Open Microscopy Environment

Posted: **Thu Feb 18, 2010 9:14 am**

I've recently installed omero (4.1.1) on my server and want to authenticate via ldap.

1. So at first I have set up a small ldap directory with a group called omero where all the omero users are in.

2. I followed the instruction at http://www.openmicroscopy.org/site/supp ... stall-ldap and modified all the necessary entries. (I skip the entires: ATTRIBUTES, VALUES and everything concerning SSL)

But unfortunately I still can't add any person from ldap to omero.

I checked all the modifications twice so I don't think it's a typing error. And I looked through the log files but there are no specific entries for ldap.

Does anyone have a hint for me how I could find what went wrong or what is still missing for the ldap authentication?

Posted: **Thu Feb 18, 2010 10:43 am**

Can you give us the output of bin/omero config get to start?

Posted: **Thu Feb 18, 2010 2:30 pm**

omero@sandstorm:/srv/omero/omero_dist> ./bin/omero config get
omero.data.dir=/data/omero/
omero.db.pass=***
omero.ldap.attributes=ou
omero.ldap.base=dc=charite,dc=de
omero.ldap.config=true
omero.ldap.groups=cn=omero,ou=apps,dc=charite,dc=de
omero.ldap.password=***
omero.ldap.urls=ldap://141.42.128.127:389
omero.ldap.username=cn=admin,dc=charite,dc=de
omero.ldap.values=omero

thanks for the fast reply

Posted: **Thu Feb 18, 2010 2:42 pm**

Okay, cool. What is an example DN of a user?

cn=Bob,ou=People,dc=charite,dc=de

or similar?

Posted: **Thu Feb 18, 2010 5:07 pm**

Ldap looks like this:

dc=de
dc=charite
a) ou=apps
cn=omero (this is the group which should restrict the access for omero)
b) ou=bcrt (our institute)
a) ou=group1
cn=user1
cn=user2
b) ou=group2
cn=user3
(i hope this is understandable

)

As an example DN User 1 would be:
cn=user1,ou=group1,ou=bcrt,dc=charite,dc=de

thanks again for your support.

Posted: **Thu Feb 18, 2010 5:17 pm**

OMERO Beta 4.1 only searches on CN so assuming a DN of cn=user1,ou=group1,ou=bcrt,dc=charite,dc=de can you try and login with a username of user1? If that doesn't work we'll go after the log file for which I need a zipped up copy of var/log. You can either attach that here or contact me via PM for an e-mail address.

Posted: **Thu Feb 18, 2010 5:55 pm**

no i can't log into omero with users from the ldap directory
isn't it right that I have to add the ldap user first via the webadmin (I read that their should be a Serach-Button in the topbar, but i don't see anything) before i can login with them?

Posted: **Thu Feb 18, 2010 7:16 pm**

User creation happens on the fly as long as the CN matches an entry in your LDAP directory. You have tried a case where the username that's in the login box matches a CN?

Posted: **Fri Feb 19, 2010 8:58 am**

yes i've added a testuser with a cn=test1 (member of group omero) but the login failed

Posted: **Fri Feb 19, 2010 9:00 am**

Logs it is then.

Open Microscopy Environment

Ldap authentication

Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication

Re: Ldap authentication