Task #11876 (new)
Opened 10 years ago
Last modified 10 years ago
BUG: LDAP group filter not working — at Version 6
Reported by: | atarkowska | Owned by: | |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4.10 |
Component: | Services | Version: | 4.4.9 |
Keywords: | n.a. | Cc: | bpindelski, jamoore, jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by atarkowska)
While setting up LDAP authentication limiting users to members of only one group it turned out that group filter is not taken to the account at all.
omero.ldap.urls=ldap://ldap.lifesci.dundee.ac.uk:389 omero.ldap.base=ou=lifesci,o=dundee omero.ldap.config=True omero.ldap.new_user_group=MY GROUP omero.ldap.user_filter=(objectClass=inetorgperson)
Setting group filter to the following still let everyone log in:
omero.ldap.group_filter=(objectClass=groupOfNames) omero.ldap.group_filter=(cn=omero-cls-gallery) omero.ldap.group_filter=(&(objectClass=groupOfUniqueNames)(cn=omero-cls-gallery,ou=groups,ou=lifesci,o=dundee))
also
omero.ldap.group_filter=(objectClass=groupOfUniqueNames) omero.ldap.group_mapping=name=cn omero.ldap.new_user_group=:filtered_dn_attribute:uniqueMember
2014-01-07 11:41:02,000 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-6) Default choice on create user: atarkowska (ome.conditions.ValidationException: No group found for: cn=atarkowska...o=dundee) 2014-01-07 11:41:02,001 WARN [ ome.logic.AdminImpl] (l.Server-6) Password provider returned null: ome.security.auth.PasswordProviders@4e50079b
LSC ldap has no group mapping in user entry thats why we are unable to filter that directly. But as tested 2 years ago ticket 6248 I am sure it was possible and working well.
Change History (6)
comment:1 Changed 10 years ago by atarkowska
- Description modified (diff)
comment:2 Changed 10 years ago by atarkowska
- Description modified (diff)
comment:3 Changed 10 years ago by atarkowska
- Description modified (diff)
comment:4 Changed 10 years ago by jamoore
- Owner jamoore deleted
comment:5 Changed 10 years ago by jamoore
- Cc bpindelski jamoore jburel added; omero-team@… removed
comment:6 Changed 10 years ago by atarkowska
- Description modified (diff)
I won't be getting to this immediately, if anyone else can do some digging. It's also not an issue for the whole team, so changing CC.