ldapsearch works but OMERO LDAP doesn't
Posted: Fri Nov 01, 2013 5:53 pm
Hey all.
Just thought I'd throw this out there, as it'a already on the email llist.
I have a shiny new Omero 5 beta 1 server running. Desperately trying to get some authentication happening with it.Didn't think it'd be this hard. I'm not using SSL at the moment for my LDAP source, as I want to try and get the very basics right, first.
omero config get looks like this:
So, when I use an ldapsearch from command line:
So - my mind string, names, base DN and password are all correct.
However, if I use the above Omero config and try to login with an appropriate username + password:
Really not sure what I'm missing, at this point. It's almost as if the JNDI spring ldap toolkit doesn't understand the type or form of DN's and schema I have?
Further to this, I note a lot of suggestions that the "No such object" error suggests that the DN search base doesn't exist. The problem is, it definitely does, and ldapsearch proves that in clear sight. Does OMERO's use of the JNDI require some other syntax or some "more full" path somehow?
Thoughts?
-z
Just thought I'd throw this out there, as it'a already on the email llist.
I have a shiny new Omero 5 beta 1 server running. Desperately trying to get some authentication happening with it.Didn't think it'd be this hard. I'm not using SSL at the moment for my LDAP source, as I want to try and get the very basics right, first.
omero config get looks like this:
- Code: Select all
linuxadmin@place-omero-prod:~$ omero config get
omero.data.dir=/omero.data
omero.db.name=place_omero_database
omero.db.pass=censored
omero.db.user=censored
omero.ldap.base=ou=Staff,ou=People,o=the place of place,c=au
omero.ldap.config=true
omero.ldap.password=censored
omero.ldap.referral=follow
omero.ldap.urls=ldap://ldap.place.edu.au:389
omero.ldap.user_filter=()
omero.ldap.username=cn=place_nss,ou=special,o=the place of place,c=au
omero.security.keyStore=/home/linuxadmin/ssl_stores/.censored
omero.security.keyStorePassword=censored
omero.security.trustStore=/home/linuxadmin/ssl_stores/.censored
omero.security.trustStorePassword=censored
omero.web.application_server=development
omero.web.debug=True
So, when I use an ldapsearch from command line:
- Code: Select all
linuxadmin@place-omero-prod:~$ ldapsearch -LLL -H ldap://ldap.place.edu.au
-x -D ‘uid=place_nss,ou=special,o=the place of place,c=au' -w ’secret' -b
'ou=Staff,ou=People,o=the place of place,c=au' | grep -i carroll
cn: Associate Professor blah blue
mail: blah.blue@blah.edu.au
So - my mind string, names, base DN and password are all correct.
However, if I use the above Omero config and try to login with an appropriate username + password:
- Code: Select all
2013-11-02 03:46:09,663 INFO [ ome.services.util.ServiceHandler] (.Server-19) Excp: org.springframework.ldap.AuthenticationException: [LDAP: error code 32 - No Such Object]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]
2013-11-02 03:46:09,666 ERROR [ o.s.blitz.fire.PermissionsVerifierI] (.Server-19) Exception thrown while checking password for:blahblah
Really not sure what I'm missing, at this point. It's almost as if the JNDI spring ldap toolkit doesn't understand the type or form of DN's and schema I have?
Further to this, I note a lot of suggestions that the "No such object" error suggests that the DN search base doesn't exist. The problem is, it definitely does, and ldapsearch proves that in clear sight. Does OMERO's use of the JNDI require some other syntax or some "more full" path somehow?
Thoughts?
-z