debugging ldap
Posted: Wed Mar 04, 2015 12:53 pmHello I just installed an Omero Server and on base it seems to run fine*, I cannot get LDAP to work tough.
However, after having done things to the book, at least I believe so, what options do I have to debug why it does not work? I don't see anything SSL or LDAP related in OMERO.server/var/log.
I have no idea what fails, trust relationship to the ssl server? ssl server even reachable, cannot find user? etc. I don't see any helpful log? I went straight to ldaps SSL, since I disabled plain ldap on our server long ago and I don't want to fiddle with it to get omero running...
PS: I do not store emails from users. Might this be an issue? Since out of some strange reason Omero requires Firstname/Lastname/Email as absolutely mandatory?
PPS: *I got some issue at first since I disabled IPv6 in the kernel. I usually do this on all servers here, since it wont get out of the router anyway and had some strange effects when some tools tried to go IPv6. However omero had some strange error messages regarding IPv6 and wouldn't start. Once I allowed the kernel again to have it, it started up fine.
However, after having done things to the book, at least I believe so, what options do I have to debug why it does not work? I don't see anything SSL or LDAP related in OMERO.server/var/log.
- Code: Select all
omero@omero:~/OMERO.server$ bin/omero config get
omdero.ldap.base=dc=csc,dc=univie,dc=ac,dc=at
omdero.ldap.config=true
omdero.ldap.urls=ldaps://ldap.csc.univie.ac.at:636
omero.data.dir=/omero
omero.db.name=omero_db
omero.db.pass=xxx
omero.db.user=omero_dbuser
omero.ldap.referral=follow
omero.ldap.user_filter=(objectClass=inetOrgPerson)
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.ldap.user_mapping==
omero.security.keyStore=/home/omero/.keystore/omero.jks
omero.security.keyStorePassword=xxx
omero.security.trustStore=/home/omero/.truststore/omero.jts
omero.security.trustStorePassword=xxx
- Code: Select all
omero@omero:~/OMERO.server$ bin/omero admin diagnostics
================================================================================
OMERO Diagnostics 5.0.8-ice35-b60
================================================================================
Commands: java -version 1.7.0 (/usr/bin/java)
Commands: python -V 2.7.8 (/usr/bin/python)
Commands: icegridnode --version 3.5.1 (/usr/bin/icegridnode)
Commands: icegridadmin --version 3.5.1 (/usr/bin/icegridadmin)
Commands: psql --version 9.4.1 (/usr/bin/psql)
Server: icegridnode running
Server: Blitz-0 active (pid = 21946, enabled)
Server: DropBox active (pid = 21956, enabled)
Server: FileServer active (pid = 21958, enabled)
Server: Indexer-0 active (pid = 21960, enabled)
Server: MonitorServer active (pid = 21961, enabled)
Server: OMERO.Glacier2 active (pid = 21966, enabled)
Server: OMERO.IceStorm active (pid = 21968, enabled)
Server: PixelData-0 active (pid = 21969, enabled)
Server: Processor-0 active (pid = 21980, enabled)
Server: Tables-0 active (pid = 21989, enabled)
Server: TestDropBox inactive (enabled)
OMERO: SSL port 4064
OMERO: TCP port 4063
Log dir: /home/omero/OMERO.server-5.0.8-ice35-b60/var/log exists
Log files: Blitz-0.log 1.0 MB errors=1 warnings=36
Log files: DropBox.log 14.0 KB errors=0 warnings=5
Log files: FileServer.log 1.0 KB
Log files: Indexer-0.log 15.0 KB
Log files: MonitorServer.log 8.0 KB
Log files: OMEROweb.log n/a
Log files: PixelData-0.log 18.0 KB
Log files: Processor-0.log 9.0 KB errors=0 warnings=3
Log files: Tables-0.log 9.0 KB errors=0 warnings=3
Log files: TestDropBox.log n/a
Log files: master.err 16.0 KB errors=0 warnings=11
Log files: master.out 0.0 KB
Log files: Total size 1.26 MB
Environment:OMERO_HOME=(unset)
Environment:OMERO_NODE=(unset)
Environment:OMERO_MASTER=(unset)
Environment:OMERO_TEMPDIR=(unset)
Environment:PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
Environment:PYTHONPATH=(unset)
Environment:ICE_HOME=(unset)
Environment:LD_LIBRARY_PATH=(unset)
Environment:DYLD_LIBRARY_PATH=(unset)
OMERO data dir: '/omero' Exists? True Is writable? True
OMERO temp dir: '/home/omero/omero/tmp' Exists? True Is writable? True (Size: 0)
OMERO.web status... [RUNNING] (PID 1262)
- Code: Select all
omero@omero:~/OMERO.server$ ldapsearch -H ldaps://ldap.csc.univie.ac.at:636 -x -b "dc=csc,dc=univie,dc=ac,dc=at" (objectClass=inetOrgPerson)
...SNIP...
# axel, People, csc.univie.ac.at
dn: uid=axel,ou=People,dc=csc,dc=univie,dc=ac,dc=at
cn: Axel Kittenberger
gidNumber: 707
givenName: Axel
homeDirectory: /csc/axel
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
sn: Kittenberger
uid: axel
uidNumber: 10807
loginShell: /bin/bash
displayName: Axel Kittenberger
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-XXX
sambaPrimaryGroupSID: S-1-5-21-XXX
sambaNTPassword: XXX
sambaPwdLastSet: 1425465343
...SNIP...
I have no idea what fails, trust relationship to the ssl server? ssl server even reachable, cannot find user? etc. I don't see any helpful log? I went straight to ldaps SSL, since I disabled plain ldap on our server long ago and I don't want to fiddle with it to get omero running...
PS: I do not store emails from users. Might this be an issue? Since out of some strange reason Omero requires Firstname/Lastname/Email as absolutely mandatory?
PPS: *I got some issue at first since I disabled IPv6 in the kernel. I usually do this on all servers here, since it wont get out of the router anyway and had some strange effects when some tools tried to go IPv6. However omero had some strange error messages regarding IPv6 and wouldn't start. Once I allowed the kernel again to have it, it started up fine.
