMAccountType: 805306368<br>
userPrincipalName: wojciech.kaczmarczyk@maildomain<br>
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=<br>
pl<br>
dSCorePropagationData: 16010101000000.0Z<br>
lastLogonTimestamp: 130825370007850204<br>
uid: wojtek<br>
mail: wojtek@maildomain<br>
uidNumber: 58072<br>
gidNumber: 30001<br>
unixHomeDirectory: /home/spinlab/Personal/wojtek<br>
loginShell: /bin/bash<br>
maildrop: wojciech.kaczmarczyk@maildomain<br>
<span style="color: rgb(0, 0, 0); font-family: 'Times New Roman'; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; display: inline !important; float: none; background-color: rgb(235, 235, 250); "><br>
<br>
<br>
<br>
</span>
<pre class="moz-signature" cols="72">--
Wojciech Kaczmarczyk <a class="moz-txt-link-abbreviated" href="mailto:wojciech.kaczmarczyk@pwr.edu.pl">wojciech.kaczmarczyk@pwr.edu.pl</a>
Wroc³awskie Centrum Sieciowo-Superkomputerowe
tel: +48 71 320 47 45, <a class="moz-txt-link-freetext" href="http://www.wcss.pl">http://www.wcss.pl</a></pre>
</div>
</div>
_______________________________________________ ome-users mailing list <a href="mailto:ome-users@lists.openmicroscopy.org.uk">
ome-users@lists.openmicroscopy.org.uk</a> <a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users">
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a> </span><br>
<span style="font-size:10pt;">The University of Dundee is a registered Scottish Charity, No: SC015096</span>
</body>
</html>