[ome-users] LDAP questions

Harri Jäälinoja harri.jaalinoja at helsinki.fi
Fri Mar 16 11:44:41 GMT 2012 

Hi All,

I would like to ask your advice for our particular LDAP environment. We 
don't have hear the attribute structure described in the OMERO 
documentation, "cn=frank,ou=TheLab,ou=LifeSciences,o=TheCollege". 
Instead, the attributes we can use are these (ldapsearch -A):
# hajaalin, helsinki.fi
dn: uid=hajaalin,dc=helsinki,dc=fi
displayName:
objectClass:
uid:
hyPersonUnixUidNumber:
givenName:
mailFile:
gecos:
homeDirectory:
uidNumber:
gidNumber:
cn:
sn:
loginShell:
hyFullDisplayName:
hyGroupMemberships:
hyPersonNodes:
hyGroupOwnerships:

You can see the schema at http://www.helsinki.fi/atk/luvat/ldap/ 
(description in Finnish).

Attribute hyGroupMemberships is multivalued, some of the values describe 
research groups who should be allowed access to OMERO, for example:
hyGroupMemberships: uid=grp-A91900-bi-vart,ou=alma_workgroups,ou=groups,o=hy

So for example to allow access to two groups, we set the user filter 
like this:
omero config set omero.ldap.user_filter 
'(&(objectClass=person)(|(hyGroupMemberships=uid=grp-A91900-bi-vart,ou=alma_workgroups,ou=groups,o=hy)(hyGroupMemberships=uid=grp-A34520-biu,ou=alma_workgroups,ou=groups,o=hy)))'

My questions are:

1. Is there a max length for the OMERO config variable values? If yes, 
how many groups could we add like this before hitting the limit?

2. Now changes in LDAP configuration require OMERO restart to take 
effect. Will this maybe change in the future? A restart might be 
inconvenient especially in case we manage to implement image analysis on 
OMERO. Well, this is not a major issue, there are not new groups joining 
every day, but anyway :)

3. Am I correct in assuming that it is not possible to extract the 
research group info (e.g. bi-vart) from our LDAP schema with the OMERO 
LDAP config prefixes? Except for the ":bean:" prefix?

4. If I manage to write HY_NewUserGroupBean.java to implement the 
NewUserGroupBean interface, how do I install it? Where to I put the
class file?


Best regards,
Harri

-- 
__________________________________________________
Harri Jäälinoja
Light Microscopy Unit
Institute of Biotechnology, University of Helsinki
http://www.biocenter.helsinki.fi/bi/lmu/
+358 9 191 59370 fax +358 9 191 59366

More information about the ome-users mailing list