[ome-devel] LDAP integration
Ilya Goldberg
igg at nih.gov
Wed Aug 8 17:56:13 BST 2007
LDAP integration is now in HEAD and OME_2_6_0 branch.
This is largely thanks to Mike McCaughey from Vanderbilt, with some
massaging from yours truly.
This is an optional setup, so the dependencies won't even be
installed if you chose not to use LDAP. The default is not to set it
up, so an 'sudo perl install.pl -y' will leave your installation as
is, except add a few methods here and there to get as far as checking
if ldap is to be used.
There are a bunch of perl dependencies if you chose to set it up (it
checks for them and installs them for you if you let it).
Once configured and activated, all authentication will first be
attempted against the specified LDAP server(s), which can and should
be configured for encrypted communication. If ldap authentication
fails, then local authentication will be attempted if the user has a
password stored in the DB. Users without DB passwords are ldap-only.
Either way, a local OME Experimenter has to exist in order to login.
Currently, this LDAP setup does not auto-generate OME Experimenters.
If people with different LDAP setups could give it a try and provide
some feedback, it would be much appreciated.
If playing with the full-blown OME installer gives you the willies
(its verbose and forgiving, so its not too scary), there is a small
scriplet (src/perl2/OME/Tests/LDAPtest.pl) that doesn't use OME, but
mimics the way OME uses LDAP. All of the LDAP options are hard-
coded, so you have to edit the ldap_conf hash at the top of the
script to change them. Also, it depends on Net::LDAP (and all of its
dependencies), though not on OME.
-Ilya
More information about the ome-devel
mailing list