Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #11876 (new)

Opened 10 years ago

Last modified 10 years ago

BUG: LDAP group filter not working — at Initial Version

Reported by: atarkowska Owned by: jamoore
Priority: blocker Milestone: OMERO-4.4.10
Component: Services Version: 4.4.9
Keywords: n.a. Cc: bpindelski, jamoore, jburel
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

While setting up LDAP authentication limiting users to members of only one group it turned out that group filter is not taken to the account at all.

omero.ldap.urls=ldap://ldap.lifesci.dundee.ac.uk:389
omero.ldap.base=ou=lifesci,o=dundee
omero.ldap.config=True
omero.ldap.new_user_group=MY GROUP
omero.ldap.user_filter=(objectClass=inetorgperson)

Setting group filter to the following still let everyone log in:
omero.ldap.group_filter=(objectClass=groupOfNames)

omero.ldap.group_filter=(&(objectClass=groupOfUniqueNames)(cn=omero-cls-gallery,ou=groups,ou=lifesci,o=dundee))

LSC ldap has no group mapping in user entry thats why we are unable to filter that directly. But as tested 2 years ago https://trac.openmicroscopy.org.uk/ome/ticket/6248#comment:11 ticket 6248] I am sure it was possible and working well.

Change History (0)

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.65772 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!