[ome-devel] LDAP question

Yanling Liu vrnova at gmail.com
Fri Sep 12 16:10:03 BST 2014


Hello Ian,

Thanks for bring up the solution. However, I have some questions related to
the solution:

1. Does it means we would have to create user folders manually on the
partition? Will OME take control of the partition and automatically
populate user folders from database?

2. What is the relationship between folder and files on the partition to
projects and datasets in OME? What I mean is that if scopes save data in
folders and sub-folders on the partition, how to map this folder structure
to projects and datasets in OME? This is the most confusing part to me as
there are two incompatible data organization methods: projects/datasets vs.
folders and subfolders.

3. how is the partition being exposed to scopes? On a Linux machine, do I
setup samba to expose the partition? Or if OME can provide access for
scopes to the partition?

4. Does the partition have to be a local partition instead of NFS mounts?

Sounds to me the "importer" user level is a much easier solution as the
importer client application forces user to create projects and datasets so
there's no concept of folders (I like projects/datasets instead of folders)

Looking forward to hear back from you.

Thanks,
Yanling




On Thu, Sep 11, 2014 at 9:49 AM, Munro, Ian <i.munro at imperial.ac.uk> wrote:

>  Dear Yanling
>
>  FWIW our solution to this problem was for the acquisition machines
> (microscope)  to save the data to a partition on the same machine as the
> OMERO server in a directory with the name of the user.
>
>  A script then looks at that partition & , on finding a new file, does
> the import under the  appropriate user name.
>
>  The root password is only required by the script.
>
>  Best
>
>  Ian
>
>
>  On 11 Sep 2014, at 14:34, Yanling Liu <vrnova at gmail.com> wrote:
>
>    Thank you Ola,
>
> This actually raise up the urgency for having a separate user role level
> to import images for other users. As you may probably know from my previous
> messages, we have imaging facilities to produce images for end users. To
> allow imaging facilities to upload images to their customers, right now I
> have following two methods:
>
>  1. create an admin "importer" user and share this account across imaging
> facilities, or
>  2. grant admin rights to all imaging facilities user accounts.
>
>  Either way there's potential security hazard for destroying the system
> with admin rights. If there's a "importer" user privilege level, I can
> simply grant this privilege to imaging facilities user accounts so that
> they can upload images for end users without having to give them admin
> rights.
>
>  I know your team is busying on many development works but this importer
> privilege level is critical to properly run OME in our environment. I would
> appreciate a lot if you can take this into your consideration.
>
> Thanks,
> Yanling
>
> On Thu, Sep 11, 2014 at 9:12 AM, Aleksandra Tarkowska <
> A.Tarkowska at dundee.ac.uk> wrote:
>
>> Sorry forgot to add one thing here.
>> You need to remember that user "importer" will have to be a system user
>> (admin like root) and import data as another user. Otherwise you will end
>> up with ownership mismatch.
>>
>>
>> Kind regards
>> Ola
>>
>>
>>
>> On 11/09/2014 14:00, "Josh Moore" <josh at glencoesoftware.com> wrote:
>>
>> >>If LDAP is enabled, would it be possible to login using local root user?
>> >
>> >Yes. The OMERO root is always non-LDAP.
>> >
>> >> Would it be possible to create more local users such as a dedicated
>> >>local "importer" account, while other users still use LDAP passwords to
>> >>login?
>> >
>> >Yes. Only those users who have a DN set in the "password" table will be
>> >authorized against LDAP.
>>
>>
>>
>>  The University of Dundee is a registered Scottish Charity, No: SC015096
>>
>
>  _______________________________________________
> ome-devel mailing list
> ome-devel at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-devel/attachments/20140912/b9ad5ae8/attachment.html>


More information about the ome-devel mailing list