[From nobody Thu Jan 31 09:51:03 2019 Date: Wed, 30 Jan 2019 18:08:38 +0100 From: Andreas Mueller <Andreas.Mueller@Biologie.Uni-Osnabrueck.DE> To: OME User Support List <ome-users@lists.openmicroscopy.org.uk> Subject: Re: [ome-users] LDAP Config for PosixGroups Message-ID: <20190130170836.GP84602@biologie.uni-osnabrueck.de> Mail-Followup-To: OME User Support List <ome-users@lists.openmicroscopy.org.uk> References: <85246_1548690516_x0SFma8h020014_25748_1548690516_x0SFmZI4016662_85250_1548690515_x0SFmYSB020003_20190128154823.GW84602@biologie.uni-osnabrueck.de> <85246_1548690882_x0SFsgnF021630_19886_1548690881_x0SFsfV4000303_CAD3Ea=UtcdxRMs9r8UP_+T4345+n9+UefFDAoDG8VfrM1w-ZvA@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Content-Disposition: inline In-Reply-To: <85246_1548690882_x0SFsgnF021630_19886_1548690881_x0SFsfV4000303_CAD3Ea=UtcdxRMs9r8UP_+T4345+n9+UefFDAoDG8VfrM1w-ZvA@mail.gmail.com> MIME-Version: 1.0 Hi Josh, yes .. I tried a lot _______ # that's me: [root@omero3 ~]# ldapsearch -x uid=andrmuel -LLL dn: uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de objectClass: top objectClass: uniosAccount gidNumber: 301 uid: andrmuel : # this group controls the access to our omero: [omero@omero3 OMERO.server]$ ldapsearch -x -LLL -D "uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de" -w ******** cn=cellnanosomero dn: cn=cellnanosomero,ou=groups,dc=uni-osnabrueck,dc=de objectClass: posixGroup cn: cellnanosomero gidNumber: 688 memberUid: sukunis # example person .. memberUid: kbernhar # example person .. memberUid: andrmuel # example person .. : : # Every person has the same structure: uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de uid=kbernhar,ou=people,dc=uni-osnabrueck,dc=de uid=sukunis,ou=people,dc=uni-osnabrueck,dc=de : : # My config: omero.ldap.base=dc=uni-osnabrueck,dc=de omero.ldap.config=true omero.ldap.group_filter=(gidNumber=688) omero.ldap.group_mapping=name=cn omero.ldap.new_user_group_owner= omero.ldap.new_user_group=:query:(memberUid=@{uid}) omero.ldap.password= omero.ldap.referral=ignore omero.ldap.sync_on_login=false omero.ldap.urls=ldaps://ldap.uni-osnabrueck.de omero.ldap.user_filter=(objectClass=uniosAccount) omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail omero.ldap.username= a) I don't understand how omero creates binddn for the password query against the ldap-server (how can I check that?) b) The attributes: givenName, sn, mail .. can only be read after a successful authentication of the respective user against the ldap. If I do a: [omero@omero3 OMERO.server]$ bin/omero ldap active Yes [omero@omero3 OMERO.server]$ bin/omero ldap create andrmuel I get a: not-null property references a null or transient value: ome.model.meta.Experimenter.firstName; nested exception is org.hibernate.PropertyValueException: not-null property references a null or transient value: ome.model.meta.Experimenter.firstName I find the same error in the logs if I try to logon over web. I hope someone can help me! - thanks in advance - Andreas On 28.01.19 16:54, Josh Moore wrote: > On Mon, Jan 28, 2019 at 4:48 PM Andreas Mueller > <Andreas.Mueller@biologie.uni-osnabrueck.de> wrote: > > > > Hi, > > Hi Andreas, > > > > are there some hints to configure omero ldap with posixgroups ? > > Have you tried anything so far? I'd think this should "just work" > > omero.ldap.group_filter=(objectClass=posixGroup) > omero.ldap.group_mapping=name=cn > omero.ldap.new_user_group=:query:(memberUid=@{uid}) > > e.g. https://www.openmicroscopy.org/community/viewtopic.php?f=5&t=2908#p7152 > > (As always, remember to test LDAP configurations on a test database > since the unintentional creation of large numbers users and groups is > possible with many LDAP setups) > > ~Josh > > > > - thanks in advance - > > Andreas > _______________________________________________ > ome-users mailing list > ome-users@lists.openmicroscopy.org.uk > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users ]