[ome-users] LDAP Config for PosixGroups

Josh Moore josh at glencoesoftware.com
Thu Jan 31 10:59:16 GMT 2019 

Hi Andreas,

On Thu, Jan 31, 2019 at 11:18 AM Andreas Mueller
<Andreas.Mueller at biologie.uni-osnabrueck.de> wrote:
>
>   Hi Ola,
>
>   me again:
>
>   IMHO the correct value is:
>
>     omero.ldap.user_filter=cn=cellnanosomero

I think you mean for this to be a group_filter, no?  This would only
load users who have the cn "cellnanosomero".


>     omero.ldap.user_mapping_omeName=memberUid,firstname=givenName,lastName=sn,email=mail

This is user_mapping=omeName=..., right? (You show that above).




>   that will bring (*) me to the query:
>
>   ldapsearch -x -LLL  "(&(cn=cellnanosomero)(memberUid=andrmuel))"
>
>   # RESULT:  (for all 'user' in that group with memberUid='user')
>
>     dn: cn=cellnanosomero,ou=groups,dc=uni-osnabrueck,dc=de
>     objectClass: top
>     objectClass: posixGroup
>     cn: cellnanosomero
>     gidNumber: 688
>
>
>   'andrmuel' is my login name
>
>
>   IMHO omero has to create the correct query string for the
>   authentication:
>
>     uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de         (**)
>
>   and the authentication is nessesary to get the values for the
>   attributes:
>
>     givenName,sn,mail,..
>
>   And I don't know how I can tell omero how it has to build that (**)
>   string

If the change from user_filter to group_filter doesn't help, can you
send me separately your full LDAP configuration (bin/omero config get
| grep ldap) as well as the full LDAP entry for
uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de. Thanks.



>   // (*) https://docs.openmicroscopy.org/omero/5.4.10/sysadmins/server-ldap.html#user-lookup
>   Andreas

Gruß,
~Josh


> On 30.01.19 19:45, Aleksandra Tarkowska wrote:
> > Hi Andreas,
> >
> > Did you try to set omero.ldap.user_mapping https://docs.openmicroscopy.org/omero/5.4.10/sysadmins/server-ldap.html#user-lookup?
> >
> >
> > omeName=uid,firstName=??,...
> >
> > Please review also omero.ldap.group_mapping
> >
> > Thanks
> > Ola
> >
> >
> >    [omero at omero3 OMERO.server]$ bin/omero ldap active
> >    Yes
> >
> >    [omero at omero3 OMERO.server]$ bin/omero ldap create andrmuel
> >
> >   I get a:
> >
> >    not-null property references a null or transient value:
> >    ome.model.meta.Experimenter.firstName; nested exception is
> >    org.hibernate.PropertyValueException: not-null property references a
> >    null or transient value: ome.model.meta.Experimenter.firstName
> >
> >    I find the same error in the logs if I try to logon over web.
> >
> >
> >
> > --
> >  The Wellcome Sanger Institute is operated by Genome Research
> >  Limited, a charity registered in England with number 1021457 and a
> >  company registered in England with number 2742969, whose registered
> >  office is 215 Euston Road, London, NW1 2BE.
> >
>
> > _______________________________________________
> > ome-users mailing list
> > ome-users at lists.openmicroscopy.org.uk
> > http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
>
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users

More information about the ome-users mailing list