[ome-users] LDAP Config for PosixGroups

Andreas Mueller Andreas.Mueller at Biologie.Uni-Osnabrueck.DE
Thu Jan 31 11:06:45 GMT 2019 

  Hi Ola,

  thanks for your help !

On 31.01.19 10:14, Aleksandra Tarkowska wrote:
> Hi Andreas
> 
> Could you paste the whole error message? Did you get only java error or any LDAP error code
> 

  I empty all log files and start restart the server und tried to logon
  with andrmuel over web. Then I stopped every service and tar all
  logfiles:   https://myshare.uni-osnabrueck.de/f/167252d7398648efa20b/


> 
>   a) I don't understand how omero creates binddn for the password query
>      against the ldap-server  (how can I check that?)
> 
> Bind DN can be set by, if required
> 
> bin/omero config set omero.ldap.username cn=Manager,dc=example,dc=com
> bin/omero config set omero.ldap.password secret

  I'm not the manager of the hole LDAP System. I'm only the manager of
  the group cellnanosomero:

     cn=cellnanosomero,ou=groups,dc=uni-osnabrueck,dc=de

  I can add or remove user to that posix group. I can not read the
  attributes of the users. Only the user by her/him self can read the own
  attributs. So it makes no sence to set ldap.username/password
  (Nevertheless I tried that ..:)


> And checked:
> 
> ldapsearch -x -LLL -H ldaps://your_ldap_host -D "cn=manager,dc=example,dc=com" -W -b "dc=uni-osnabrueck,dc=de" -s sub “(uid=andrmuel)”
> 

ldapsearch -x -LLL -H ldaps://ldap.uni-osnabrueck.de -D "uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de" -W -b "dc=uni-osnabrueck,dc=de" -s sub "(uid=andrmuel)"

that shows me ALL my attributes with the values  (70 lines)

The same with my colleg 'kbernhar':

ldapsearch -x -LLL -H ldaps://ldap.uni-osnabrueck.de -D "uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de" -W -b "dc=uni-osnabrueck,dc=de" -s sub "(uid=kbernhar)"

..brings me just a few (not secret) lines

If she does the same query with hier binddn, then it shows ALL
attributes (70 lines)

Every person can only query her/his own secret attributes.



> 
>   b) The attributes: givenName, sn, mail ..
>      can only be read after a successful authentication of the respective user
>      against the ldap.
> 
> What is the output of  bin/omero ldap getdn --user-name andrmuel ?

Unknown user: andrmuel


> 
> Thanks
> Ola
> 

  best regards
  Andreas

> 
> 
> -- 
>  The Wellcome Sanger Institute is operated by Genome Research 
>  Limited, a charity registered in England with number 1021457 and a 
>  company registered in England with number 2742969, whose registered 
>  office is 215 Euston Road, London, NW1 2BE.

> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users

More information about the ome-users mailing list