Page 1 of 1

problem setting LDAP properties

PostPosted: Fri Feb 25, 2011 1:11 pm
by bernie
I am trying to configure LDAP on our development server, initially without SSL, and cannot configure the property:

omero.ldap.user_filter=(objectClass=person)

Various attempts throw up syntax errors:
[omero@omerodev omero_dist]$ bin/omero config set (objectClass=uosunixobject)
-bash: syntax error near unexpected token `('

[omero@omerodev omero_dist]$ bin/omero config set "(objectClass=uosunixobject)"
"=" in key name. Did you mean "...set (objectClass uosunixobject)"?

so this works:
[omero@omerodev omero_dist]$ bin/omero config set "(objectClass uosunixobject)"

The output of get is:

[omero@omerodev omero_dist]$ bin/omero config get
(objectClass=uosunixobject)
omero.db.name=omero
omero.db.pass=********
omero.db.user=omero
omero.ldap.base=ou=Unix,ou=USCS,o=University of Sussex
omero.ldap.config=true
omero.ldap.new_user_group=omerodev
omero.ldap.urls=ldap://ldap0.uscs.sussex.ac.uk:389
omero.ldap.user_filter=objectClass=uosunixobject
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.web.application_host=http://omerodev.lifesci.susx.ac.uk:80
omero.web.application_server=fastcgi-tcp

ie the brackets aren't there.

also note: omeName=uid

Authentication fails and I get the following entries in the Blitz-0.log:

2011-02-25 13:01:27,355 INFO [ ome.services.util.ServiceHandler] (l.Server-1) Excp: org.springframework.ldap.InvalidSearchFilterException: Unbalanced parenthesis; nested exception is javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name ''
2011-02-25 13:01:27,356 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-1) Exception thrown while checking password for:bafy7
ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.InvalidSearchFilterException):
Unbalanced parenthesis; nested exception is javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name ''
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:133)

Also, I/we need to admit to the sin of trying to edit the config.xml file directly. I mention this because of the unusual entry at the beginning of the get output:

(objectClass=uosunixobject)

This can be seen as an entry in the xml file:

<property name="omero.ldap.user_filter" value="objectClass=uosunixobject"/>
<property name="(objectClass" value="uosunixobject)"/>

and I suspect it shouldn't be there!

Bernie

Re: problem setting LDAP properties

PostPosted: Fri Feb 25, 2011 1:54 pm
by jmoore
Hi Bernie,

You're right, the entry shouldn't be there. You've fallen prey to unix whitespace handling. Originally, you wanted the command:
Code: Select all
bin/omero config set omero.ldap.user_filter "(objectClass=person)"

Rather than editing the config.xml yourself (which isn't really that sinful), you could also try:
Code: Select all
bin/omero config edit

which should open an editor (vim?) for you to modify the files. Any lines you delete will be removed from the config.

Hope that helps!
~Josh

Re: problem setting LDAP properties

PostPosted: Fri Feb 25, 2011 4:39 pm
by bernie
It did. thanks, Bernie