[ome-devel] LDAP question

Yanling Liu vrnova at gmail.com
Thu Sep 11 14:34:35 BST 2014 

Thank you Ola,

This actually raise up the urgency for having a separate user role level to
import images for other users. As you may probably know from my previous
messages, we have imaging facilities to produce images for end users. To
allow imaging facilities to upload images to their customers, right now I
have following two methods:

1. create an admin "importer" user and share this account across imaging
facilities, or
2. grant admin rights to all imaging facilities user accounts.

Either way there's potential security hazard for destroying the system with
admin rights. If there's a "importer" user privilege level, I can simply
grant this privilege to imaging facilities user accounts so that they can
upload images for end users without having to give them admin rights.

I know your team is busying on many development works but this importer
privilege level is critical to properly run OME in our environment. I would
appreciate a lot if you can take this into your consideration.

Thanks,
Yanling

On Thu, Sep 11, 2014 at 9:12 AM, Aleksandra Tarkowska <
A.Tarkowska at dundee.ac.uk> wrote:

> Sorry forgot to add one thing here.
> You need to remember that user "importer" will have to be a system user
> (admin like root) and import data as another user. Otherwise you will end
> up with ownership mismatch.
>
>
> Kind regards
> Ola
>
>
>
> On 11/09/2014 14:00, "Josh Moore" <josh at glencoesoftware.com> wrote:
>
> >>If LDAP is enabled, would it be possible to login using local root user?
> >
> >Yes. The OMERO root is always non-LDAP.
> >
> >> Would it be possible to create more local users such as a dedicated
> >>local "importer" account, while other users still use LDAP passwords to
> >>login?
> >
> >Yes. Only those users who have a DN set in the "password" table will be
> >authorized against LDAP.
>
>
>
> The University of Dundee is a registered Scottish Charity, No: SC015096
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20140911/422a25e5/attachment-0001.html>

More information about the ome-devel mailing list