[ome-devel] LDAP NoSuchAlgorithmException
Josh Moore
josh at glencoesoftware.com
Thu Apr 7 20:01:00 BST 2011
On Apr 7, 2011, at 8:30 PM, McCaughey, Michael J wrote:
> Never mind, it appears the truststore was corrupt after all.
Whew! I wasn't looking forward to figuring that one out. Thanks for letting us know.
> So, on another topic, if I've already created a user with local logon, and a later add LDAP, how do you force the user to authenticate against LDAP rather than the existing password entry? I assume I have to manually diddle the password table in the omero db, deleting the contents of the hash field in the password table, and adding the proper value to the dn field.
>
> Mike
You need to set the dn to the proper value (as done in the CLI plugin I sent: bin/omero ldap setdn). At that point the LdapPasswordProvider:
http://git.openmicroscopy.org/?p=ome.git;a=blob;f=components/server/src/ome/security/auth/LdapPasswordProvider.java;h=65c11f69e81afdbb5d41d864d1136877f1907ced;hb=HEAD
becomes be the definitive source for the password, so resetting the password _shouldn't_ be necessary. While I was testing your situation, I saw odd behavior (http://trac.openmicroscopy.org.uk/ome/ticket/4830) which I need to re-test on a clean database. If you run into anything similar, please let us know.
Cheers,
~Josh
P.S. LdapPasswordProvider is configured by default as the first of a chain of providers:
http://git.openmicroscopy.org/?p=ome.git;a=blob;f=components/server/src/ome/security/auth/PasswordProviders.java;h=e6920b8d16ee0fcda427edfedae80265644aad52;hb=HEAD
here:
http://git.openmicroscopy.org/?p=ome.git;a=blob;f=components/server/resources/ome/services/service-ome.api.IAdmin.xml;h=5af5a262b6dbaa64d8a9b630358cdc963487e3dd;hb=HEAD#l47
If you would like to inject your own provider, you can do so with:
bin/omero config set omero.security.password_provider yourProvider
Cheers,
~Josh
More information about the ome-devel
mailing list