On 06/09/2017 03:29 PM, John Chen wrote:
Hans-Rudolf,
That got me past the error, but I i am now having issue authenticating with against AD, as if its not able to search for the users. Do I need a binding service account to search AD object? Does the bottow 5 lines look correct?
They look right, but I can't say whether they are correct. You need to discuss this with the person who has set up your Active Directory
Hans-Rudolf
<search-base>cn=galaxy,ou=Security,ou=somegroup,dc=example,dc=org</search-base>
<search-filter>(&(objectClass=user)(sAMAccountName={username}))</search-filter> <search-user>ADsearchAccount</search-user> <search-password>AD_Search_Passwrd</search-password> <bind-user>{sAMAccountName}</bind-user>
The logs show that it found the userID and email, but gets an invalid password on the webportal
galaxy.webapps.galaxy.controllers.user DEBUG 2017-06-09 09:26:34,592 trans.app.config.auth_config_file: ./config/auth_conf.xml galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: email is testUser.name@example.org galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: username is testUser galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: options are {'bind-user': '{sAMAccountName}', 'search-fields': 'sAMAccountName,mail', 'login-use-username': 'True', 'allow-register': 'False', 'auto-register-email': '{mail}', 'server': 'ldap://xxx.xxx.xx', 'auto-register': 'True', 'search-base': 'cn=xxx-xx,ou=Security,ou=xxxxx xxx,dc=xxx,dc=xx', 'search-filter': '(&(objectClass=user)(sAMAccountName={username}))', 'auto-register-username': '{sAMAccountName}', 'search-password': 'xxxx', 'search-user': 'xxxx', 'bind-password': '{password}'} galaxy.auth.providers.ldap_ad WARNING 2017-06-09 09:26:34,596 LDAP authenticate: search returned no results 10.127.220.227 - - [09/Jun/2017:09:26:34 -0400] "POST /user/login?use_panels=False HTTP/1.1" 200 - "http://glxlcdcpvm01.nyumc.org:8080/user/login?use_panels=False" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0"
*From:* Hans-Rudolf Hotz hrh@fmi.ch *To:* John Chen jchen162@yahoo.com; Galaxy Dev List galaxy-dev@lists.galaxyproject.org *Sent:* Friday, June 9, 2017 3:34 AM *Subject:* Re: [galaxy-dev] AD Intergration
always keep the mailing list in the loop! in order for others to help or learn
On 06/08/2017 07:27 PM, John Chen wrote:
Hans-Rudolf
This is the error I get when I start the Galaxy server.
...
xml.etree.ElementTree.ParseError: mismatched tag: line 8, column 105
This is very informative. Looking at line 8 in your file:
<server><a class="moz-txt-link-freetext" href="ldap://ldap.xxx.xx">ldap://ldap.xxx.xx</server>
The element "a" is not terminated
What happens, if you try just
<server>ldap://ldap.xxx.xx</server>
Regards, Hans-Rudolf