[ome-devel] LDAP error logging

Josh Moore josh at glencoesoftware.com
Mon Jan 17 19:30:36 GMT 2011


On Jan 17, 2011, at 7:44 PM, McCaughey, Michael J wrote:

> Hello-

Hi Mike,

> I'm trying to configure ldap support on 4.2.2 (platform is fedora 12).  Our local ldap service is functional, and my test server can at least ping it.  I can execute ldapsearch from a command line using the same credentials I provide in omero.properties, so I think that's correct. Using ldapsearch with known good username and the exisitng filter as specified in omero.properties  (i.e. (&(objectClass=person)(uid=cisr1))) returns a single result.
> Java truststore has the CA of the provider (all that is required to reach our ldap box) plus local; keystore is set up as well.
> 
> When I try to logon with users known to ldap from the insight client, I either get an logon failure or the client hangs forever.  I the case of the logon error, I can see from the log file that it's trying to vet the password:
> 
> 2011-01-14 11:57:40,917 INFO  [        ome.services.util.ServiceHandler] (l.Server-8)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(cisr1)
> 2011-01-14 11:57:40,917 INFO  [        ome.services.util.ServiceHandler] (l.Server-8)  Args:    [null, ome.tools.spring.InternalServiceFactory at 3486a602]
> 2011-01-14 11:57:40,924 INFO  [         ome.security.basic.EventHandler] (l.Server-8)  Auth:    user=0,group=0,event=null(Sessions),sess=32696c27-5b72-4a39-b86c-8b6fcb71440d
> 2011-01-14 11:57:40,928 INFO  [                 org.perf4j.TimingLogger] (l.Server-8) start[1295027860917] time[11] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$7.doWork]
> 2011-01-14 11:57:40,928 INFO  [        ome.services.util.ServiceHandler] (l.Server-8)  Rslt:    false
> 
> However, this doesn't really tell me *where* it's trying to check the credentials.  The hung login logs nothing at all.
> Pre-creating the experimenter account does not help.
> 
> Is there a way to turn on more extensive logging so I can determine what's gone off in the process?

There is some minimal logging that will be added by modifying the line:

<category name="org.springframework"> <priority value="WARN"/> </category>

in etc/log4j.xml to say "DEBUG" rather than "WARN". (This doesn't require a restart).

You can then grep your logs for "ldap". This will only make sure that you are using the right URL and similar, though I expected there to be much more logging from the Spring libraries. I'll keep looking for a better method. At the same time, could you possibly show us your configuration, i.e. the output of bin/omero config get? E.g.

~/code/git/dist $ bin/omero config get | grep ldap | grep -v pass
omero.ldap.base=ou=lifesci,o=dundee
omero.ldap.config=true
omero.ldap.urls=ldap://localhost:1389

Be sure, of course, to change any sensitive information.

Cheers,
~Josh

> Thanks,
> Mike



More information about the ome-devel mailing list