[ome-users] OMERO 5.1.3-ice35-b52 how to set second value of ou value to omero group name?
Josh Moore
josh at glencoesoftware.com
Mon Sep 28 10:14:06 BST 2015
On Mon, Sep 28, 2015 at 10:30 AM, Wojciech Kaczmarczyk
<wojciech.kaczmarczyk at pwr.edu.pl> wrote:
> Hi Josh,
>
> Thank You for fast answer.
Gladly.
> As rightly you noticed
> omero.ldap.user_filter have value (objectClass=organizationalPerson)
>
> and with
>
> omero.ldap.new_user_group ':ou:' give me last organizational unit as omero
> group which is consistent with the documentation:
>
>
> "If prefixed with :ou:, then a user’s last organizational unit (OU) will be
> used as his or her group. "
> (http://www.openmicroscopy.org/site/support/omero5.1/sysadmins/server-ldap.html)
>
>
> Is way to set omero.ldap.new_user_group to second value organizational
> unit ?
Ah, now I understand. This isn't possible using the :ou: setting.
Would :dn_attribute:memberOf perhaps do what you want?
https://www.openmicroscopy.org/site/support/omero5.1/sysadmins/server-ldap.html#group-lookup
> Best Regards,
> Wojtek
>
>
> P.S. I'm sorry. I am a temporary member of the mailing list to solve
> specific configuration problem which can not alone solve.
>
>
> As I see Omero is very good job I rate it highly in terms of transparency
> install, configuration and documentation.
Thank you very much!
~Josh
> ----- oryginalna wiadomość -----
> od: Josh Moore <josh at glencoesoftware.com>
> data: poniedziałek, wrzesień 28, 2015 9:01
> temat: Re: [ome-users] OMERO 5.1.3-ice35-b52 how to set second value of ou
> value to omero group name?
> do: OME User Support List <ome-users at lists.openmicroscopy.org.uk>
>
>
>> Hi Wojciech,
>>
>> On Fri, Sep 25, 2015 at 3:55 PM, Wojciech Kaczmarczyk
>> <wojciech.kaczmarczyk at pwr.edu.pl> wrote:
>> > Dear Open Microscopy Mainainers,
>> >
>> > Thank You for last help.
>> >
>> > I try change my OMERO.server-5.1.3-ice35-b52 server ldap
>> setting with
>> > configuration to get users and groups from Active Directory.
>> >
>> >
>> > My user dn record is:
>> >
>> > dn: CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-
>> science,DC=pl>
>> > I want to be member of omero group :
>> > Spinlab
>> >
>> > When I set up:
>> >
>> >
>> > omero.ldap.user_filter='(&(objectClass=organizationalUnit)'
>>
>> Can you login with this setting? The user_filter is used against the
>> object classes of your own entry, i.e.
>>
>> > objectClass: person
>> > objectClass: organizationalPerson
>> > objectClass: user
>>
>> rather than on the object classes of the group, e.g.:
>>
>> > dn: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
>> > objectClass: top
>> > objectClass: organizationalUnit
>>
>> which means that your user_filter:
>>
>> > omero.ldap.user_filter='(&(objectClass=organizationalUnit)'
>>
>> should probably use "=organizationalPerson"
>>
>>
>> >
>>
>> omero.ldap.user_mapping=omeName=cn,firstName=givenName,lastName=sn,email=mail>
>> omero.ldap.group_mapping=name=cn
>> > omero.ldap.new_user_group = ':ou:'
>> >
>> >
>> > I maped to first ou record group People.
>> >
>> >
>> > Problem:
>> > How/Is possible to set up second value of ou to omero user group?
>>
>> I would expect that if a user is part of multiple organizational units
>> that they would each get added as an OMERO group.
>>
>> Cheers,
>> ~Josh.
>>
>>
>>
>>
>> > Thank You for help.
>> >
>> > Wojciech Kaczmarczyk
>> >
>> >
>> > My people AD example entry dn record is:
>> >
>> > objectClass: top
>> > objectClass: person
>> > objectClass: organizationalPerson
>> > objectClass: user
>> > cn: wojtek
>> > sn: K
>> > telephoneNumber: 4745
>> > givenName: Wojciech
>> > distinguishedName:
>> > CN=wojtek,OU=People,OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-sc
>> > ience,DC=pl
>> > instanceType: 4
>> > whenCreated: 20140820125719.0Z
>> > whenChanged: 20150728060320.0Z
>> > displayName: Wojciech K
>> > uSNCreated: 12963
>> > memberOf:
>> > CN=spinlab-
>> uslugi_grupowe,OU=Groups,OU=Spinlab,OU=Projekty,DC=e-sci,
>> > DC=e-science,DC=pl
>> > memberOf::
>> > Q049VcW8eXRrb3duaWN5IGRvbWVueSxDTj1Vc2VycyxEQz1lLXNjaSxEQz1lLXNjaWV
>> > uY2UsREM9cGw=
>> > uSNChanged: 808877
>> > name: wojtek
>> > objectGUID:: 1g6hIaCpEUWkuj/J8SC5jA==
>> > userAccountControl: 66048
>> > badPwdCount: 0
>> > codePage: 0
>> > countryCode: 0
>> > homeDirectory: /home/spinlab/Personal/wojtek
>> > badPasswordTime: 130827176653875873
>> > lastLogon: 130826268091324773
>> > pwdLastSet: 130689139032131884
>> > primaryGroupID: 1230
>> > objectSid:: AQUAAAAAAAUVAAAA
>> > accountExpires: 9223372036854775807
>> > logonCount: 0
>> > sAMAccountName: wojtek
>> > sAMAccountType: 805306368
>> > userPrincipalName: wojciech.kaczmarczyk at maildomain
>> > objectCategory:
>> > CN=Person,CN=Schema,CN=Configuration,DC=e-sci,DC=e-science,DC=
>> > pl
>> > dSCorePropagationData: 16010101000000.0Z
>> > lastLogonTimestamp: 130825370007850204
>> > uid: wojtek
>> > mail: wojtek at maildomain
>> > uidNumber: 58072
>> > gidNumber: 30001
>> > unixHomeDirectory: /home/spinlab/Personal/wojtek
>> > loginShell: /bin/bash
>> > maildrop: wojciech.kaczmarczyk at maildomain
>> >
>> > Organizational Unit SpinLab Entry
>> >
>> >
>> >
>> > # Spinlab, Projekty, e-sci.e-science.pl
>> > dn: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-science,DC=pl
>> > objectClass: top
>> > objectClass: organizationalUnit
>> > ou: Spinlab
>> > distinguishedName: OU=Spinlab,OU=Projekty,DC=e-sci,DC=e-
>> science,DC=pl> instanceType: 4
>> > whenCreated: 20140624213713.0Z
>> > whenChanged: 20150218170112.0Z
>> > uSNCreated: 12422
>> > uSNChanged: 12422
>> > name: Spinlab
>> > objectGUID:: azRCPrfwcESx5kXQ5PrNyg==
>> > objectCategory:
>> > CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=e-sci,DC=
>> > e-science,DC=pl
>> > dSCorePropagationData: 16010101000000.0Z
>> >
>> >
>> >
>> >
>>
>> ================================================================================>
>> OMERO Diagnostics 5.1.3-ice35-b52
>> >
>>
>> ================================================================================>
>> > Commands: java -
>> version 1.7.0 (/usr/bin/java)
>> > Commands: python -
>> V 2.7.6 (/usr/bin/python)
>> > Commands: icegridnode --
>> version 3.5.1 (/usr/bin/icegridnode)
>> > Commands: icegridadmin --
>> version 3.5.1 (/usr/bin/icegridadmin)
>> > Commands: psql --
>> version 9.3.9 (/usr/bin/psql)
>> >
>> >
>> > Server:
>> icegridnode running
>> > Server: Blitz-
>> 0 active (pid = 1416, enabled)
>> > Server:
>> DropBox active (pid = 1430, enabled)
>> > Server:
>> FileServer active (pid = 1438, enabled)
>> > Server: Indexer-
>> 0 active (pid = 1440, enabled)
>> > Server:
>> MonitorServer active (pid = 1441, enabled)
>> > Server:
>> OMERO.Glacier2 active (pid = 1443, enabled)
>> > Server:
>> OMERO.IceStorm active (pid = 1447, enabled)
>> > Server: PixelData-
>> 0 active (pid = 1444, enabled)
>> > Server: Processor-
>> 0 active (pid = 1456, enabled)
>> > Server: Tables-
>> 0 active (pid = 1473, enabled)
>> > Server:
>> TestDropBox inactive (enabled)
>> >
>> >
>> > Log dir: /home/omero/OMERO.server-5.1.3-
>> ice35-b52/var/log exists
>> >
>> >
>> > Log files: Blitz-
>> 0.log 147.0 MB errors=1074
>> > warnings=177
>> > Log files:
>> DropBox.log 47.0 KB errors=2
>> > warnings=16
>> > Log files:
>> FileServer.log 6.0 KB
>> > Log files: Indexer-
>> 0.log 1.0 MB
>> > Log files:
>> MonitorServer.log 25.0 KB
>> > Log files:
>> OMEROweb.lock 0.0 KB
>> > Log files:
>> OMEROweb.log 231.0 KB errors=0
>> > warnings=1
>> > Log files:
>> OMEROweb_request.lock 0.0 KB
>> > Log files:
>> OMEROweb_request.log 0.0 KB
>> > Log files: PixelData-
>> 0.log 430.0 KB
>> > Log files: Processor-
>> 0.log 3.0 MB errors=985
>> > warnings=12
>> > Log files: Tables-
>> 0.log 32.0 KB errors=0
>
>> > warnings=12
>> > Log files:
>> TestDropBox.log n/a
>> > Log files:
>> master.err 17.0 KB errors=0
>> > warnings=12
>> > Log files:
>> master.out 0.0 KB
>> > Log files: Total
>> size 153.46 MB
>> >
>> >
>> >
>> >
>> > Environment:OMERO_HOME=(unset)
>> > Environment:OMERO_NODE=(unset)
>> > Environment:OMERO_MASTER=(unset)
>> > Environment:OMERO_USERDIR=(unset)
>> > Environment:OMERO_TMPDIR=(unset)
>> >
>>
>> Environment:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games>
>> Environment:PYTHONPATH=(unset)
>> > Environment:ICE_HOME=(unset)
>> > Environment:LD_LIBRARY_PATH=(unset)
>> > Environment:DYLD_LIBRARY_PATH=(unset)
>> >
>> >
>> > OMERO SSL port:4064
>> > OMERO TCP port:4063
>> > OMERO data
>> dir:'/OMERO' Exists? True Is writable? True
>> > OMERO temp
>> dir:'/home/omero/omero/tmp' Exists? True Is writable? True
>> > (Size: 0)
>> >
>> >
>> > JVM settings:
>> Blitz -Xmx1260m -XX:MaxPermSize=1g
>> > -XX:+IgnoreUnrecognizedVMOptions
>> > JVM settings:
>> Indexer -Xmx840m -XX:MaxPermSize=1g
>> > -XX:+IgnoreUnrecognizedVMOptions
>> > JVM settings:
>> Pixeldata -Xmx1260m -XX:MaxPermSize=1g
>> > -XX:+IgnoreUnrecognizedVMOptions
>> > JVM settings:
>> Repository -Xmx840m -XX:MaxPermSize=1g
>> > -XX:+IgnoreUnrecognizedVMOptions
>> >
>> >
>> > OMERO.web status... [RUNNING] (PID 1717)
>> >
>> >
>> > --
>> > Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
>> > Wrocławskie Centrum Sieciowo-Superkomputerowe
>> > tel: +48 71 320 47 45, http://www.wcss.pl
>> >
>> >
>> > _______________________________________________
>> > ome-users mailing list
>> > ome-users at lists.openmicroscopy.org.uk
>> > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>> >
>> _______________________________________________
>> ome-users mailing list
>> ome-users at lists.openmicroscopy.org.uk
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>
> --
> Wojciech Kaczmarczyk wojciech.kaczmarczyk at pwr.edu.pl
> Wrocławskie Centrum Sieciowo-Superkomputerowe
> tel: +48 71 320 47 45, http://www.wcss.pl
>
>
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>
More information about the ome-users
mailing list