We're Hiring!

Open Microscopy Environment

The OME community

Skip to content

OpenLDAP memberof

Having a problem deploying OMERO? Please ask new questions at https://forum.image.sc/tags/omero
Please note:
Historical discussions about OMERO. Please look for and ask new questions at https://forum.image.sc/tags/omero

The OMERO.server installation documentation begins here and you can find OMERO.web deployment documentation here.
Post a reply

OpenLDAP memberof

Postby flekschas » Tue May 29, 2012 5:58 am

Hello,

I managed to get Omero with OpenLDAP 2.4 working. My only problem is that the memberof attribute is just an overlay or so called "operation attribute" which I couldn't use for filtering the user so far.
What I want to do is add users in LDAP to a group and in Omero just check if these users are a member of this specific group.

Here's is my current working config (which does not check for any group)
Code: Select all
omero.ldap.base=dc=***
omero.ldap.config=true
omero.ldap.group_filter=(objectClass=groupOfNames)
omero.ldap.group_mapping=name=cn
omero.ldap.new_user_group=default
omero.ldap.password=***
omero.ldap.urls=ldap://***:389
omero.ldap.user_filter=(objectClass=inetOrgPerson)
omero.ldap.user_mapping=omeName=uid,firstName=givenName,lastName=sn,email=mail
omero.ldap.username=cn=admin,dc=***


Unfortunatly when I change the user_filter to the following it's not working anymore
Code: Select all
omero.ldap.user_filter=(&(objectClass=inetOrgPerson)(memberof=cn=omero,ou=group,dc=***))


Does anyone else came across this problem and maybe has in idea how to solve it?

Thanks!
F Lekschas
BCRT - Charite
flekschas
 
Posts: 13
Joined: Wed Mar 10, 2010 4:11 pm
Top

Re: OpenLDAP memberof

Postby jmoore » Mon Jun 04, 2012 6:44 am

flekschas wrote:I managed to get Omero with OpenLDAP 2.4 working. My only problem is that the memberof attribute is just an overlay or so called "operation attribute" which I couldn't use for filtering the user so far.


Did you configure the memberof overlay? If you dump an LDIF file, are you seeing the memberof attributes?

Unfortunatly when I change the user_filter to the following it's not working anymore
Code: Select all
omero.ldap.user_filter=(&(objectClass=inetOrgPerson)(memberof=cn=omero,ou=group,dc=***))


Is there any WARN or ERROR message in the var/log/Blitz-0.log when you try this filter setting?

Does anyone else came across this problem and maybe has in idea how to solve it?


I don't have any experience using OpenLDAP with memberof turned on, but I have had issues with memberof when using other, out-of-thebox servers. If you haven't already, it's probably best to test the user_filter from either the command-line using ldapsearch or your GUI of choice before trying it in OMERO.

Cheers,
~Josh
User avatar
jmoore
Site Admin
 
Posts: 1591
Joined: Fri May 22, 2009 1:29 pm
Location: Germany
Top
Post a reply

Return to Installation and Deployment

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group