[ome-users] Weird LDAP issue - subtree/forest can't auth?

Jake Carroll jake.carroll at uq.edu.au
Tue Aug 5 20:42:59 BST 2014 

Hi all.


On 5 Aug 2014, at 11:29 pm, Josh Moore <josh at glencoesoftware.com<mailto:josh at glencoesoftware.com>> wrote:


On Aug 5, 2014, at 3:22 PM, Aleksandra Tarkowska wrote:

Hi Jake

Could you please send an output of:

bin/omero config get

omero.data.dir=/omero.store
omero.db.name=omero_uq_public_db
omero.db.pass=********************
omero.db.poolsize=50
omero.db.user=omero_uq_public_db_user
omero.ldap.base=ou=staff,ou=people,o=the university of queensland,c=au
omero.ldap.config=true
omero.ldap.password=****************
omero.ldap.referral=follow
omero.ldap.urls=ldap://ldap.uq.edu.au:389
omero.ldap.user_filter=(ou=Queensland Brain Institute)
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.ldap.username=uid=qbi_omero,ou=Special,o=The University of Queensland,c=AU
omero.search.batch=200
omero.search.max_file_size=262144000
omero.sessions.timeout=3600000

So, the full DN to where the people container resides, appears like this:


and examples of top level entry that can authenticate and those inside entries you are having problems?

So, a top level entry in the “people” container might be:

ou=People,ou=Queensland Brain Institute,ou=Deputy Vice-Chancellor Research,ou=Vice-Chancellor,o=The University of Queensland,c=AU

The thing is….


And one add on question: is this Active Directory?

Because this *IS* AD based (and we are hooking up to the LDAP semantics of it (because they won’t let us chat native AD to it for security reasons…), we can’t “see” the secondary internal container inside it. All we see is people in the above OU. We don’t “see” that container and (from what I can see) we can’t traverse into it, because all LDAP sees is a flat bind DN like the ou= string I showed you above.

So - the question is, is there any way around it, or do I need some kind of magical binddn that takes into account sub-containers?

Thanks.

-jc

~J


Kind regards
Ola

From: Jake Carroll <jake.carroll at uq.edu.au<mailto:jake.carroll at uq.edu.au><mailto:jake.carroll at uq.edu.au>>
Date: Tue, 5 Aug 2014 11:11:27 +0000
To: "ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk><mailto:ome-users at lists.openmicroscopy.org.uk>" <ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk><mailto:ome-users at lists.openmicroscopy.org.uk>>
Subject: [ome-users] Weird LDAP issue - subtree/forest can't auth?

Hi all.

Just a quick LDAP/auth question.

I've got an LDAP schema and hierarchy that seemed to be working quite well with Omero up until we tried to auth somebody who was a sub OU of my OU.

Anyone in the top-level container of the OU can auth perfectly, but people INSIDE that, inside another OU (within my OU) are having problems. Ostensibly, it should work, as they are part of the one larger container - but they happen to be "enclosed" within another LDAP base (within the primary base).

Any ideas why Omero doesn't like this and what I can do about it in terms of LDAP config within Omero? Does this involve compound filters or is there a way to match multiple bind DN's or some such?

Thanks, all!

-jc

_______________________________________________ ome-users mailing list ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk><mailto:ome-users at lists.openmicroscopy.org.uk> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
The University of Dundee is a registered Scottish Charity, No: SC015096
_______________________________________________
ome-users mailing list
ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk>
http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users


----------
Jake Carroll --- Information Technology Manager
The Queensland Brain Institute, The University of Queensland, Australia
E: jake.carroll at uq.edu.au<mailto:jake.carroll at uq.edu.au>
P:  +61 7 334 66407
M:  0402739157

"We are shaped by our thoughts, we become what we think. When the mind is pure, joy follows like a shadow that never leaves" - Buddha.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20140805/f5795455/attachment.html>

More information about the ome-users mailing list