[ome-users] Ldap and Scripts

Thu Nov 27 10:55:14 GMT 2014

From: Josh Moore [mailto:josh at glencoesoftware.com]
Sent: Donnerstag, 27. November 2014 08:59
To: Haehnel, Dirk
Cc: OME Users
Subject: Re: [ome-users] Ldap and Scripts

Hi Josh,

On Wed, Nov 26, 2014 at 7:14 AM, Haehnel, Dirk <dirk.haehnel at phys.uni-goettingen.de<mailto:dirk.haehnel at phys.uni-goettingen.de>> wrote:

Hi Josh,

Hi Dirk,

sorry for missing this. If you ever think we're not responding to a private/sensitive email, don't hesitate to say on list, "send you a screenshot" etc.

There something wrong with encryption, ... Then I have created the keystore truststore db thus I thought the omero server can know use it’s ssl certificate from IIS to connect to AD... My guess is that I have done an misconfiguration on the Trust,keystore step. Has anyone a detailed step step by step experience for windows server 2008? Mille gracie.

Perhaps someone on the list will have a recipe for setting up the truststore on Windows. Were there any steps from https://www.openmicroscopy.org/site/support/omero5/sysadmins/server-security.html#java-key-and-truststores that gave you problems?

I configured the paths and having no problem on apache generating the ssl certificate, but since we are using windows AD environment and I get the server licence for free, I must use windows server. The problem is that I don’t know how to generate a valid ssl cert which is recognized from java.security.x thus ldap bindings to AD controller will work. If I allow ldap bindings at the ADC without ssl it works fine.
Thus, I need to learn how to do this step:
·        openssl s_client -connect {{host}}:{{port}} -prexit < /dev/null | openssl x509 -outform PEM | keytool -import  -alias ldap -storepass {{password}} -keystore {{truststore}} -noprompt

on a windows server 2008 R2.
I did generate a selfsighned ssl certificate for the webinterface and it works but how do I tell the java.security.x to use this as well and to do the ldap bindings with that?

PS: regarding the Python script thing, I might be able to wait, since I am off the whole December and being away for conferences the first two months of 2015.
If I

 Understood. We'll take a look in the mean time.. All the best,
~Josh.

-Dirk

Von: Josh Moore [mailto:josh at glencoesoftware.com<mailto:josh at glencoesoftware.com>]
Gesendet: Dienstag, 25. November 2014 22:18
An: Haehnel, Dirk
Cc: ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk>
Betreff: Re: [ome-users] Ldap and Scripts

On Tue, Nov 25, 2014 at 2:10 PM, Haehnel, Dirk <dirk.haehnel at phys.uni-goettingen.de<mailto:dirk.haehnel at phys.uni-goettingen.de>> wrote:
Dear Fellows,

Hi Dirk,

I am using Win2008R2 with Omero5 having trouble connecting LDAP to my ActiveDirectory Server, has anybody a working configuration?

Could you possibly send us the configuration you are currently using? Have you tried the suggestion under http://www.openmicroscopy.org/site/support/omero5/sysadmins/server-ldap.html#active-directory

Scripts on the server having a problem with windows iis application server, cannot access the folder whit the scripts, has anybody done the steps necessary to configure scripts on a windows server?

This issue has shown up before for certain Windows / Python combinations. See http://trac.openmicroscopy.org.uk/ome/ticket/12320

The linked Mozilla issue proposes using
https://raw.githubusercontent.com/mozilla/addon-sdk/c3a46fd6f6b57b87b6c8cb4601ff116d5b5b6b53/python-lib/mozrunner/killableprocess.py
as a replacement for the version in OMERO (lib/python/killableprocess.py)

A version of OMERO has not yet been released with this patch, but if you'd like to give it a try, we'd certainly appreciate the feedback.

Didn’t work for me..

Many thanks
Regards dirk

Cheers,
~Josh.

Regards Dirk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20141127/0b315052/attachment.html>