[ome-users] LDAP Config for PosixGroups

Andreas Mueller Andreas.Mueller at Biologie.Uni-Osnabrueck.DE
Thu Jan 31 12:39:28 GMT 2019 

  Hi Josh,

On 31.01.19 11:59, Josh Moore wrote:
> Hi Andreas,
> 
> On Thu, Jan 31, 2019 at 11:18 AM Andreas Mueller
> <Andreas.Mueller at biologie.uni-osnabrueck.de> wrote:
> >
> >   Hi Ola,
> >
> >   me again:
> >
> >   IMHO the correct value is:
> >
> >     omero.ldap.user_filter=cn=cellnanosomero
> 
> I think you mean for this to be a group_filter, no?  This would only
> load users who have the cn "cellnanosomero".
> 
> 
> >     omero.ldap.user_mapping_omeName=memberUid,firstname=givenName,lastName=sn,email=mail
> 
> This is user_mapping=omeName=..., right? (You show that above).
> 

  the 'omero.ldap.user_mapping_omeName' is a little bit tricky. If I
  understand that right, it is used in two ways:

    1) the first value (in my case: memberUid) ist used to be AND'ed
    with the user_filter 
    
    2) and the rest of the line describe the mapping between the
    omero-attributes and the ldap-attributes

  // Why is that so tricky? Simple would be better. It cost me hours.


> 
> 
> 
> >   that will bring (*) me to the query:
> >
> >   ldapsearch -x -LLL  "(&(cn=cellnanosomero)(memberUid=andrmuel))"
> >
> >   # RESULT:  (for all 'user' in that group with memberUid='user')
> >
> >     dn: cn=cellnanosomero,ou=groups,dc=uni-osnabrueck,dc=de
> >     objectClass: top
> >     objectClass: posixGroup
> >     cn: cellnanosomero
> >     gidNumber: 688
> >
> >
> >   'andrmuel' is my login name
> >
> >
> >   IMHO omero has to create the correct query string for the
> >   authentication:
> >
> >     uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de         (**)
> >
> >   and the authentication is nessesary to get the values for the
> >   attributes:
> >
> >     givenName,sn,mail,..
> >
> >   And I don't know how I can tell omero how it has to build that (**)
> >   string
> 
> If the change from user_filter to group_filter doesn't help, can you
> send me separately your full LDAP configuration (bin/omero config get
> | grep ldap) 

  that ist already in my other mail  ( I attache that again )


> as well as the full LDAP entry for
> uid=andrmuel,ou=people,dc=uni-osnabrueck,dc=de. Thanks.
> 

  I'll do that in a seperate mail direct to you ..
   - thanks -

  // you can share that with your collegs of course

  Andreas

> 
> 
> >   // (*) https://docs.openmicroscopy.org/omero/5.4.10/sysadmins/server-ldap.html#user-lookup
> >   Andreas
> 
> Gruß,
> ~Josh
> 
> 
> > On 30.01.19 19:45, Aleksandra Tarkowska wrote:
> > > Hi Andreas,
> > >
> > > Did you try to set omero.ldap.user_mapping https://docs.openmicroscopy.org/omero/5.4.10/sysadmins/server-ldap.html#user-lookup?
> > >
> > >
> > > omeName=uid,firstName=??,...
> > >
> > > Please review also omero.ldap.group_mapping
> > >
> > > Thanks
> > > Ola
> > >
> > >
> > >    [omero at omero3 OMERO.server]$ bin/omero ldap active
> > >    Yes
> > >
> > >    [omero at omero3 OMERO.server]$ bin/omero ldap create andrmuel
> > >
> > >   I get a:
> > >
> > >    not-null property references a null or transient value:
> > >    ome.model.meta.Experimenter.firstName; nested exception is
> > >    org.hibernate.PropertyValueException: not-null property references a
> > >    null or transient value: ome.model.meta.Experimenter.firstName
> > >
> > >    I find the same error in the logs if I try to logon over web.
> > >
-------------- next part --------------
An embedded message was scrubbed...
From: Andreas Mueller <Andreas.Mueller at Biologie.Uni-Osnabrueck.DE>
Subject: Re: [ome-users] LDAP Config for PosixGroups
Date: Wed, 30 Jan 2019 18:08:38 +0100
Size: 4358
URL: <http://lists.openmicroscopy.org.uk/pipermail/ome-users/attachments/20190131/59993379/attachment.mht>

More information about the ome-users mailing list