Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #11876 (new)

Opened 10 years ago

Last modified 10 years ago

BUG: LDAP group filter not working — at Version 6

Reported by: atarkowska Owned by:
Priority: blocker Milestone: OMERO-4.4.10
Component: Services Version: 4.4.9
Keywords: n.a. Cc: bpindelski, jamoore, jburel
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description (last modified by atarkowska)

While setting up LDAP authentication limiting users to members of only one group it turned out that group filter is not taken to the account at all.

omero.ldap.urls=ldap://ldap.lifesci.dundee.ac.uk:389
omero.ldap.base=ou=lifesci,o=dundee
omero.ldap.config=True
omero.ldap.new_user_group=MY GROUP
omero.ldap.user_filter=(objectClass=inetorgperson)

Setting group filter to the following still let everyone log in:

omero.ldap.group_filter=(objectClass=groupOfNames)
omero.ldap.group_filter=(cn=omero-cls-gallery)
omero.ldap.group_filter=(&(objectClass=groupOfUniqueNames)(cn=omero-cls-gallery,ou=groups,ou=lifesci,o=dundee))

also

omero.ldap.group_filter=(objectClass=groupOfUniqueNames)
omero.ldap.group_mapping=name=cn
omero.ldap.new_user_group=:filtered_dn_attribute:uniqueMember

2014-01-07 11:41:02,000 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-6) Default choice on create user: atarkowska (ome.conditions.ValidationException: No group found for: cn=atarkowska...o=dundee)
2014-01-07 11:41:02,001 WARN  [                     ome.logic.AdminImpl] (l.Server-6) Password provider returned null: ome.security.auth.PasswordProviders@4e50079b

LSC ldap has no group mapping in user entry thats why we are unable to filter that directly. But as tested 2 years ago ticket 6248 I am sure it was possible and working well.

Change History (6)

comment:1 Changed 10 years ago by atarkowska

  • Description modified (diff)

comment:2 Changed 10 years ago by atarkowska

  • Description modified (diff)

comment:3 Changed 10 years ago by atarkowska

  • Description modified (diff)

comment:4 Changed 10 years ago by jamoore

  • Owner jamoore deleted

I won't be getting to this immediately, if anyone else can do some digging. It's also not an issue for the whole team, so changing CC.

comment:5 Changed 10 years ago by jamoore

  • Cc bpindelski jamoore jburel added; omero-team@… removed

comment:6 Changed 10 years ago by atarkowska

  • Description modified (diff)
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.65327 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!