Open Microscopy Environment

[joshBC]

I've recently installed omero (4.1.1) on my server and want to authenticate via ldap.

1. So at first I have set up a small ldap directory with a group called omero where all the omero users are in.

2. I followed the instruction at http://www.openmicroscopy.org/site/supp ... stall-ldap and modified all the necessary entries. (I skip the entires: ATTRIBUTES, VALUES and everything concerning SSL)

But unfortunately I still can't add any person from ldap to omero.

I checked all the modifications twice so I don't think it's a typing error. And I looked through the log files but there are no specific entries for ldap.

Does anyone have a hint for me how I could find what went wrong or what is still missing for the ldap authentication?

[cxallan]

Can you give us the output of bin/omero config get to start?

[joshBC]

omero@sandstorm:/srv/omero/omero_dist> ./bin/omero config get
omero.data.dir=/data/omero/
omero.db.pass=***
omero.ldap.attributes=ou
omero.ldap.base=dc=charite,dc=de
omero.ldap.config=true
omero.ldap.groups=cn=omero,ou=apps,dc=charite,dc=de
omero.ldap.password=***
omero.ldap.urls=ldap://141.42.128.127:389
omero.ldap.username=cn=admin,dc=charite,dc=de
omero.ldap.values=omero

thanks for the fast reply

[cxallan]

Okay, cool. What is an example DN of a user?

cn=Bob,ou=People,dc=charite,dc=de

or similar?

[joshBC]

Ldap looks like this:

dc=de
dc=charite
a) ou=apps
cn=omero (this is the group which should restrict the access for omero)
b) ou=bcrt (our institute)
a) ou=group1
cn=user1
cn=user2
b) ou=group2
cn=user3
(i hope this is understandable )

As an example DN User 1 would be:
cn=user1,ou=group1,ou=bcrt,dc=charite,dc=de

thanks again for your support.

[cxallan]

OMERO Beta 4.1 only searches on CN so assuming a DN of cn=user1,ou=group1,ou=bcrt,dc=charite,dc=de can you try and login with a username of user1? If that doesn't work we'll go after the log file for which I need a zipped up copy of var/log. You can either attach that here or contact me via PM for an e-mail address.

[joshBC]

no i can't log into omero with users from the ldap directory
isn't it right that I have to add the ldap user first via the webadmin (I read that their should be a Serach-Button in the topbar, but i don't see anything) before i can login with them?

[cxallan]

User creation happens on the fly as long as the CN matches an entry in your LDAP directory. You have tried a case where the username that's in the login box matches a CN?

[joshBC]

yes i've added a testuser with a cn=test1 (member of group omero) but the login failed

[cxallan]

Logs it is then.