[ome-users] OMERO how to get short ou value to group name

[Aleksandra Tarkowska (Staff)]

Hey Wojtek,

Your Omero LDAP settings should be:


omero.ldap.user_filter=(objectClass=person)


# you were missing underscore on user_mapping

omero.ldap.user_mapping 'omeName=uid,firstName=givenName,lastName=sn,email=mail'


omero.ldap.group_filter '(objectClass=group)'


# I am not sure why you want the entire DN being mapped to name. CN is enough as entries are unique. As you want group name being 'spinlab-uslugi_grupowe'

omero.ldap.group_mapping=name=cn


# members of a group will be filter using member attribute

# spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl
# dn: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
# objectClass: group
# cn: spinlab-uslugi_grupowe
# member: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl

omero.ldap.new_user_group ':query:(member=@{dn})'

omero.ldap.sync_on_login true

Let me know if that helps. Please attache errors from var/log/Blitz-0.log if that is still failing

Kind regards
Ola

From: Wojciech Kaczmarczyk <wojciech.kaczmarczyk at pwr.edu.pl<mailto:wojciech.kaczmarczyk at pwr.edu.pl>>
Reply-To: OME User Support List <ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk>>
Date: Mon, 3 Aug 2015 11:18:37 +0200
To: <ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk>>
Subject: [ome-users] OMERO how to get short ou value to group name

Dear Open Microscopy Mainainers,

I try set up a OMERO.server-5.1.3-ice35-b52 server with configuration to get users and groups from Active Directory.

How to set up short values of my group names in my omero ldap settings?

i.e. I am member of omero group:
dn: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s
 cience,DC=pl

I want to be member of omero group:
spinlab-uslugi_grupowe

When I change omero.ldap.group_mapping name name=cn, I can not find correct value to omero.ldap.new_user_group or another mix of values.

Thank You for help.

Wojciech Kaczmarczyk

My working ldap omero configuration is:

Omero LDAP settings are:
omero.ldap.user_filter (objectClass=person)
omero.ldap.user_mapping ome Name=uid,firstName=givenName,lastName=sn
omero.ldap.group_filter  (objectClass=group)
omero.ldap.group_mapping name name=dn
omero.ldap.new_user_group :attribute:memberOf
omero.ldap.sync_on_login true


My group AD example entry is:

# spinlab-uslugi_grupowe, Groups, Spinlab, Projekty, e-sci.e-science.pl
dn: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-s
 cience,DC=pl
objectClass: top
objectClass: group
cn: spinlab-uslugi_grupowe
member: .... (cut)
member: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
member: ....(cut)
distinguishedName: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,
 DC=e-sci,DC=e-science,DC=pl
instanceType: 4
whenCreated: 20150130093600.0Z
whenChanged: 20150611082904.0Z
displayName: Uslugi Grupowe
uSNCreated: 12970
uSNChanged: 443524
name: spinlab-uslugi_grupowe
objectGUID:: C1PPQYYXokuhk+YL5nS6kA==
objectSid:: AQUAAAAAAAUVAAAAj+/aqojK9qSkjDPiwAgAAA==
sAMAccountName: spinlab-uslugi_grupowe
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=p
 l
dSCorePropagationData: 16010101000000.0Z
mail: uslugi_grupowe at spinlab.e-science.pl<mailto:uslugi_grupowe at spinlab.e-science.pl>
gidNumber: 30065
(cut)
memberUid: wojtek
(cut)
mgrpAllowedDomain: open



My people AD example entry dn record is:

dn: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: wojtek
sn: K
telephoneNumber: 4745
givenName: Wojciech
distinguishedName: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-sc
 ience,DC=pl
instanceType: 4
whenCreated: 20140820125719.0Z
whenChanged: 20150728060320.0Z
displayName: Wojciech K
uSNCreated: 12963
memberOf: CN=spinlab-uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,
 DC=e-science,DC=pl
memberOf:: Q049VcW8eXRrb3duaWN5IGRvbWVueSxDTj1Vc2VycyxEQz1lLXNjaSxEQz1lLXNjaWV
 uY2UsREM9cGw=
uSNChanged: 808877
name: wojtek
objectGUID:: 1g6hIaCpEUWkuj/J8SC5jA==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
homeDirectory: /home/spinlab/Personal/wojtek
badPasswordTime: 130827176653875873
lastLogon: 130826268091324773
pwdLastSet: 130689139032131884
primaryGroupID: 1230
objectSid:: AQUAAAAAAAUVAAAA
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: wojtek
sAMAccountType: 805306368
userPrincipalName: wojciech.kaczmarczyk at maildomain
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=
 pl
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 130825370007850204
uid: wojtek
mail: wojtek at maildomain
uidNumber: 58072
gidNumber: 30001
unixHomeDirectory: /home/spinlab/Personal/wojtek
loginShell: /bin/bash
maildrop: wojciech.kaczmarczyk at maildomain





--
Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl<mailto:wojciech.kaczmarczyk at pwr.edu.pl>
Wrocławskie Centrum Sieciowo-Superkomputerowe
tel: +48 71 320 47 45, http://www.wcss.pl

_______________________________________________ ome-users mailing list ome-users at lists.openmicroscopy.org.uk<mailto:ome-users at lists.openmicroscopy.org.uk> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
The University of Dundee is a registered Scottish Charity, No: SC015096
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20150803/9b67cbec/attachment.html>