[ome-users] ome-users Digest, Vol 104, Issue 1
Jake Carroll
jake.carroll at uq.edu.au
Fri Nov 1 16:55:07 GMT 2013
Sure thing.
Using ldapsearch:
linuxadmin at place-omero-prod:~$ ldapsearch -LLL -H ldap://ldap.place.edu.au
-x -D ‘uid=place_nss,ou=special,o=the place of place,c=au' -w ’secret' -b
'ou=Staff,ou=People,o=the place of place,c=au' | grep -i carroll
cn: Associate Professor blah Carroll
mail: blah.carroll at blah.edu.au
So, that’s working perfectly. However, observe:
linuxadmin at place-omero-prod:~$ omero config get
omero.data.dir=/omero.data
omero.db.name=place_omero_database
omero.db.pass=censored
omero.db.user=censored
omero.ldap.base=ou=Staff,ou=People,o=the place of place,c=au
omero.ldap.config=true
omero.ldap.password=censored
omero.ldap.referral=follow
omero.ldap.urls=ldap://ldap.place.edu.au:389
omero.ldap.user_filter=()
omero.ldap.username=cn=place_nss,ou=special,o=the place of place,c=au
omero.security.keyStore=/home/linuxadmin/ssl_stores/.censored
omero.security.keyStorePassword=censored
omero.security.trustStore=/home/linuxadmin/ssl_stores/.censored
omero.security.trustStorePassword=censored
omero.web.application_server=development
omero.web.debug=True
And using this config, it spits:
2013-11-02 02:48:32,942 INFO [ ome.services.util.ServiceHandler]
(.Server-10) Excp: org.springframework.ldap.AuthenticationException:
[LDAP: error code 32 - No Such Object]; nested exception is
javax.naming.AuthenticationException: [LDAP: error code 32 - No Such
Object]
But, that’s not true at all, as even trivial tools such as the Apache
Directory Studio can resolve the exact stuff above I’ve used in the
trivial LDAP search, so I’d suggest maybe the Java plugin that works on
these lookups needs to be fed a different type of syntax that my directory
forest simply doesn’t look like? This isn’t a good situation..
Anyone got any ideas? I’ve read stuff about the baseDN needing to be of an
FQDN form, but when you try to turn it to an FQDN form for these purposes
it does not work, as that’s not the true baseDN name of this particular
part of the forest or resource.
Thanks, all!
-jc
On 1/11/2013 22:10, "Josh Moore" <josh at glencoesoftware.com> wrote:
>
>On Nov 1, 2013, at 1:02 PM, Jake Carroll wrote:
>
>> Made what I think might be further progress?
>>
>> 2013-11-01 21:56:13,117 INFO [ ome.services.util.ServiceHandler]
>> (l.Server-2) Excp: org.springframework.ldap.AuthenticationException:
>> [LDAP: error code 32 - No Such Object]; nested exception is
>> javax.naming.AuthenticationException: [LDAP: error code 32 - No Such
>> Object]
>>
>> Googling around, looks like it¹s related to binddn name or basedn form?
>
>Do you have an example query with ldapsearch (or similar) with the same
>basedn and bindn that you used for OMERO?
>
>~J.
>
>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Fri, 1 Nov 2013 04:37:03 +0000
>>> From: Jake Carroll <jake.carroll at uq.edu.au>
>>> To: "ome-users at lists.openmicroscopy.org.uk"
>>> <ome-users at lists.openmicroscopy.org.uk>
>>> Subject: [ome-users] Omero 5 + LDAP + Ubuntu - more detail
>>> Message-ID: <CE996CC5.2DFDA%jake.carroll at uq.edu.au>
>>> Content-Type: text/plain; charset="Windows-1252"
>>>
>>> All,
>>>
>>> A further bit of data.
>>>
>>> 2013-11-01 07:51:11,801 INFO [
>>>ome.services.util.ServiceHandler]
>>> (l.Server-2)
>>>Excp: org.springframework.ldap.InvalidSearchFilterException:
>>> Missing 'equals'; nested exception is
>>> javax.naming.directory.InvalidSearchFilterException: Missing 'equals';
>>> remaining name ''
>>>
>>>
>>>
>>> Seeing that now. Any ideas?
>>>
>>> ?jc
>>>
>>>
>>>
>>>
>>>> ----------------------------------------------------------------------
>>>>
>>>> Message: 1
>>>> Date: Thu, 31 Oct 2013 20:15:30 +0000
>>>> From: Jake Carroll <jake.carroll at uq.edu.au>
>>>> To: "ome-users at lists.openmicroscopy.org.uk"
>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>> Subject: [ome-users] Omero 5 + LDAP + Ubuntu
>>>> Message-ID: <CE98F778.2DF12%jake.carroll at uq.edu.au>
>>>> Content-Type: text/plain; charset="windows-1252"
>>>>
>>>> Hi all,
>>>>
>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>Omero 5
>>>> host.
>>>>
>>>> The host itself and Omero service came together very nicely and
>>>> everything is working well. Just following this guide:
>>>>
>>>>
>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap
>>>>.h
>>>> t
>>>> ml
>>>>
>>>> And wondering if there are any gotchas or issues associated with LDAP
>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>> involved etc.
>>>>
>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>to,
>>>> to troubleshoot my bind?
>>>>
>>>> Thank you, all!
>>>>
>>>> ?jc
>>>>
>>>>
>>>> -------------- next part --------------
>>>> An HTML attachment was scrubbed...
>>>> URL:
>>>>
>>>><http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/201
>>>>31
>>>> 0
>>>> 31/7f2b85cb/attachment-0001.html>
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 2
>>>> Date: Thu, 31 Oct 2013 21:28:38 +0100
>>>> From: Josh Moore <josh at glencoesoftware.com>
>>>> To: Jake Carroll <jake.carroll at uq.edu.au>
>>>> Cc: "ome-users at lists.openmicroscopy.org.uk"
>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>> Subject: Re: [ome-users] Omero 5 + LDAP + Ubuntu
>>>> Message-ID: <2271AB2B-DC26-4BD1-8AEB-27DE4BC8A230 at glencoesoftware.com>
>>>> Content-Type: text/plain; charset=windows-1252
>>>>
>>>>
>>>> On Oct 31, 2013, at 9:15 PM, Jake Carroll wrote:
>>>>
>>>>> Hi all,
>>>>
>>>> Hi Jake,
>>>>
>>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>>Omero
>>>>> 5 host.
>>>>>
>>>>> The host itself and Omero service came together very nicely and
>>>>> everything is working well. Just following this guide:
>>>>>
>>>>>
>>>>>
>>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-lda
>>>>>p.
>>>>> h
>>>>> tml
>>>>>
>>>>> And wondering if there are any gotchas or issues associated with LDAP
>>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>>> involved etc.
>>>>
>>>> There shouldn't be anything Ubuntu-specific to be aware of since all
>>>>the
>>>> LDAP communication is Java-based and platform independent.
>>>>
>>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>>to,
>>>>> to troubleshoot my bind?
>>>>
>>>> Any messages related to LDAP will be in var/log/Blitz-0.log. If you're
>>>> having any troubles, do send that along.
>>>>
>>>>> Thank you, all!
>>>>> ?jc
>>>>
>>>> Cheers,
>>>> ~Josh
>>>>
>>>> ------------------------------
>>>>
>>>> Message: 3
>>>> Date: Thu, 31 Oct 2013 20:35:14 +0000
>>>> From: Jake Carroll <jake.carroll at uq.edu.au>
>>>> To: Josh Moore <josh at glencoesoftware.com>
>>>> Cc: "ome-users at lists.openmicroscopy.org.uk"
>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>> Subject: Re: [ome-users] Omero 5 + LDAP + Ubuntu
>>>> Message-ID: <CE98FBA4.2DF18%jake.carroll at uq.edu.au>
>>>> Content-Type: text/plain; charset="Windows-1252"
>>>>
>>>> Great!
>>>>
>>>> Thanks Josh. See below.
>>>>
>>>> On 1/11/2013 6:28, "Josh Moore" <josh at glencoesoftware.com> wrote:
>>>>
>>>>>
>>>>> On Oct 31, 2013, at 9:15 PM, Jake Carroll wrote:
>>>>>
>>>>>> Hi all,
>>>>>
>>>>> Hi Jake,
>>>>>
>>>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>>>Omero
>>>>>> 5 host.
>>>>>>
>>>>>> The host itself and Omero service came together very nicely and
>>>>>> everything is working well. Just following this guide:
>>>>>>
>>>>>>
>>>>>>
>>>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ld
>>>>>>ap
>>>>>> .
>>>>>> h
>>>>>> tml
>>>>>>
>>>>>> And wondering if there are any gotchas or issues associated with
>>>>>>LDAP
>>>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>>>> involved etc.
>>>>>
>>>>> There shouldn't be anything Ubuntu-specific to be aware of since all
>>>>>the
>>>>> LDAP communication is Java-based and platform independent.
>>>>
>>>> OK. That?s really nice. All self contained! Cool, and to that end, do
>>>>I
>>>> *need* a secure keystore if I do LDAP-secure (SSL to the ldap server)
>>>> such
>>>> that I?d need to put a keystore somewhere on the host? Any best
>>>>practice
>>>> on where said keystore should be?
>>>>
>>>>>
>>>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>>> to,
>>>>>> to troubleshoot my bind?
>>>>>
>>>>> Any messages related to LDAP will be in var/log/Blitz-0.log. If
>>>>>you're
>>>>> having any troubles, do send that along.
>>>>
>>>> I?ll look around now?
>>>>
>>>>>
>>>>>> Thank you, all!
>>>>>> ?jc
>>>>>
>>>>> Cheers,
>>>>> ~Josh
>>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Fri, 1 Nov 2013 08:11:37 +0100
>>> From: Josh Moore <josh at glencoesoftware.com>
>>> To: Jake Carroll <jake.carroll at uq.edu.au>
>>> Cc: "ome-users at lists.openmicroscopy.org.uk"
>>> <ome-users at lists.openmicroscopy.org.uk>
>>> Subject: Re: [ome-users] Omero 5 + LDAP + Ubuntu - more detail
>>> Message-ID: <02A291A6-B872-47CF-A19D-58092E69D29E at glencoesoftware.com>
>>> Content-Type: text/plain; charset=windows-1252
>>>
>>>
>>> On Nov 1, 2013, at 5:37 AM, Jake Carroll wrote:
>>>
>>>> All,
>>>>
>>>> A further bit of data.
>>>>
>>>> 2013-11-01 07:51:11,801 INFO [
>>>>ome.services.util.ServiceHandler]
>>>> (l.Server-2)
>>>> Excp: org.springframework.ldap.InvalidSearchFilterException:
>>>> Missing 'equals'; nested exception is
>>>> javax.naming.directory.InvalidSearchFilterException: Missing 'equals';
>>>> remaining name ''
>>>>
>>>> Seeing that now. Any ideas?
>>>
>>> Base on the config sent off list, e.g.
>>>
>>> omero.ldap.username='uid=abc,...c=au'
>>>
>>> omit the quotes. The instructions list them for use on the
>>>command-line,
>>> but they aren't part of the actual LDAP strings. What counts is what is
>>> printed by:
>>>
>>> bin/omero config get
>>>
>>> That should _not_ show any quotes for base or username.
>>>
>>> Cheers,
>>> ~Josh.
>>>
>>>
>>>> ?jc
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>----------------------------------------------------------------------
>>>>>
>>>>> Message: 1
>>>>> Date: Thu, 31 Oct 2013 20:15:30 +0000
>>>>> From: Jake Carroll <jake.carroll at uq.edu.au>
>>>>> To: "ome-users at lists.openmicroscopy.org.uk"
>>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>>> Subject: [ome-users] Omero 5 + LDAP + Ubuntu
>>>>> Message-ID: <CE98F778.2DF12%jake.carroll at uq.edu.au>
>>>>> Content-Type: text/plain; charset="windows-1252"
>>>>>
>>>>> Hi all,
>>>>>
>>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>>Omero
>>>>> 5
>>>>> host.
>>>>>
>>>>> The host itself and Omero service came together very nicely and
>>>>> everything is working well. Just following this guide:
>>>>>
>>>>>
>>>>>
>>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-lda
>>>>>p.
>>>>> ht
>>>>> ml
>>>>>
>>>>> And wondering if there are any gotchas or issues associated with LDAP
>>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>>> involved etc.
>>>>>
>>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>>to,
>>>>> to troubleshoot my bind?
>>>>>
>>>>> Thank you, all!
>>>>>
>>>>> ?jc
>>>>>
>>>>>
>>>>> -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL:
>>>>>
>>>>>
>>>>><http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20
>>>>>13
>>>>> 10
>>>>> 31/7f2b85cb/attachment-0001.html>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 2
>>>>> Date: Thu, 31 Oct 2013 21:28:38 +0100
>>>>> From: Josh Moore <josh at glencoesoftware.com>
>>>>> To: Jake Carroll <jake.carroll at uq.edu.au>
>>>>> Cc: "ome-users at lists.openmicroscopy.org.uk"
>>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>>> Subject: Re: [ome-users] Omero 5 + LDAP + Ubuntu
>>>>> Message-ID:
>>>>><2271AB2B-DC26-4BD1-8AEB-27DE4BC8A230 at glencoesoftware.com>
>>>>> Content-Type: text/plain; charset=windows-1252
>>>>>
>>>>>
>>>>> On Oct 31, 2013, at 9:15 PM, Jake Carroll wrote:
>>>>>
>>>>>> Hi all,
>>>>>
>>>>> Hi Jake,
>>>>>
>>>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>>>Omero
>>>>>> 5 host.
>>>>>>
>>>>>> The host itself and Omero service came together very nicely and
>>>>>> everything is working well. Just following this guide:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ld
>>>>>>ap
>>>>>> .h
>>>>>> tml
>>>>>>
>>>>>> And wondering if there are any gotchas or issues associated with
>>>>>>LDAP
>>>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>>>> involved etc.
>>>>>
>>>>> There shouldn't be anything Ubuntu-specific to be aware of since all
>>>>> the
>>>>> LDAP communication is Java-based and platform independent.
>>>>>
>>>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>>> to,
>>>>>> to troubleshoot my bind?
>>>>>
>>>>> Any messages related to LDAP will be in var/log/Blitz-0.log. If
>>>>>you're
>>>>> having any troubles, do send that along.
>>>>>
>>>>>> Thank you, all!
>>>>>> ?jc
>>>>>
>>>>> Cheers,
>>>>> ~Josh
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 3
>>>>> Date: Thu, 31 Oct 2013 20:35:14 +0000
>>>>> From: Jake Carroll <jake.carroll at uq.edu.au>
>>>>> To: Josh Moore <josh at glencoesoftware.com>
>>>>> Cc: "ome-users at lists.openmicroscopy.org.uk"
>>>>> <ome-users at lists.openmicroscopy.org.uk>
>>>>> Subject: Re: [ome-users] Omero 5 + LDAP + Ubuntu
>>>>> Message-ID: <CE98FBA4.2DF18%jake.carroll at uq.edu.au>
>>>>> Content-Type: text/plain; charset="Windows-1252"
>>>>>
>>>>> Great!
>>>>>
>>>>> Thanks Josh. See below.
>>>>>
>>>>> On 1/11/2013 6:28, "Josh Moore" <josh at glencoesoftware.com> wrote:
>>>>>
>>>>>>
>>>>>> On Oct 31, 2013, at 9:15 PM, Jake Carroll wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>
>>>>>> Hi Jake,
>>>>>>
>>>>>>> In the throws of making some LDAP auth work with my 13.10 Ubuntu
>>>>>>> Omero
>>>>>>> 5 host.
>>>>>>>
>>>>>>> The host itself and Omero service came together very nicely and
>>>>>>> everything is working well. Just following this guide:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-l
>>>>>>>da
>>>>>>> p.
>>>>>>> h
>>>>>>> tml
>>>>>>>
>>>>>>> And wondering if there are any gotchas or issues associated with
>>>>>>>LDAP
>>>>>>> binding using Ubuntu 13.10/any dependencies you?d expect need to be
>>>>>>> involved etc.
>>>>>>
>>>>>> There shouldn't be anything Ubuntu-specific to be aware of since all
>>>>>> the
>>>>>> LDAP communication is Java-based and platform independent.
>>>>>
>>>>> OK. That?s really nice. All self contained! Cool, and to that end,
>>>>>do I
>>>>> *need* a secure keystore if I do LDAP-secure (SSL to the ldap server)
>>>>> such
>>>>> that I?d need to put a keystore somewhere on the host? Any best
>>>>> practice
>>>>> on where said keystore should be?
>>>>>
>>>>>>
>>>>>>> Also, are there any logs/auth-logs or otherwise which I should look
>>>>>>> to,
>>>>>>> to troubleshoot my bind?
>>>>>>
>>>>>> Any messages related to LDAP will be in var/log/Blitz-0.log. If
>>>>>>you're
>>>>>> having any troubles, do send that along.
>>>>>
>>>>> I?ll look around now?
>>>>>
>>>>>>
>>>>>>> Thank you, all!
>>>>>>> ?jc
>>>>>>
>>>>>> Cheers,
>>>>>> ~Josh
>>>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Fri, 1 Nov 2013 11:48:41 +0100
>>> From: Josh Moore <josh at glencoesoftware.com>
>>> To: Douglas Russell <douglas.russell at bioch.ox.ac.uk>
>>> Cc: ome-users at lists.openmicroscopy.org.uk
>>> Subject: Re: [ome-users] Frequent Omero Server OOM
>>> Message-ID: <6E4A6E69-25F1-457E-BD70-B13319A594EB at glencoesoftware.com>
>>> Content-Type: text/plain; charset=us-ascii
>>>
>>>
>>> On Oct 31, 2013, at 7:15 PM, Douglas Russell wrote:
>>>> I'm currently having to restart OMERO every few days at minimum (I
>>>> assume
>>>> depending on usage) because of these errors. Normally there is nothing
>>>> which looks relevant in the Blitz log. The master.err contains
>>>>messages
>>>> like the attached file.
>>>>
>>>> Some relevant settings:
>>>> <property name="Ice.MessageSizeMax" value="131072"/>
>>>> <option>-Xmx2048M</option>
>>>> <option>-XX:MaxPermSize=1024M</option>
>>>
>>> Other than simply needing more memory than 2GB, the only possible cause
>>> of the exceptions I can think of is a mismatch in your slice
>>>definitions.
>>> See:
>>>
>>>
>>>http://www.zeroc.com/forums/bug-reports/4782-3-3-1-outofmemory-client-wh
>>>en
>>> -slice-definition-modified.html
>>>
>>> But if you are using a release version (e.g 4.4.9), then we can
>>>eliminate
>>> that as a cause.
>>>
>>> If it's happening periodically, it would be good to know if it's always
>>> happening after a particular method call, or after use particular user
>>> action.
>>>
>>> Finally, a heap dump (or several on different occasions) might also
>>>point
>>> to the problem.
>>>
>>> Cheers,
>>> ~Josh
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> ome-users mailing list
>>> ome-users at lists.openmicroscopy.org.uk
>>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>>>
>>>
>>> End of ome-users Digest, Vol 104, Issue 1
>>> *****************************************
>>
>> _______________________________________________
>> ome-users mailing list
>> ome-users at lists.openmicroscopy.org.uk
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>
More information about the ome-users
mailing list