Open Microscopy Environment

[rhamedy]

Hi all,

We have an 5.2 OMERO server running and now we want to integrate LDAP to do logging and account creation. There seem to be a detailed documentation on how to setup OMERO server to do LDAP here https://www.openmicroscopy.org/site/sup ... -ldap.html which is very useful.

My question is, what kind of configuration do I need to make in the VM itself to allow OMERO to do LDAP logging and account creation? We will be using University of Oxford's LDAP servers.

I have no prior experience of LDAP and I would appreciate if somebody point me in the right direction to start with. A basic list of steps should be more than enough for me to start exploring. Thank you.

[jmoore]

My question is, what kind of configuration do I need to make in the VM itself to allow OMERO to do LDAP logging and account creation? We will be using University of Oxford's LDAP servers.

I have no prior experience of LDAP and I would appreciate if somebody point me in the right direction to start with. A basic list of steps should be more than enough for me to start exploring. Thank you.

Critical when dealing with LDAP is knowing what the groups/users layout looks like. The flexibility of LDAP means that this tends to be highly divergent.

The last time I talked to someone from Oxford, a configuration that was useful included (all prefixed with "omero.ldap."):

• new_user_group=":attribute:memberOf"
• user_filter="(objectClass=person)"
• group_filter="(&(objectClass=group)(mail=omero.flag))"
• user_mapping="omeName=cn,firstName=givenName,lastName=sn,email=mail"
• group_mapping="name=cn"

To know if that holds for your organizational unit within Oxford, it would be best if you could get a few example LDAP entries, optimally as an LDIF file, or minimally explain who you would like to be able to login to your OMERO instance.

All the best,
~Josh.

[PaulVanSchayck]

I recently implemented LDAP-OMERO for the University of Maastricht. I found the config to create and join the correct groups especially tricky. I had to recreate the OMERO db at some point because I swamped it at some point with wrong groups.

Code: Select all

omero.ldap.base=ou=FHML,dc=unimaas,dc=nl
omero.ldap.config=true
omero.ldap.group_filter=(|(cn=M4I-NANOSCOPY-OMERO)(cn=M4I-IMS-OMERO))
omero.ldap.group_mapping=name=description
omero.ldap.new_user_group=:query:(member=@{dn})
omero.ldap.sync_on_login=true
omero.ldap.user_filter=(objectClass=person)
omero.ldap.user_mapping=omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail,middleName=extensionAttribute3,institution=department


Group filter is being used to look for specific groups. This is because of limited access to the LDAP to set special attributes on groups.

Please note that the user mapping of middleName depends on this PR:
https://github.com/openmicroscopy/openm ... /pull/4416

[rhamedy]

Thank you Josh and Pual.

I have added all the configs and restarted the server. While trying to login I provided my ldap password but, it give an error complaining about server connection. I tried logging in via my local password same username (I obviously converted my local account to ldap using the ldap setdn command) and the exception is as follow:

Code: Select all

Traceback (most recent call last):

  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 132, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/decorators.py", line 480, in wrapped
    retval = f(request, *args, **kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/decorators.py", line 530, in wrapper
    context = f(request, *args, **kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/webadmin/views.py", line 861, in my_account
    prepare_experimenter(conn)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/webadmin/views.py", line 106, in prepare_experimenter
    isLdapUser = experimenter.isLdapUser()

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/webclient/webclient_gateway.py", line 2172, in isLdapUser
    self.ldapUser = admin_serv.lookupLdapAuthExperimenter(self.id)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omero/gateway/__init__.py", line 4205, in __call__
    return self.handle_exception(e, *args, **kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/webclient/webclient_gateway.py", line 1992, in handle_exception
    e, *args, **kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omero/gateway/__init__.py", line 4202, in __call__
    return self.f(*args, **kwargs)

  File "/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omero_api_IAdmin_ice.py", line 346, in lookupLdapAuthExperimenter
    return _M_omero.api.IAdmin._op_lookupLdapAuthExperimenter.invoke(self, ((id, ), _ctx))

InternalException: exception ::omero::InternalException
{
    serverStackTrace = ome.conditions.InternalException:  Wrapped Exception: (org.springframework.ldap.CommunicationException):
localhost:389; nested exception is javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
   at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:98)
   at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
   at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
   at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:196)
   at com.sun.proxy.$Proxy64.getReadOnlyContext(Unknown Source)
   at ome.logic.LdapImpl.getBase(LdapImpl.java:797)
   at ome.logic.LdapImpl.getPersonContextMapper(LdapImpl.java:747)
   at ome.logic.LdapImpl.findDN(LdapImpl.java:161)
   at ome.logic.LdapImpl.lookupLdapAuthExperimenter(LdapImpl.java:689)
   at ome.logic.AdminImpl.lookupLdapAuthExperimenter(AdminImpl.java:337)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at ome.security.basic.EventHandler.invoke(EventHandler.java:154)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.orm.hibernate3.HibernateInterceptor.invoke(HibernateInterceptor.java:111)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:108)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.tools.hibernate.ProxyCleanupFilter$Interceptor.invoke(ProxyCleanupFilter.java:249)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.services.util.ServiceHandler.invoke(ServiceHandler.java:121)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at com.sun.proxy.$Proxy87.lookupLdapAuthExperimenter(Unknown Source)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at ome.security.basic.BasicSecurityWiring.invoke(BasicSecurityWiring.java:93)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at ome.services.blitz.fire.AopContextInitializer.invoke(AopContextInitializer.java:43)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at com.sun.proxy.$Proxy87.lookupLdapAuthExperimenter(Unknown Source)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at ome.services.blitz.util.IceMethodInvoker.invoke(IceMethodInvoker.java:172)
   at ome.services.throttling.Callback.run(Callback.java:56)
   at ome.services.throttling.InThreadThrottlingStrategy.callInvokerOnRawArgs(InThreadThrottlingStrategy.java:56)
   at ome.services.blitz.impl.AbstractAmdServant.callInvokerOnRawArgs(AbstractAmdServant.java:140)
   at ome.services.blitz.impl.AdminI.lookupLdapAuthExperimenter_async(AdminI.java:258)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
   at java.lang.reflect.Method.invoke(Method.java:606)
   at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
   at omero.cmd.CallContext.invoke(CallContext.java:78)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at com.sun.proxy.$Proxy88.lookupLdapAuthExperimenter_async(Unknown Source)
   at omero.api._IAdminTie.lookupLdapAuthExperimenter_async(_IAdminTie.java:258)
   at omero.api._IAdminDisp.___lookupLdapAuthExperimenter(_IAdminDisp.java:578)
   at omero.api._IAdminDisp.__dispatch(_IAdminDisp.java:1523)
   at IceInternal.Incoming.invoke(Incoming.java:222)
   at Ice.ConnectionI.invokeAll(ConnectionI.java:2482)
   at Ice.ConnectionI.dispatch(ConnectionI.java:1258)
   at Ice.ConnectionI.message(ConnectionI.java:1213)
   at IceInternal.ThreadPool.run(ThreadPool.java:321)
   at IceInternal.ThreadPool.access$300(ThreadPool.java:12)
   at IceInternal.ThreadPool$EventHandlerThread.run(ThreadPool.java:693)
   at java.lang.Thread.run(Thread.java:745)

    serverExceptionClass = ome.conditions.InternalException
    message =  Wrapped Exception: (org.springframework.ldap.CommunicationException):
localhost:389; nested exception is javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connection refused]
}
<WSGIRequest: GET '/webadmin/myaccount/edit/'>

The OMERO ldap config is as follow, which looks about alright to me except for the omero.ldap.username and omero.ldap.password, is this a user who have special rights to ldap or any user? I might have to ask the IT unit about this.

omero.data.dir=/OMERO
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=********
omero.jvmcfg.percent.blitz=30
omero.jvmcfg.percent.pixeldata=30
omero.ldap.base=ou=KIR,ou=NDORMS,o=Medicine
omero.ldap.config=true
omero.ldap.group_filter=(&(objectClass=group)(mail=omero.flag))
omero.ldap.new_user_group=:attribute:memberOf
omero.ldap.password=******* (not sure which user password - so I provided my own password)
omero.ldap.urls=ldap://ldap1.*****.ox.ac.uk
omero.ldap.user.group_mapping=name=cn
omero.ldap.user.user_mapping=omeName=cn,firstName=givenName,lastName=sn,email=mail
omero.ldap.user_filter=(objectClass=person)
omero.ldap.username=******** (not sure which use so I provided my own ldap user)
omero.web.application_server=wsgi-tcp

Connection refused could be due to ldap.url not being ldaps or the ldap.username/ldap.password not being correct or the IT unit will have to allow my server to do LDAP authentication. First time, so I am a bit confused.

[jmoore]

Likely we should try without OMERO in the mix in order to be able to track this down. For example, do you have openldap installed? If so, you can try using `ldapsearch`:

Code: Select all

ldapsearch -H ldap://ldap1.*****.ox.ac.uk -b ou=KIR,ou=NDORMS,o=Medicine -D YOURDN -W


It might be that either an encrypted connection (ldaps://) or a different port are need. For example, my suspicion is that we may again be running into issues with Active Directories. See https://www.openmicroscopy.org/site/support/omero5.2/sysadmins/server-ldap.html#global-catalogue for more info.

Cheers
~Josh.

[rhamedy]

Hi Josh,

Thank you very much for timely replies. I installed the openldap, openldap-clients, nss_ldap pacakges and then running he ldapsearch

Code: Select all

ldapsearch -H ldap://ldap1.*****.ox.ac.uk -b ou=KIR,ou=NDORMS,o=Medicine -D {myusername} -W

Code: Select all

Enter LDAP Password:
ldap_bind: Confidentiality required (13)

Gives the above famous error. I googled it and there seem to be diverse. I will have to contact the IT unit to find out if we are going to need any special configs to do. In the meantime, if you have before troubleshooted the above issue, then please share your suggestions.

Cheers.

[jmoore]

For anyone reading along, I contacted Raf separately with suggestions, but first step will be debugging the connection with local IT.

~Josh.

[rhamedy]

Hi Josh,

Thanks for the message about AD. I just wanted to update that I am waiting to hear from our IT whether we need any special configs in order to be able to authenticate against LDAP.

Surprisingly I am able to perform ldapsearch and get result. I did run a ldapwhoami as shown below:

Code: Select all

ldapwhoami -vvv -h ldap1.*****.ox.ac.uk -D "cn=myuser,ou=KIR,ou=NDORMS,o=Medicine" -x -W

it prompts for password and after entering the password, it gives the

Code: Select all

ldap_bind: Confidentiality required (13)

error. Let's see what our LDAP admins advise on this regard.

On a separate issue for a strange reason, the OMERO web was not running so I run bin/omero web start and it gives the following stacktrace:

Code: Select all

Post-processed 'omeroweb.viewer.min.css' as 'omeroweb.viewer.min.css'
Post-processed 'omeroweb.viewer.min.js' as 'omeroweb.viewer.min.js'

0 static files copied to '/home/omero/OMERO.server-5.2.0-ice35-b12/lib/python/omeroweb/static', 746 unmodified, 2 post-processed.
Clearing expired sessions. This may take some time...
Traceback (most recent call last):
  File "manage.py", line 56, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 399, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 242, in run_from_argv
    self.execute(*args, **options.__dict__)
  File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 284, in execute
    self.validate()
  File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 310, in validate
    num_errors = get_validation_errors(s, app)
  File "/usr/lib/python2.7/site-packages/django/core/management/validation.py", line 28, in get_validation_errors
    from django.db import models, connection
  File "/usr/lib/python2.7/site-packages/django/db/models/__init__.py", line 7, in <module>
    from django.db.models.manager import Manager
  File "/usr/lib/python2.7/site-packages/django/db/models/manager.py", line 58, in <module>
    class Manager(six.with_metaclass(RenameManagerMethods)):
  File "/usr/lib/python2.7/site-packages/django/utils/six.py", line 778, in __new__
    return meta(name, bases, d)
  File "/usr/lib/python2.7/site-packages/django/utils/deprecation.py", line 39, in __new__
    for base in inspect.getmro(new_class):
AttributeError: 'module' object has no attribute 'getmro'

Any idea what is causing this? I am curious what caused this issue.

[atarkowska]

Hi,

Could you send us output of

Code: Select all

bin/omero admin diagnostics

and

Code: Select all

bin/omero config get --hide-password

?

With Python 2.7 you should use Django 1.8 rather then 1.6. Please upgrade. As far as I can tell you are running development server. Did you follow deployment documentation in https://www.openmicroscopy.org/site/sup ... unix-linux

Ola

[rhamedy]

Hi Olda,

See below the output of get config

Code: Select all

omero.data.dir=/OMERO
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero
omero.jvmcfg.percent.blitz=30
omero.jvmcfg.percent.pixeldata=30
omero.ldap.base=ou=KIR,ou=NDORMS,o=Medicine
omero.ldap.config=true
omero.ldap.group_filter=(&(objectClass=group)(mail=omero.flag))
omero.ldap.new_user_group=:attribute:memberOf
omero.ldap.password=
omero.ldap.urls=ldap://ldap1.*****.ox.ac.uk
omero.ldap.user.group_mapping=name=cn
omero.ldap.user.user_mapping=omeName=cn,firstName=givenName,lastName=sn,email=mail
omero.ldap.user_filter=(objectClass=person)
omero.ldap.username=rhamedy
omero.web.application_server=wsgi-tcp
omero.web.apps=["figure", "autotag", "tagsearch"]
omero.web.debug=True
omero.web.login_logo=
omero.web.ui.center_plugins=[["Auto Tag", "autotag/auto_tag_init.js.html", "auto_tag_panel"], ["Auto Tag", "autotag/auto_tag_init.js.html", "auto_tag_panel"]]
omero.web.ui.top_links=[["Data", "webindex", {"title": "Browse Data via Projects, Tags etc"}], ["History", "history", {"title": "History"}], ["Help", "http://help.openmicroscopy.org/", {"target": "new", "title": "Open OMERO user guide in a new tab"}], ["Figure", "figure_index", {"target": "figure", "title": "Open Figure in new tab"}], ["Tag Search", "tagsearch"]]


python --veresion outputs

Code: Select all

Python 2.7.5

here is the output of admin diagnostics

Code: Select all

================================================================================
OMERO Diagnostics 5.2.0-ice35-b12
================================================================================

Commands:   java -version                  1.7.0     (/bin/java)
Commands:   python -V                      2.7.5     (/bin/python)
Commands:   icegridnode --version          3.5.1     (/bin/icegridnode)
Commands:   icegridadmin --version         3.5.1     (/bin/icegridadmin)
Commands:   psql --version                 9.4.5     (/bin/psql)

Server:     icegridnode                    running
Server:     Blitz-0                        active (pid = 2651, enabled)
Server:     DropBox                        active (pid = 2658, enabled)
Server:     FileServer                     active (pid = 2664, enabled)
Server:     Indexer-0                      active (pid = 2673, enabled)
Server:     MonitorServer                  active (pid = 2682, enabled)
Server:     OMERO.Glacier2                 active (pid = 2687, enabled)
Server:     OMERO.IceStorm                 active (pid = 2692, enabled)
Server:     PixelData-0                    active (pid = 2727, enabled)
Server:     Processor-0                    active (pid = 2729, enabled)
Server:     Tables-0                       active (pid = 2721, enabled)
Server:     TestDropBox                    inactive (enabled)

Log dir:    /home/omero/OMERO.server-5.2.0-ice35-b12/var/log exists
Log files:  Blitz-0.log                    66.0 MB       errors=609  warnings=44
Log files:  DropBox.log                    16.0 KB       errors=0    warnings=6
Log files:  FileServer.log                 2.0 KB
Log files:  Indexer-0.log                  556.0 KB      errors=19   warnings=0
Log files:  MonitorServer.log              9.0 KB
Log files:  OMEROweb.lock                  0.0 KB
Log files:  OMEROweb.log                   280.0 KB      errors=6    warnings=56
Log files:  OMEROweb_brokenrequest.lock    0.0 KB
Log files:  OMEROweb_brokenrequest.log     9.0 KB        errors=1    warnings=2
Log files:  PixelData-0.log                197.0 KB      errors=6    warnings=0
Log files:  Processor-0.log                1.0 MB        errors=448  warnings=1
Log files:  Tables-0.log                   10.0 KB       errors=0    warnings=2
Log files:  TestDropBox.log                n/a
Log files:  master.err                     7.0 KB        errors=0    warnings=9
Log files:  master.out                     0.0 KB
Log files:  Total size                     69.39 MB


Environment:OMERO_HOME=(unset)
Environment:OMERO_NODE=(unset)
Environment:OMERO_MASTER=(unset)
Environment:OMERO_USERDIR=(unset)
Environment:OMERO_TMPDIR=(unset)
Environment:PATH=/sbin:/bin:/usr/sbin:/usr/bin
Environment:PYTHONPATH=(unset)
Environment:ICE_HOME=(unset)
Environment:LD_LIBRARY_PATH=(unset)
Environment:DYLD_LIBRARY_PATH=(unset)

OMERO SSL port:4064
OMERO TCP port:4063
OMERO data dir:'/OMERO'                       Exists? True      Is writable? True
OMERO temp dir:'/home/omero/omero/tmp'        Exists? True      Is writable? True   (Size: 0)

JVM settings: Blitz-${index}                -Xmx4997m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: Indexer-${index}              -Xmx1665m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: PixelData-${index}            -Xmx4997m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions
JVM settings: Repository-${index}           -Xmx1665m -XX:MaxPermSize=1g -XX:+IgnoreUnrecognizedVMOptions

OMERO.web status... [RUNNING] (PID 4441)
Django version: 1.8


The Django version seem to be 1.6 but, I do remember upgrading to 1.8, anyway, I have upgraded the django version and now I don't see any exception when starting the omero web but, OMERO is not accessible via web. I can see the nginx welcome message, no redirection (adding /webclient/login - gives 404).

I enabled the web debugging and while restarting the omero web, I do see the following line about tagsearch

Code: Select all

DEBUG:omeroweb.settings:Attempting to import additional app settings for app: tagsearch
DEBUG:omeroweb.settings:Couldn't import settings from app: tagsearch

I checked and tagsearch is under /lib/python/omeroweb directory and have the following files

Code: Select all

-rw-rw-r--. 1 omero omero 458 Sep 28 10:04 forms.py
-rw-r--r--. 1 omero omero 970 Nov 16 14:30 forms.pyc
-rw-rw-r--. 1 omero omero   0 Sep 28 10:04 __init__.py
-rw-rw-r--. 1 omero omero 169 Nov 16 14:29 __init__.pyc
-rw-rw-r--. 1 omero omero  57 Sep 28 10:04 models.py
-rw-rw-r--. 1 omero omero 223 Nov 16 14:30 models.pyc
drwxrwxr-x. 3 omero omero  22 Nov 16 14:22 static
drwxrwxr-x. 3 omero omero  22 Nov 16 14:22 templates
-rw-rw-r--. 1 omero omero 416 Sep 28 10:04 urls.py
-rw-r--r--. 1 omero omero 516 Nov 16 14:30 urls.pyc
-rw-rw-r--. 1 omero omero 14K Sep 28 10:04 views.py
-rw-r--r--. 1 omero omero 11K Nov 16 14:30 views.pyc

Yes we followed the documentation when setting up the system initially as well as for upgrade. The first version we installed was 5.1.4 if not mistaken.