We're Hiring!

Omero 4.8 with AD 2008

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.

Omero 4.8 with AD 2008

Postby ps459 » Tue Jun 25, 2013 3:53 pm

Hi,
I've followed the guide for LDAP integration however I can't get it to work.

I've started just by using a normal bind (no SSL) and it still fails to log any AD users in.

We use nested OU's for our users, all user OU's are below the normal users OU. I've made an account just for the ldap bind and tested an LDAP query using ldapsearch.

Omero box is Debian Wheezy, AD is running on 2 x 2008 servers.

Config is this:

omero.data.dir=/home/omero/OMERO.data
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero_user
omero.ldap.base=ou=Normal Users,dc=ad,dc=cscr,dc=private,dc=cam,dc=ac,dc=uk
omero.ldap.config=true
omero.ldap.new_user_group=Omero
omero.ldap.password=*******
omero.ldap.referral=follow
omero.ldap.urls=ldap://ad.cscr.private.cam.ac.uk:389
omero.ldap.user_filter=(objectClass=person)
omero.ldap.user_mapping=omeName=givenName,firstName=sn,lastName=uid,email=cn
omero.ldap.username=CN=ldap-search,OU=Special Users,DC=ad,DC=cscr,DC=private,DC=cam,DC=ac,DC=uk
omero.web.application_server=fastcgi-tcp
omero.web.debug=True

The error I'm seeing is this:


omero@information:~$ tail -f OMERO.server/var/log/* | grep ps459
2013-06-25 16:45:47,088 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(ps459)
2013-06-25 16:45:47,094 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(ps459)
2013-06-25 16:45:47,151 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-0) Default choice on create user: ps459 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2013-06-25 16:45:47,163 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- java.lang.String.ps459
reason = Password check failed for 'ps459': []

I have other Linux based app's that can use AD fine.

Regards

Paul
ps459
 
Posts: 1
Joined: Mon Jun 24, 2013 4:00 pm

Re: Omero 4.8 with AD 2008

Postby atarkowska » Wed Jun 26, 2013 8:34 am

HI Paul,

ps459 wrote:
omero.ldap.base=ou=Normal Users,dc=ad,dc=cscr,dc=private,dc=cam,dc=ac,dc=uk
omero.ldap.config=true
omero.ldap.new_user_group=Omero
omero.ldap.password=*******
omero.ldap.referral=follow
omero.ldap.urls=ldap://ad.cscr.private.cam.ac.uk:389
omero.ldap.user_filter=(objectClass=person)
omero.ldap.user_mapping=omeName=givenName,firstName=sn,lastName=uid,email=cn
omero.ldap.username=CN=ldap-search,OU=Special Users,DC=ad,DC=cscr,DC=private,DC=cam,DC=ac,DC=uk

2013-06-25 16:45:47,151 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-0) Default choice on create user: ps459 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2013-06-25 16:45:47,163 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- java.lang.String.ps459
reason = Password check failed for 'ps459': []



I cannot see any reason why that shouldn't work. I assume you have already double checked if you actually can log in to ldap using the above (base, username, password, etc.). Could you please give me full DN of user 'ps459'

Ola
atarkowska
 
Posts: 327
Joined: Mon May 18, 2009 12:44 pm


Return to Installation and Deployment

Who is online

Users browsing this forum: No registered users and 1 guest