<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>Ola </div>
<div><br>
</div>
<div>This appears significant to me from the logs (with a new user logging in) who is in appropriate AD group (LS-Omero-LSM710 in this case) </div>
<div><br>
</div>
<div>Default choice on create user: plzrk (ome.conditions.ValidationException: No group found for: cn=plzrk,ou=PL,ou=P,ou=Users,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk)</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</div>
<div><br>
</div>
<div>Logs have been uploaded </div>
<div><br>
</div>
<div>Shaun</div>
<div><br>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>ome-users <<a href="mailto:ome-users-bounces@lists.openmicroscopy.org.uk">ome-users-bounces@lists.openmicroscopy.org.uk</a>> on behalf of Shaun Hare <<a href="mailto:Shaun.Hare@nottingham.ac.uk">Shaun.Hare@nottingham.ac.uk</a>><br>
<span style="font-weight:bold">Reply-To: </span>OME User Support List <<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Date: </span>Monday, 23 May 2016 at 11:10<br>
<span style="font-weight:bold">To: </span>OME User Support List <<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [ome-users] Group mapping (LDAP)<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>
<div>Thanks Ola </div>
<div><br>
</div>
<div><br>
</div>
<div>When I say re-install we had to rebuild due to a hardware issue </div>
<div><br>
</div>
<div>The ldap login works- this is the output form ldap active</div>
<div>Created session 84c4f29e-5070-4ad6-8909-5f5e83100e49 (cczsh@localhost:4064). Idle timeout: 10 min. Current group: system</div>
<div><br>
</div>
<div>It does not appear to put new users in the appropriate group (or create the group) the config detailed previously did that on 5.1 </div>
<div><br>
</div>
<div>Testing wise as well it is difficult as I cannot delete and recreate users _ is there a method for that you could share (I know it is not desirable normally so as not to orphan images) </div>
<div><br>
</div>
<div><br>
</div>
<div>This is 5.2.2</div>
<div><br>
</div>
<div>I have added ldap.sync_on_login true</div>
<div><br>
</div>
<div>I will upload the logs </div>
<div><br>
</div>
<div>Many thanks</div>
<div><br>
</div>
<div>Shaun</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>OMERO Diagnostics 5.2.2-ice35-b17</div>
<div>================================================================================</div>
<div><br>
</div>
<div>Commands: java -version 1.8.0 (/bin/java)</div>
<div>Commands: python -V 2.7.5 (/home/omero/venv/bin/python -- 2 others)</div>
<div>Commands: icegridnode --version 3.5.1 (/bin/icegridnode)</div>
<div>Commands: icegridadmin --version 3.5.1 (/bin/icegridadmin)</div>
<div>Commands: psql --version 9.4.7 (/bin/psql)</div>
<div><br>
</div>
<div>Server: icegridnode running</div>
<div>Server: Blitz-0 active (pid = 39431, enabled)</div>
<div>Server: DropBox active (pid = 39459, enabled)</div>
<div>Server: FileServer active (pid = 39463, enabled)</div>
<div>Server: Indexer-0 active (pid = 39453, enabled)</div>
<div>Server: MonitorServer active (pid = 39443, enabled)</div>
<div>Server: OMERO.Glacier2 active (pid = 39451, enabled)</div>
<div>Server: OMERO.IceStorm active (pid = 39465, enabled)</div>
<div>Server: PixelData-0 active (pid = 39472, enabled)</div>
<div>Server: Processor-0 active (pid = 39479, enabled)</div>
<div>Server: Tables-0 active (pid = 39490, enabled)</div>
<div>Server: TestDropBox inactive (enabled)</div>
<div><br>
</div>
<div>Log dir: /home/omero/OMERO.server/var/log exists</div>
<div>Log files: Blitz-0.log 95.0 MB errors=840 warnings=175</div>
<div>Log files: DropBox.log 55.0 KB errors=2 warnings=19</div>
<div>Log files: FileServer.log 7.0 KB</div>
<div>Log files: Indexer-0.log 731.0 KB errors=2 warnings=22</div>
<div>Log files: MonitorServer.log 29.0 KB</div>
<div>Log files: OMEROweb.lock 0.0 KB</div>
<div>Log files: OMEROweb.log 523.0 KB errors=936 warnings=293</div>
<div>Log files: OMEROweb_brokenrequest.lock 0.0 KB</div>
<div>Log files: OMEROweb_brokenrequest.log 122.0 KB errors=189 warnings=126</div>
<div>Log files: PixelData-0.log 293.0 KB</div>
<div>Log files: Processor-0.log 2.0 MB errors=833 warnings=6</div>
<div>Log files: Tables-0.log 36.0 KB errors=0 warnings=7</div>
<div>Log files: TestDropBox.log n/a</div>
<div>Log files: master.err 93.0 KB errors=0 warnings=63</div>
<div>Log files: master.out 0.0 KB</div>
<div>Log files: Total size 100.26 MB</div>
<div><br>
</div>
<div><br>
</div>
<div>Environment:OMERO_HOME=(unset)</div>
<div>Environment:OMERO_NODE=(unset)</div>
<div>Environment:OMERO_MASTER=(unset)</div>
<div>Environment:OMERO_USERDIR=(unset)</div>
<div>Environment:OMERO_TMPDIR=(unset)</div>
<div>Environment:PATH=/home/omero/venv/bin:/sbin:/bin:/usr/sbin:/usr/bin:/home/omero/OMERO.server/bin</div>
<div>Environment:PYTHONPATH=(unset)</div>
<div>Environment:ICE_HOME=(unset)</div>
<div>Environment:LD_LIBRARY_PATH=(unset)</div>
<div>Environment:DYLD_LIBRARY_PATH=(unset)</div>
<div><br>
</div>
<div>OMERO SSL port:4064</div>
<div>OMERO TCP port:4063</div>
<div>OMERO data dir:'/data_repository_san' Exists? True<span class="Apple-tab-span" style="white-space:pre"></span>Is writable? True</div>
<div>OMERO temp dir:'/home/omero/omero/tmp' Exists? True<span class="Apple-tab-span" style="white-space:pre"></span>Is writable? True (Size: 0)</div>
<div><br>
</div>
<div>JVM settings: Blitz-${index} -Xmx620m -XX:MaxPermSize=512m -XX:+IgnoreUnrecognizedVMOptions</div>
<div>JVM settings: Indexer-${index} -Xmx413m -XX:MaxPermSize=512m -XX:+IgnoreUnrecognizedVMOptions</div>
<div>JVM settings: PixelData-${index} -Xmx620m -XX:MaxPermSize=512m -XX:+IgnoreUnrecognizedVMOptions</div>
<div>JVM settings: Repository-${index} -Xmx413m -XX:MaxPermSize=512m -XX:+IgnoreUnrecognizedVMOptions</div>
<div><br>
</div>
<div>OMERO.web status... [RUNNING] (PID 40047)</div>
<div>Django version: 1.8.12</div>
</div>
<div><br>
</div>
<div>
<div>omero.db.name=omero_db</div>
<div>omero.db.pass=********</div>
<div>omero.db.user=omero</div>
<div>omero.ldap.base=ou=Users,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk</div>
<div>omero.ldap.config=true</div>
<div>omero.ldap.group_filter=(|(cn=LS-Omero-SRM,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk)(cn=LS-Omero-LSM710,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk))</div>
<div>omero.ldap.group_mapping=name=cn</div>
<div>omero.ldap.new_user_group=:query:(member=@{dn})</div>
<div>omero.ldap.password=********</div>
<div>omero.ldap.sync_on_login=true</div>
<div>omero.ldap.urls=ldap://********:389</div>
<div>omero.ldap.user_filter=(|(memberOf=CN=LS-Omero-SRM,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk)(memberOf=CN=LS-Omero-LSM710,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk))</div>
<div>omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail</div>
<div>omero.ldap.username=CN=********,CN=Users,DC=ad,DC=nottingham,DC=ac,DC=uk</div>
<div>omero.web.application_server=wsgi-tcp</div>
<div>omero.web.application_server.port=4080</div>
<div>omero.web.login_logo=<a href="https://www.nottingham.ac.uk/life-sciences/facilities/slim/omero/slim150x76.jpg">https://www.nottingham.ac.uk/life-sciences/facilities/slim/omero/slim150x76.jpg</a></div>
</div>
<div><br>
</div>
<div>
<div id=""></div>
</div>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>ome-users <<a href="mailto:ome-users-bounces@lists.openmicroscopy.org.uk">ome-users-bounces@lists.openmicroscopy.org.uk</a>> on behalf of "Aleksandra Tarkowska (Staff)" <<a href="mailto:A.Tarkowska@dundee.ac.uk">A.Tarkowska@dundee.ac.uk</a>><br>
<span style="font-weight:bold">Reply-To: </span>OME User Support List <<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Date: </span>Monday, 23 May 2016 at 10:46<br>
<span style="font-weight:bold">To: </span>OME User Support List <<a href="mailto:ome-users@lists.openmicroscopy.org.uk">ome-users@lists.openmicroscopy.org.uk</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [ome-users] Group mapping (LDAP)<br>
</div>
<div><br>
</div>
<span style="mso-bookmark:_MailOriginalBody">
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hi Shaun,
<div class=""><br class="">
</div>
<div class="">What exactly you mean by re-install, did you upgrade?</div>
<div class="">
<div class="">Could you detail more what is not working exactly, is there any error in Blitz-1.log file?</div>
</div>
<div class=""><br class="">
</div>
<div class="">Could you give us more details about your previous and recent installations, which version did you use before and now,</div>
<div class="">output of:</div>
<div class=""><code class=""> - bin/omero config get --hide-password<br class="">
- bin/omero admin diagnostics</code></div>
<div class=""><br class="">
</div>
<div class="">Could you send example ldap entry of user and group?</div>
<div class=""><br class="">
</div>
<div class="">Could you try CLI and show the output of:</div>
<div class=""><span style="font-family: monospace;" class=""> - bin/omero ldap active</span><br style="font-family: monospace;" class="">
<span style="font-family: monospace;" class=""> - bin/omero ldap discover</span></div>
<div class="">
<div class=""><code class=""> - bin/omero <span class="posthilit">ldap</span> getdn --user-name USERNAME</code></div>
</div>
<div class=""><span style="font-family: monospace;" class=""> - bin/omero login username@server:4064 #</span>please use ldap user</div>
<div class=""><br class="">
</div>
<div class="">Could you also send all logs stored in /path/to/omero/var/log</div>
<div class=""><br class="">
</div>
<div class="">If you prefer not to share all the above, please use <a href="http://qa.openmicroscopy.org.uk/qa/upload/" class="">http://qa.openmicroscopy.org.uk/qa/upload/</a> </div>
<div class=""> </div>
<div class="">From the other hand, did you try `omero.ldap.sync_on_login true` <a href="https://www.openmicroscopy.org/site/support/omero5.2/sysadmins/server-ldap.html#synchronizing-ldap-on-user-login" class="">https://www.openmicroscopy.org/site/support/omero5.2/sysadmins/server-ldap.html#synchronizing-ldap-on-user-login</a></div>
<div class=""><br class="">
</div>
<div class="">
<div class="">
<div apple-content-edited="true" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<br class="Apple-interchange-newline">
Ola</div>
<div apple-content-edited="true" style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
Software Engineer</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
Open Microscopy Environment</div>
<div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
University of Dundee</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On 20 May 2016, at 18:15, Shaun Hare <<a href="mailto:Shaun.Hare@nottingham.ac.uk" class="">Shaun.Hare@nottingham.ac.uk</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; font-size: 14px; font-family: Calibri, sans-serif;" class="">
<div class=""><br class="">
</div>
<div class="">
<div id="" class="">
<div class="" style="font-family: Helvetica; font-size: 12px; margin: 0cm 0cm 0.0001pt;">
<div class="" style="margin: 0cm 0cm 0.0001pt;">Hi community members </div>
<div class="" style="margin: 0cm 0cm 0.0001pt;"><br class="">
</div>
</div>
We have previously had configuration working for group mapping here at Nottingham University
<div class="" style="font-family: Helvetica; font-size: 12px; orphans: 2; widows: 2; margin: 0cm 0cm 0.0001pt;">
<div class="" style="margin: 0cm 0cm 0.0001pt;"><font color="#665c55" face="Arial,sans-serif" class=""><span class="" style="font-size: 13px;"><b class=""></b></span></font></div>
</div>
</div>
</div>
<div id="" class="">However after a re-install the settings don’t seem to be working – could anyone please advise if there is a issue here </div>
<div id="" class="">What we are trying to achieve is new users go into the group they are a member of (note they will belong to many groups) </div>
<div id="" class="">E.g members of cn=LS-OMERO-SRM go into that group </div>
<div id="" class=""><br class="">
</div>
<div id="" class="">Settings </div>
<div id="" class=""><br class="">
</div>
<div id="" class="">
<div id="" class="">omero.ldap.base=ou=Users,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk</div>
<div id="" class="">omero.ldap.config=true</div>
<div id="" class="">omero.ldap.group_filter=(|(cn=LS-OMERO-SRM)(cn=LS-OMERO-LSM710))</div>
<div id="" class="">omero.ldap.group_mapping=name=cn</div>
<div id="" class="">omero.ldap.new_user_group=:query:(member=@{dn})</div>
<div id="" class="">omero.ldap.password=********</div>
<div id="" class="">omero.ldap.urls=*********</div>
<div id="" class="">omero.ldap.user_filter=(|(memberOf=CN=LS-Omero-SRM,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk)(memberOf=CN=LS-Omero-LSM710,ou=Groups,ou=LS,ou=L,ou=Groups,ou=University,dc=ad,dc=nottingham,dc=ac,dc=uk))</div>
<div id="" class="">omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail</div>
<div id="" class="">omero.ldap.username=CN=*********,CN=Users,DC=ad,DC=nottingham,DC=ac,DC=uk</div>
<div id="" class=""><br class="">
</div>
<div id="" class="">Many thanks in anticipation</div>
<div id="" class=""><br class="">
</div>
<div id="" class="">Shaun</div>
<div id="" class=""><br class="">
</div>
</div>
<pre class="">This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
</pre>
</div>
_______________________________________________<br class="">
ome-users mailing list<br class="">
<a href="mailto:ome-users@lists.openmicroscopy.org.uk" class="">ome-users@lists.openmicroscopy.org.uk</a><br class="">
<a href="http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users">http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
<br>
<span style="font-size:10pt;">The University of Dundee is a registered Scottish Charity, No: SC015096</span></div>
</div>
</span></span>
<pre>
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
</pre>
</div>
</div>
</span></span>
<PRE>
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
</PRE></body>
</html>