[ome-users] LDAP and posix groups

Futhwo futhwo at gmail.com
Fri Jul 23 15:00:01 BST 2010 

Hi

I am trying to set up OMERO to insert new users in the same groups he has on
the ldap directory (we use RFC 2307 standard).

In this standard group membership is defined by the "memberUid" multi value
in the group entry, wich value is the uid of the user belonging to the group
defined in the entry.

So to set up this for omero i used, as pointed in the examples:

./omero config set omero.ldap.new_user_group ':query:(memberUid=${uid})'

To double-ckeck it:

./omero config get
omero.config.updated=4.2.0
omero.ldap.base=dc=MYDOMAIN,dc=it
omero.ldap.config=true
omero.ldap.group_filter=(objectClass=posixGroup)
omero.ldap.group_mapping=name=cn
omero.ldap.new_user_group=:query:(memberUid=${uid})
omero.ldap.password=
omero.ldap.urls=ldap://MYLDAPSERVER:389
omero.ldap.user_filter=(objectClass=posixAccount)
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.ldap.username=

(I substituted MYDOMAIN and MYLDAPSERVER of course).

This do not work, group membership still use the previous value for
omero.ldap_new_user_group, even if "omero config get" reports the new value.

If i restart the server i see in master.err:

07/23/10 15:46:07.852 icegridnode: warning: failed to deploy application
`/opt/omero_dist/etc/grid/default.xml':
IceGrid::DeploymentException: application `OMERO':
invalid value for attribute `property set `__ACTIVE__' property value':
invalid variable `:query:(memberUid=${uid})':
 undefined variable `uid'

I tried using ${cn} and ${omeName} with the same result.

If i try something like:

./omero config set omero.ldap.new_user_group ':query:(memberUid=$uid)'

the server stop complaining at start, but the query issued to ldap will be
(taken from the openldap server debug):

filter="(&(objectClass=posixGroup)(memberUid=$uid))"

without the substitution of the $uid string with logging user id, so users
cannot login.

Thanks in advance to anyone who may help

Cheers
Futhwo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20100723/022d41ca/attachment.html>

More information about the ome-users mailing list