LDAP with omero 4.4.4 and Ubunut 12.04
Posted: Mon Oct 22, 2012 9:18 am
Hi!
I am a bit lost in getting LDAP integrated into omero. We have per user the posixAccount configured:
omero@head:~$ ldapsearch -x -LLL "(uid=microscope)"
dn: uid=microscope,ou=people,dc=ccc,dc=loc
cn: microscope
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
uid: microscope
uidNumber: 1030
gidNumber: 100
homeDirectory: /home/microscope
loginShell: /bin/bash
shadowMin: -1
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 134538308
shadowLastChange: 15635
However, omero can not find this user in our LDAP, it logs into Blitz.log:
2012-10-22 11:13:51,518 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(microscope)
2012-10-22 11:13:51,518 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:51,521 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=null(Sessions),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:51,523 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897231518] time[5] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$8.doWork]
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: null
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(microscope)
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:51,536 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=21164(Sessions),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:52,424 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-9) Default choice on create user: microscope (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2012-10-22 11:13:52,428 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897231524] time[904] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$9.doWork]
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: false
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- java.lang.String.microscope
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:52,431 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=null(Internal),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:52,435 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897232429] time[6] tag[omero.call.success.ome.services.blitz.fire.PermissionsVerifierI$1.doWork]
2012-10-22 11:13:52,435 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: null
The configuration concerning LDAP is
omero.ldap.base=dc=ccc,dc=loc
omero.ldap.config=true
omero.ldap.new_user_group=member=@{dn}
omero.ldap.password=****
omero.ldap.referral=follow
omero.ldap.sync_on_login=true
omero.ldap.urls=ldap://127.0.0.1:389
omero.ldap.user_filter=
omero.ldap.user_mapping=omeName=uid;email=gecos
omero.ldap.username=cn=admin,dc=ccc,dc=loc
I am not at all a LDAP expert and would appreciate any help in this matter.
Best,
Sebastian
I am a bit lost in getting LDAP integrated into omero. We have per user the posixAccount configured:
omero@head:~$ ldapsearch -x -LLL "(uid=microscope)"
dn: uid=microscope,ou=people,dc=ccc,dc=loc
cn: microscope
objectClass: account
objectClass: posixAccount
objectClass: shadowAccount
objectClass: top
uid: microscope
uidNumber: 1030
gidNumber: 100
homeDirectory: /home/microscope
loginShell: /bin/bash
shadowMin: -1
shadowMax: 99999
shadowWarning: 7
shadowInactive: -1
shadowExpire: -1
shadowFlag: 134538308
shadowLastChange: 15635
However, omero can not find this user in our LDAP, it logs into Blitz.log:
2012-10-22 11:13:51,518 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(microscope)
2012-10-22 11:13:51,518 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:51,521 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=null(Sessions),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:51,523 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897231518] time[5] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$8.doWork]
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: null
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(microscope)
2012-10-22 11:13:51,523 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:51,536 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=21164(Sessions),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:52,424 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-9) Default choice on create user: microscope (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2012-10-22 11:13:52,428 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897231524] time[904] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$9.doWork]
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: false
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- java.lang.String.microscope
2012-10-22 11:13:52,428 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Args: [null, InternalSF@433941539]
2012-10-22 11:13:52,431 INFO [ ome.security.basic.EventHandler] (l.Server-9) Auth: user=0,group=0,event=null(Internal),sess=f4716944-a207-47db-87fc-27a520f96262
2012-10-22 11:13:52,435 INFO [ org.perf4j.TimingLogger] (l.Server-9) start[1350897232429] time[6] tag[omero.call.success.ome.services.blitz.fire.PermissionsVerifierI$1.doWork]
2012-10-22 11:13:52,435 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Rslt: null
The configuration concerning LDAP is
omero.ldap.base=dc=ccc,dc=loc
omero.ldap.config=true
omero.ldap.new_user_group=member=@{dn}
omero.ldap.password=****
omero.ldap.referral=follow
omero.ldap.sync_on_login=true
omero.ldap.urls=ldap://127.0.0.1:389
omero.ldap.user_filter=
omero.ldap.user_mapping=omeName=uid;email=gecos
omero.ldap.username=cn=admin,dc=ccc,dc=loc
I am not at all a LDAP expert and would appreciate any help in this matter.
Best,
Sebastian