[ome-users] ldap new_user_group not working with :dn_attribute:
Tjelvar Olsson (JIC)
Tjelvar.Olsson at jic.ac.uk
Fri Apr 8 13:25:11 BST 2016
Hi Ola,
Thank you for pointing me in the direction of the relevant logs.
The issue was that I had set the ldap_base to high in the tree. This meant that the groups were not accessible to OMERO, resulting in the error message below.
2016-04-08 07:59:21,440 ERROR [ o.s.blitz.fire.PermissionsVerifierI] (l.Server-2) Exception thrown while checking password for:hartleym
ome.conditions.InternalException: Full DN (cn=aaa,ou=groups,dc=scicomp,dc=jic,dc=ac,dc=uk) does not start with base DN (ou=people,dc=scicomp,dc=jic,dc=ac,dc=uk)
Changing the ldap_base from:
omero.ldap.base=ou=people,dc=scicomp,dc=jic,dc=ac,dc=uk
to:
omero.ldap.base=dc=scicomp,dc=jic,dc=ac,dc=uk
sorted out the issue.
Kind regards,
Tjelvar
--
Dr. Tjelvar Olsson
Scientific Computing Lab Manager
John Innes Centre
Genome Centre 105b, ext: 2587
> On 8 Apr 2016, at 13:04, Aleksandra Tarkowska (Staff) <A.Tarkowska at dundee.ac.uk> wrote:
>
> Hi Tjelvar
>
> Could you send logs OMERO.server/var/log/Blitz-0.log and OMEROweb.log to let us look what the problem is exactly?
>
> Ola
> Software Engineer
> Open Microscopy Environment
> University of Dundee
>
>> On 8 Apr 2016, at 12:50, Tjelvar Olsson (JIC) <Tjelvar.Olsson at jic.ac.uk> wrote:
>>
>> Dear all,
>>
>> I’m trying to configure OMERO to assign users to specific groups from an LDAP server.
>>
>> I have gotten to the stage where I can get it to assign the full domain name as the default group the first time a user logs in to OMERO, e.g.
>>
>> cn=awesome,ou=groups,dc=scicomp,dc=jic,dc=ac,dc=uk
>>
>> Now I am trying, and failing, to get OMERO to use the common name (cn) of the ldap group as the OMERO group name, e.g. awesome.
>>
>> However,
>>
>> When I use :dn_attribute:memberOf instead of :attribute:memberOf as the value of the “new_user_group” the (web) login hangs (on first login) and eventually returns with an “Internal Server Error” page.
>>
>> Has anyone managed to configure an OMERO server to talk to LDAP using the :dn_attribute:?
>>
>> Below is the configuration used in the failing case.
>>
>> $ ./bin/omero config get
>> omero.db.name=omero
>> omero.db.pass=secret
>> omero.db.user=omero_db_user
>> omero.ldap.base=ou=people,dc=scicomp,dc=jic,dc=ac,dc=uk
>> omero.ldap.config=true
>> omero.ldap.group_mapping=name=cn
>> omero.ldap.new_user_group=:dn_attribute:memberOf
>> omero.ldap.urls=ldap://192.168.99.100:389
>> omero.ldap.user_filter=(objectClass=inetOrgPerson)
>> omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
>> omero.web.application_server=wsgi
>>
>> Kind regards,
>>
>> Tjelvar
>> _______________________________________________
>> ome-users mailing list
>> ome-users at lists.openmicroscopy.org.uk
>> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>
>
> The University of Dundee is a registered Scottish Charity, No: SC015096
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
More information about the ome-users
mailing list