[ome-devel] LDAP question
Blazej Pindelski
bpindelski at dundee.ac.uk
Tue Sep 23 09:07:35 BST 2014
On 22/09/14 20:00, Yanling Liu wrote:
> Hi,
>
Hi Yanling,
> One more question about OMERO ldap configuration:
>
> omero.ldap.username and omero.ldap.password, could it be possible to let
> OMERO to use user credential to query LDAP server?
>
> For example, if user aaa with password bbb login, could OMERO format
> LDAP query string to use aaa and bbb as username and password respectively?
>
If I understand correctly, you'd like to have the user credentials of
the user currently logging in to OMERO used in the "simple" bind
scenario (as described in
http://www.tldp.org/HOWTO/LDAP-HOWTO/authentication.html)?
That's definitely a use case we haven't considered. In most deployments,
there is a single user authorised to query the LDAP server and that
user's login and password end up in omero.ldap.password and
omero.ldap.username. To be precise, those values are passed directly
to the Spring framework component that handles LDAP context management
(https://github.com/openmicroscopy/openmicroscopy/blob/develop/components/server/resources/ome/services/service-ome.api.ILdap.xml#L76).
> In other words, the LDAP query string will change as different user
> trying to login to OMERO. This is because in our environment the LDAP
> service account password changes periodically, then we would have to
> update OMERO ldap configuration periodically.
>
Again - the simple answer is that OMERO doesn't do it "out of the box",
but it's certainly possible to modify the source code and inject
omero.ldap.username and omero.ldap.password dynamically and not on
OMERO startup.
> Thanks,
> Yanling
>
Best regards,
Blazej Pindelski
> On Fri, Sep 5, 2014 at 11:28 AM, Blazej Pindelski
> <b.pindelski at dundee.ac.uk <mailto:b.pindelski at dundee.ac.uk>> wrote:
>
> On 5 Sep 2014, at 15:56, Yanling Liu <vrnova at gmail.com
> <mailto:vrnova at gmail.com>> wrote:
> > Hello,
>
> Hi Yanling
>
> > Could I have some help in configuring OME to use LDAP?
> >
> > Right now I have following information available:
> >
> > domain name
> > domain controller
> > site/urls
> > base
> > bind password
> >
> > but how do I put these information into OME? I have checked OME
> LDAP documentation page but it didn't mention domain name, domain
> controller, and bind password, when do I need to use them?
> >
> > Any help?
>
> The best starting place would be
> http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap.html#minimum-configuration.
> The settings have to be understood as follows:
> - omero.ldap.config=true - switches on the LDAP subsystem in OMERO,
> - omero.ldap.urls=ldap://localhost:389 - that is the URL of the
> LDAP/AD server (site/urls in your case?),
> - omero.ldap.username and omero.ldap.password - those are the
> credentials (I'd imagine "bind password, in your case) used for
> connecting to the LDAP/AD server,
> - omero.ldap.base=ou=example,o=com - this is the base from which
> OMERO will start to look for users ("base" in your case).
>
> I hope that helps. If the documentation can be improved, please let
> us know.
>
> Regards,
> Blazej
>
> > Thanks,
> > Yanling
> > _______________________________________________
> > ome-devel mailing list
> > ome-devel at lists.openmicroscopy.org.uk
> <mailto:ome-devel at lists.openmicroscopy.org.uk>
> > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-devel
>
>
> The University of Dundee is a registered Scottish Charity, No: SC015096
>
>
The University of Dundee is a registered Scottish Charity, No: SC015096
More information about the ome-devel
mailing list