[ome-users] LDAP and posix groups
Josh Moore
josh.moore at gmx.de
Mon Jul 26 19:03:59 BST 2010
Hi Futhwo,
Unforunately, you've hit upon a rather interesting bug in 4.2.0.
I've created a ticket to track the issue:
http://trac.openmicroscopy.org.uk/omero/ticket/2613
To workaround the issue you'll need to set an extra property:
./omero config set omero.dollar '$'
And then:
./omero config set omero.ldap.new_user_group ':query:(memberUid=$${omero.dollar}{uid})'
As odd as it may seem, an OMERO dollar should get you what you want. </end-bad-joke>
~Josh.
On Jul 23, 2010, at 4:00 PM, Futhwo wrote:
> Hi
>
> I am trying to set up OMERO to insert new users in the same groups he has on
> the ldap directory (we use RFC 2307 standard).
>
> In this standard group membership is defined by the "memberUid" multi value
> in the group entry, wich value is the uid of the user belonging to the group
> defined in the entry.
>
> So to set up this for omero i used, as pointed in the examples:
>
> ./omero config set omero.ldap.new_user_group ':query:(memberUid=${uid})'
>
> To double-ckeck it:
>
> ./omero config get
> omero.config.updated=4.2.0
> omero.ldap.base=dc=MYDOMAIN,dc=it
> omero.ldap.config=true
> omero.ldap.group_filter=(objectClass=posixGroup)
> omero.ldap.group_mapping=name=cn
> omero.ldap.new_user_group=:query:(memberUid=${uid})
> omero.ldap.password=
> omero.ldap.urls=ldap://MYLDAPSERVER:389
> omero.ldap.user_filter=(objectClass=posixAccount)
> omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
> omero.ldap.username=
>
> (I substituted MYDOMAIN and MYLDAPSERVER of course).
>
> This do not work, group membership still use the previous value for
> omero.ldap_new_user_group, even if "omero config get" reports the new value.
>
> If i restart the server i see in master.err:
>
> 07/23/10 15:46:07.852 icegridnode: warning: failed to deploy application
> `/opt/omero_dist/etc/grid/default.xml':
> IceGrid::DeploymentException: application `OMERO':
> invalid value for attribute `property set `__ACTIVE__' property value':
> invalid variable `:query:(memberUid=${uid})':
> undefined variable `uid'
>
> I tried using ${cn} and ${omeName} with the same result.
>
> If i try something like:
>
> ./omero config set omero.ldap.new_user_group ':query:(memberUid=$uid)'
>
> the server stop complaining at start, but the query issued to ldap will be
> (taken from the openldap server debug):
>
> filter="(&(objectClass=posixGroup)(memberUid=$uid))"
>
> without the substitution of the $uid string with logging user id, so users
> cannot login.
>
> Thanks in advance to anyone who may help
>
> Cheers
> Futhwo
More information about the ome-users
mailing list