[ome-users] LDAP problems

Wood, Christopher CJW at stowers.org
Wed Jun 17 17:53:42 BST 2015 

That works. Thanks for your help!

Chris




On 6/17/15, 10:50 AM, "ome-users on behalf of Josh Moore" <ome-users-bounces at lists.openmicroscopy.org.uk on behalf of josh at glencoesoftware.com> wrote:

>On Wed, Jun 17, 2015 at 3:58 PM, Wood, Christopher <CJW at stowers.org> wrote:
>> Hi,
>
>Hi Chris,
>
>> We just upgraded OMERO from 5.0.6 to 5.1.2 at the same time moving to
>> different virtual hardware, and we are having some issues with LDAP
>> accounts.
>
>First off, sorry that we've done this to you yet again. I think we
>need to get a LDIF file from you for our integration tests!
>
>
>> As in the past, our account names are sometimes all uppercase, or all
>> lowercase – but no one uses uppercase to login to anything. The work around
>> has been to use:
>>
>> omero.security.password_provider=chainedPasswordProvider431
>>
>> and create user names with lowercase and use the omero command line/python
>> script to set the ldap dn. It doesn’t seem that this option is available any
>> more (api docs say it is deprecated).
>
>Correct. Storing the DN in the database was leading to trouble
>elsewhere since if the value changed, users were equally locked out.
>
>
>> When I do:
>> bin/omero ldap list
>>
>> the the users with “official" uppercase names give an error, others give the
>> dn.
>>
>> The log files give errors such as:
>>
>> 1714:2015-06-16 14:52:27,966 INFO  [
>> ome.services.util.ServiceHandler] (l.Server-3)  Excp:
>> ome.conditions.ApiUsageException: Cannot find unique user DistinguishedName:
>> found=1
>>
>> Does anyone know of a solution or workaround to this problem? I found some
>> tickets for this issue, but they didn’t seem to be resolved.
>
>I think you just (in)volunteered to be our first external tester for:
>omero.security.ignore_case=true
>See https://github.com/openmicroscopy/openmicroscopy/blob/v5.1.2/etc/omero.properties#L108
>
>I would think if you drop your use of chainedPasswordProvider431 and
>ignore case, i.e.:
>
>  bin/omero config set omero.security.password_provider
>  bin/omero config set omero.security.ignore_case true
>
>Then logins should start working again. Please be sure to see the
>warning at that location, and ask any questions if things are unclear.
>
>Sorry again for the trouble.
>
>Cheers,
>~Josh.
>
>
>> here are the LDAP settings
>>
>> omero.ldap.base=DC=sgc,DC=loc
>> omero.ldap.config=true
>> omero.ldap.password=*****
>> omero.ldap.referral=follow
>> omero.ldap.urls=ldap://directory.*.****
>> omero.ldap.user_filter=(objectClass=person)
>> omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail
>> omero.ldap.username=CN=*** ** ***,OU=Accounts-Infra,OU=AD
>> Infrastructure,DC=sgc,DC=loc
>>
>> Thanks
>> Chris
>_______________________________________________
>ome-users mailing list
>ome-users at lists.openmicroscopy.org.uk
>http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users

More information about the ome-users mailing list