Re: [galaxy-dev] AD Intergration

Hans-Rudolf, That got me past the error, but I i am now having issue authenticating with against AD, as if its not able to search for the users. Do I need a binding service account to search AD object? Does the bottow 5 lines look correct?

<search-base>cn=galaxy,ou=Security,ou=somegroup,dc=example,dc=org</search-base> <search-filter>(&amp;(objectClass=user)(sAMAccountName={username}))</search-filter> <search-user>ADsearchAccount</search-user> <search-password>AD_Search_Passwrd</search-password> <bind-user>{sAMAccountName}</bind-user> The logs show that it found the userID and email, but gets an invalid password on the webportal galaxy.webapps.galaxy.controllers.user DEBUG 2017-06-09 09:26:34,592 trans.app.config.auth_config_file: ./config/auth_conf.xml galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: email is testUser.name(a)example.org galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: username is testUser galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: options are {'bind-user': '{sAMAccountName}', 'search-fields': 'sAMAccountName,mail', 'login-use-username': 'True', 'allow-register': 'False', 'auto-register-email': '{mail}', 'server': 'ldap://xxx.xxx.xx', 'auto-register': 'True', 'search-base': 'cn=xxx-xx,ou=Security,ou=xxxxx xxx,dc=xxx,dc=xx', 'search-filter': '(&(objectClass=user)(sAMAccountName={username}))', 'auto-register-username': '{sAMAccountName}', 'search-password': 'xxxx', 'search-user': 'xxxx', 'bind-password': '{password}'} galaxy.auth.providers.ldap_ad WARNING 2017-06-09 09:26:34,596 LDAP authenticate: search returned no results 10.127.220.227 - - [09/Jun/2017:09:26:34 -0400] "POST /user/login?use_panels=False HTTP/1.1" 200 - "http://glxlcdcpvm01.nyumc.org:8080/user/login?use_panels=False" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0" ------------------------------------------------------------------------ *From:* Hans-Rudolf Hotz <hrh(a)fmi.ch&gt; *To:* John Chen <jchen162(a)yahoo.com&gt;; Galaxy Dev List <galaxy-dev(a)lists.galaxyproject.org&gt; *Sent:* Friday, June 9, 2017 3:34 AM *Subject:* Re: [galaxy-dev] AD Intergration always keep the mailing list in the loop! in order for others to help or learn On 06/08/2017 07:27 PM, John Chen wrote: > Hans-Rudolf > > This is the error I get when I start the Galaxy server. > ... > xml.etree.ElementTree.ParseError: mismatched tag: line 8, column 105 > This is very informative. Looking at line 8 in your file: <server><a class="moz-txt-link-freetext" href="ldap://ldap.xxx.xx">ldap://ldap.xxx.xx</server> The element "a" is not terminated What happens, if you try just <server>ldap://ldap.xxx.xx</server> Regards, Hans-Rudolf