Open Microscopy Environment

[ps459]

Hi,
I've followed the guide for LDAP integration however I can't get it to work.

I've started just by using a normal bind (no SSL) and it still fails to log any AD users in.

We use nested OU's for our users, all user OU's are below the normal users OU. I've made an account just for the ldap bind and tested an LDAP query using ldapsearch.

Omero box is Debian Wheezy, AD is running on 2 x 2008 servers.

Config is this:

omero.data.dir=/home/omero/OMERO.data
omero.db.name=omero_database
omero.db.pass=********
omero.db.user=omero_user
omero.ldap.base=ou=Normal Users,dc=ad,dc=cscr,dc=private,dc=cam,dc=ac,dc=uk
omero.ldap.config=true
omero.ldap.new_user_group=Omero
omero.ldap.password=*******
omero.ldap.referral=follow
omero.ldap.urls=ldap://ad.cscr.private.cam.ac.uk:389
omero.ldap.user_filter=(objectClass=person)
omero.ldap.user_mapping=omeName=givenName,firstName=sn,lastName=uid,email=cn
omero.ldap.username=CN=ldap-search,OU=Special Users,DC=ad,DC=cscr,DC=private,DC=cam,DC=ac,DC=uk
omero.web.application_server=fastcgi-tcp
omero.web.debug=True

The error I'm seeing is this:


omero@information:~$ tail -f OMERO.server/var/log/* | grep ps459
2013-06-25 16:45:47,088 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(ps459)
2013-06-25 16:45:47,094 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRW(ps459)
2013-06-25 16:45:47,151 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-0) Default choice on create user: ps459 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2013-06-25 16:45:47,163 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- java.lang.String.ps459
reason = Password check failed for 'ps459': []

I have other Linux based app's that can use AD fine.

Regards

Paul

[atarkowska]

HI Paul,

omero.ldap.base=ou=Normal Users,dc=ad,dc=cscr,dc=private,dc=cam,dc=ac,dc=uk
omero.ldap.config=true
omero.ldap.new_user_group=Omero
omero.ldap.password=*******
omero.ldap.referral=follow
omero.ldap.urls=ldap://ad.cscr.private.cam.ac.uk:389
omero.ldap.user_filter=(objectClass=person)
omero.ldap.user_mapping=omeName=givenName,firstName=sn,lastName=uid,email=cn
omero.ldap.username=CN=ldap-search,OU=Special Users,DC=ad,DC=cscr,DC=private,DC=cam,DC=ac,DC=uk

2013-06-25 16:45:47,151 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-0) Default choice on create user: ps459 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2013-06-25 16:45:47,163 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- java.lang.String.ps459
reason = Password check failed for 'ps459': []

I cannot see any reason why that shouldn't work. I assume you have already double checked if you actually can log in to ldap using the above (base, username, password, etc.). Could you please give me full DN of user 'ps459'

Ola