[ome-users] Fwd: LDAP and posix groups
Josh Moore
josh.moore at gmx.de
Tue Jul 27 15:27:42 BST 2010
Thanks for letting us know, Futhwo! Glad to help.
~J.
Begin forwarded message:
> From: Futhwo <futhwo at gmail.com>
> Date: July 27, 2010 2:43:41 PM GMT+02:00
> To: Josh Moore <josh.moore at gmx.de>
> Subject: Re: [ome-users] LDAP and posix groups
>
> Thanks Josh, it works like a charm :)
>
> Cheers
> Futhwo
>
> On Mon, Jul 26, 2010 at 8:03 PM, Josh Moore <josh.moore at gmx.de> wrote:
>
>> Hi Futhwo,
>>
>> Unforunately, you've hit upon a rather interesting bug in 4.2.0.
>>
>> I've created a ticket to track the issue:
>>
>> http://trac.openmicroscopy.org.uk/omero/ticket/2613
>>
>> To workaround the issue you'll need to set an extra property:
>>
>> ./omero config set omero.dollar '$'
>>
>> And then:
>>
>> ./omero config set omero.ldap.new_user_group
>> ':query:(memberUid=$${omero.dollar}{uid})'
>>
>> As odd as it may seem, an OMERO dollar should get you what you want.
>> </end-bad-joke>
>> ~Josh.
>>
>>
>> On Jul 23, 2010, at 4:00 PM, Futhwo wrote:
>>
>>> Hi
>>>
>>> I am trying to set up OMERO to insert new users in the same groups he has
>> on
>>> the ldap directory (we use RFC 2307 standard).
>>>
>>> In this standard group membership is defined by the "memberUid" multi
>> value
>>> in the group entry, wich value is the uid of the user belonging to the
>> group
>>> defined in the entry.
>>>
>>> So to set up this for omero i used, as pointed in the examples:
>>>
>>> ./omero config set omero.ldap.new_user_group ':query:(memberUid=${uid})'
>>>
>>> To double-ckeck it:
>>>
>>> ./omero config get
>>> omero.config.updated=4.2.0
>>> omero.ldap.base=dc=MYDOMAIN,dc=it
>>> omero.ldap.config=true
>>> omero.ldap.group_filter=(objectClass=posixGroup)
>>> omero.ldap.group_mapping=name=cn
>>> omero.ldap.new_user_group=:query:(memberUid=${uid})
>>> omero.ldap.password=
>>> omero.ldap.urls=ldap://MYLDAPSERVER:389
>>> omero.ldap.user_filter=(objectClass=posixAccount)
>>>
>> omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
>>> omero.ldap.username=
>>>
>>> (I substituted MYDOMAIN and MYLDAPSERVER of course).
>>>
>>> This do not work, group membership still use the previous value for
>>> omero.ldap_new_user_group, even if "omero config get" reports the new
>> value.
>>>
>>> If i restart the server i see in master.err:
>>>
>>> 07/23/10 15:46:07.852 icegridnode: warning: failed to deploy application
>>> `/opt/omero_dist/etc/grid/default.xml':
>>> IceGrid::DeploymentException: application `OMERO':
>>> invalid value for attribute `property set `__ACTIVE__' property value':
>>> invalid variable `:query:(memberUid=${uid})':
>>> undefined variable `uid'
>>>
>>> I tried using ${cn} and ${omeName} with the same result.
>>>
>>> If i try something like:
>>>
>>> ./omero config set omero.ldap.new_user_group ':query:(memberUid=$uid)'
>>>
>>> the server stop complaining at start, but the query issued to ldap will
>> be
>>> (taken from the openldap server debug):
>>>
>>> filter="(&(objectClass=posixGroup)(memberUid=$uid))"
>>>
>>> without the substitution of the $uid string with logging user id, so
>> users
>>> cannot login.
>>>
>>> Thanks in advance to anyone who may help
>>>
>>> Cheers
>>> Futhwo
>>
>>
More information about the ome-users
mailing list