[ome-devel] LDAP integration

Ilya Goldberg igg at nih.gov
Wed Aug 8 17:56:13 BST 2007

LDAP integration is now in HEAD and OME_2_6_0 branch.
This is largely thanks to Mike McCaughey from Vanderbilt, with some  
massaging from yours truly.

This is an optional setup, so the dependencies won't even be  
installed if you chose not to use LDAP.  The default is not to set it  
up, so an 'sudo perl install.pl -y' will leave your installation as  
is, except add a few methods here and there to get as far as checking  
if ldap is to be used.
There are a bunch of perl dependencies if you chose to set it up (it  
checks for them and installs them for you if you let it).

Once configured and activated, all authentication will first be  
attempted against the specified LDAP server(s), which can and should  
be configured for encrypted communication.  If ldap authentication  
fails, then local authentication will be attempted if the user has a  
password stored in the DB.  Users without DB passwords are ldap-only.

Either way, a local OME Experimenter has to exist in order to login.   
Currently, this LDAP setup does not auto-generate OME Experimenters.

If people with different LDAP setups could give it a try and provide  
some feedback, it would be much appreciated.

If playing with the full-blown OME installer gives you the willies  
(its verbose and forgiving, so its not too scary), there is a small  
scriplet (src/perl2/OME/Tests/LDAPtest.pl) that doesn't use OME, but  
mimics the way OME uses LDAP.  All of the LDAP options are hard- 
coded, so you have to edit the ldap_conf hash at the top of the  
script to change them.  Also, it depends on Net::LDAP (and all of its  
dependencies), though not on OME.

More information about the ome-devel mailing list