[ome-users] OMERO ldap users lifecycle
S Simard
ssimard at pasteur.fr
Fri Oct 16 17:42:43 BST 2015
Hi Josh,
On 16/10/2015 18:12, Josh Moore wrote:
> Hi Sebastien,
>
> On Fri, Oct 16, 2015 at 5:34 PM, S Simard <ssimard at pasteur.fr> wrote:
>> Hi all,
>>
>> Please find some steps below to illustrate a corner case we ran into - this
>> occurred on OMERO 5.1.4, but it looks like it might be related to the 5.1
>> OMERO LDAP rework, as a quick check against version 5.0.2 does not exhibit
>> the issue.
>>
>> To reproduce:
>> - create a new LDAP-enabled OMERO user (say "foo")
>> - delete the "foo" user from the LDAP directory
>> - as the OMERO "root" user, attempt to edit "foo" via the web ui or read it
>> with "bin/omero ldap getdn --user-name foo"
>> This should raise an exception: "ome.conditions.ApiUsageException: Cannot
>> find unique user DistinguishedName: found=0".
>>
>> Albeit it is possible to work around the issue by toggling the user's LDAP
>> flag beforehand ("bin/omero ldap setdn --user-name foo false"), for
>> convenience it could be useful to allow for more lenient DN checks in the
>> context of read/edit operations.
> Thanks for the detailed report! This goes along with
> https://trac.openmicroscopy.org/ome/ticket/13060#comment:2 --
> disabling LDAP should certainly be possible from the UI.
Thanks, that would be great.
>
> For bin/omero ldap getdn, we are no longer storing the DN in OMERO so
> a query against LDAP must be performed.
And this certainly was a welcome change (much easier to handle DN
updates now).
> What result would you have
> expected?
Perhaps I'd suggest shortening the stack trace down to the exception
message?
It's probably less of an issue with the CLI tools than with the UI
clients though, so I guess keeping the current behaviour could be fine
too if you consider reducing debug output would impede diagnostics.
Cheers,
Sebastien
More information about the ome-users
mailing list