[ome-users] LDAP Config for PosixGroups
Andreas Mueller
Andreas.Mueller at Biologie.Uni-Osnabrueck.DE
Thu Jan 31 15:28:32 GMT 2019
On 31.01.19 16:16, Josh Moore wrote:
> Andreas,
>
> On Thu, Jan 31, 2019 at 4:10 PM Andreas Mueller
> <Andreas.Mueller at biologie.uni-osnabrueck.de> wrote:
> ...snip...
> >
> > And - HURRAR - I can log in !!!
>
> Progress!
>
>
> > But: with the wrong firstName, the wrong lastName and everyone can
> > login to the system .. I've no restrictions.
> > ____
> >
> > I think omero has to login to the ldap-system with the dn of the user
> > and read *then* the private (hidden) attributes, because only the user
> > can read the own attributes.
> >
> > > Can you fix that ????
>
> I don't think so, at least not without re-writing the LDAP plugin. I
> would ask your IT for a service account that can bind and see the
> properties that you are looking for.
Oh, ok .. I will ask him
But, that service account can read the attributes from every person on
our university - that could be a problem :-/
>
>
> > Next step: how can I restrict the access ?
>
> Can you explain? What access are you looking to restrict?
With my last config every person from our university can log in to the
omero (nearly 20.000 Persons).
I make some test with group-config. (omero.ldap.group...)
Or I have to manualy allow every account..
- Feierabend - (morgen geht's weiter)
Andreas
>
> ~Josh
> _______________________________________________
> ome-users mailing list
> ome-users at lists.openmicroscopy.org.uk
> http://lists.openmicroscopy.org.uk/mailman/listinfo/ome-users
More information about the ome-users
mailing list