[ome-users] difficulty with writing LDAP requests for our environment
Steve Moulton
moultonsa at ornl.gov
Tue Mar 27 18:24:27 BST 2012
Greetings All,
I am relatively new to both OMERO and LDAP but old enough in net years
to figure out I can't bulldoze my way through this one without help.
Desired configuration:
. Authorization handled through OMERO administrative interface - I
don't want users in OMERO unless they are authorized that way. I don't
want OMERO to automatically create users based on their LDAP presense.
. Authentication through a LDAP server that is used to serve lots of
users and functions. Id est, I cannot modify the LDAP directory.
What I am seeing at the LDAP server:
SRCH base="dc=mung1,dc=mung2,dc=mung3" scope=2 deref=3
filter="(&(objectClass=posixAccount)(cn=sam))"
(w/ munged details).
What I have configured for the particular user:
> omero ldap list
(dc=mung1,dc=mung2,dc=mung3,objectClass=posixAccount,cn=Moulton, Steve)
What I really want presented to LDAP
(dc=munge1,dc=munge2,dc=munge3,objectClass=posixAccount,uid=sam)
Regardless of what I set the ldap string for the user to, I always get
(cn=OMERO user name) appended. I really don't want a cn appended - I need
to do lookup by uid.
I have tried to set my user name to "Moulton, Steve" to force cn
lookups, but
the generated string when I try to connect via the web interface is always
downcased, regardless of what I type. In either case, that would involve
an excess of overconfiguration - users here don't use canonical names,
they use their UIDs.
I've tried setting various configuration bits, all of which are either
ineffectual or make things worse.
So, any one know a way to inject uid=(omero user name) rather than
cn=(omero user name)?
-s
--
Steve Moulton UNIX/Linux Systems Engineer
Research and Development Systems Support, ITSD
Oak Ridge National Laboratory
Voice: 865-574-9609 Fax: 865-576-7605 moultonsa at ornl dot gov
More information about the ome-users
mailing list