I would like to enable a multiple search on (Open)LDAP to check if a user is also a member of a specific "galaxy" group. I did not find anything about this in the documentation.

Indeed, we do not want that all the LDAP users to be able to login to galaxy and we do not want to change the LDAP structure because it is already used by many applications.

I have a complex search-filter which is:

<search-filter>(&#124;(&amp;(mail={email})(uid={username}))(&amp;(cn=galaxy)(objectClass=posixGroup)(memberUid={username})))</search-filter>

However, this search filter gave me two answers. It is normal because I am searching for the user, and then, if he belongs to a particular (posix)group. So the bind failed (because it needs only one answer).

The basic one (to only bind) is working:

<search-filter>(&amp;(mail={email})(uid={username}))</search-filter>

I also tried with 2 search-filter conditions but galaxy seems to keep only the last one.

Is there any project to allow that in the (near) future versions (*) ? Or is there any hidden xml tag (not in documentation) which can permit to search the memberUid/memberOf value in LDAP ?

In the meantime we will change the default quota (like just some bytes) for users to allow LDAP login (for all users already present in it).

Best,

Remy

(*) Alternatively, what code should I change in Galaxy ? I would be happy to program it if I have enough time...