User Story #747 (closed)
System Authentication using LDAP
Reported by: | atarkowska | Owned by: | aleksandrat |
---|---|---|---|
Priority: | minor | Milestone: | 3.0-Beta2 |
Component: | General | Keywords: | n.a. |
Cc: | cxallan | Story Points: | n.a. |
Sprint: | n.a. | Importance: | n.a. |
Total Remaining Time: | n.a. | Estimated Remaining Time: | n.a. |
Description
The story comes from requirement of uploading Omero DB by users from LDAP (popular users' store place).
The scheme of logic is attached on graph1.
The purpose case:
1) user is on OmeroDB, he/she has got omeroname and password
2) user is on OmeroDB, he/she has got omeroname and DN
3) user is on OmeroDB, he/she has't got any password/DN on password table
4) user is not on OmeroDB, he/she hasn't got any password/DN on password table
Re.1 and re.2
select p.hash as PASSWD, p.dn as DN
from experimenter e, password p
where e.omename=?
and e.id = p.experimenter_id
Will give a result (password or DN).
If DN check that specified user exist in LDAP and his password is correct.
Re.3 and re.4
Will not give any result, should be searched on LDAP.
If there is no user with specified 'cn' or more then 1 user with 'cn' under specified base throw an exception. If user was found add this user to OmeroDB, set his DN on password table.
Configuration file (omero.properties) includes only:
omero.ldap.urls= 'ldap://host:port'
omero.ldap.username= 'if log in to Ldap require special user'
omero.ldap.password= 'for above user'
omero.ldap.base= 'place from where starts subtree'
Optional configuration:
Can be set optional group and/or attributes requirements. Suggested place for storage these data will be on OmeroDB.
Attachments (2)
Change History (8)
Changed 17 years ago by atarkowska
comment:1 Changed 17 years ago by atarkowska
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 17 years ago by jmoore
- Milestone changed from Unscheduled to 3.0-Beta2
comment:3 Changed 16 years ago by atarkowska
Allow to connect with secure connection with ldap. r2100
comment:4 Changed 16 years ago by atarkowska
Beginning with OMERO-3.0-Beta3, the OMERO server has unified the handling of login sessions among both the JBoss and the OmeroBlitz servers. To support LDAP plugin authentication is moved to checkPassword.
Changed 16 years ago by atarkowska
comment:5 Changed 16 years ago by atarkowska
comment:6 Changed 16 years ago by atarkowska
reverting r2412
r1715 and improving errors: r1716, r1717, r1718, r1719