[ome-users] Change of Active Directory domain problem

Josh Moore josh at glencoesoftware.com
Sat Jun 16 13:40:34 BST 2012


Hi Mark,

On Jun 16, 2012, at 1:49 PM, Mark Henshall wrote:

> We've changed our Active Directory domain - I've set up the ldap properties and the truststore, but I'm left with this problem (from Blitz-0.log):
> 
> ome.conditions.ValidationException: DNs don't match: 'cn=Mark Henshall,ou=LRI,ou=CRUK Staff,dc=crwin,dc=crnet,dc=org' and 'cn=Mark Henshall,ou=IT,ou=OperationalServices,ou=Staff,ou=Accounts,dc=LONRES,dc=ORG'
> 
> Is there a way to change the dn in the omero database, or to tell ormero to ignore the mismatch (ie - just go with the username/password and forget about the dn)?

If you truly want to just disable the LDAP-ness for a user, you can set the "dn" to null. Otherwise, you can reset the "dn" manually. Either can be done via the "dn" column of the "password" table or the "bin/omero ldap setdn" command. Add "-h" to the command for help. 

$ /omero ldap setdn -h
usage: omero ldap setdn [-h] username dn

Set DN for user (admins only)

Once the DN is set for a user, the password set via OMERO is
ignored, and any attempt to change it will result in an error. When
you remove the DN, the previous password will be in effect, but if the
user never had a password, one will need to be set!

Positional Arguments:
  username            User's OMERO login name
  dn                  User's LDAP distinguished name. If empty, LDAP will be disabled for the user

Optional Arguments:
  In addition to any higher level options

  -h, --help          show this help message and exit

> Thanks in advance.

Hope that helps.
~Josh.




More information about the ome-users mailing list