-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Nicola, It's an OpenLDAP server. uid isn't set on ours, it's cn instead, so using ldapsearch I can correctly bind; dn: cn=mjv08,ou=Person,dc=dc1,dc=example,dc=com objectClass: aberPerson cn: mjv08 So authentication to the ldap server is working, the issue seems to be that when it's an unknown user, it's passing the following search string; (&(cn=None)(mail=unknownuser@aber.ac.uk)) rather than; (&(cn=unknownuser)(mail=unknownuser@aber.ac.uk)) hence the; galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 15:40:07,322 LDAP authenticate: username is None galaxy.auth.providers.ldap_ad WARNING 2015-09-02 15:40:07,485 LDAP authenticate: search returned no results How is {username} in auth_config.xml set? Does it parse {email} to get it? Many thanks, Martin On 09/02/2015 03:38 PM, Nicola Soranzo wrote:
Hi Martin, what LDAP server are you using? We have tested only OpenLDAP and ActiveDirectory, but should work on any LDAP server.
If it is OpenLDAP, I think you should use:
<search-fields>uid,mail</search-fields> <search-filter>(&(mail={email})(uid={username}))</search-filter> <auto-register-username>{uid}</auto-register-username>
More details in:
https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample
Cheers, Nicola
Il 02.09.2015 15:03 Martin Vickers ha scritto:
Hi All,
I've been trying to get the new LDAP module to work. It works fine for existing users but I can't get auto-register to work. In the logs I can see the successful logins look like this;
galaxy.webapps.galaxy.controllers.user DEBUG 2015-09-02 13:35:06,130 trans.app.config.auth_config_file: ./config/auth_conf.xml galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP authenticate: email is mjv08@aber.ac.uk [1] galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP authenticate: username is mjv08 .... galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,235 LDAP authentication successful
and those that are unsuccessful have a username as None, which is why the search filter isn't working;
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP authenticate: email is unreguser@aber.ac.uk [2] galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP authenticate: username is None .... galaxy.auth.providers.ldap_ad WARNING 2015-09-02 13:47:14,110 LDAP authenticate: search returned no results
My auth_config.xml openldap authenticator looks like this (edited to remove openldap server details);
ldap '{email}'.endswith('@example.com')
True Challenge ldaps://dc1.example.com
ou=People,dc=dc1,dc=example,dc=com
cn=searchuser,ou=People,dc=dc1,dc=example,dc=com
searchuserpassword cn,mail
(&(cn={username})(mail={email})) {dn} {password}
{cn} {mail}
Are there any settings in galaxy.ini that are required to enable this to work?
Many thanks
Martin
Connetti gratis il mondo con la nuova indoona: hai la chat, le
chiamate, le video chiamate e persino le chiamate di gruppo.
E chiami gratis anche i numeri fissi e mobili nel mondo! Scarica subito l’app Vai su https://www.indoona.com/
- -- - -- Dr. Martin Vickers Data Manager/HPC Systems Administrator Institute of Biological, Environmental and Rural Sciences IBERS New Building Aberystwyth University w: http://www.martin-vickers.co.uk/ e: mjv08@aber.ac.uk t: 01970 62 2807 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQEcBAEBAgAGBQJV5wzhAAoJEHa0a8GkKQgIdGIH/3yjT7hz+3IECPIak4qyiEbF C/4s+gpQdKnQHMJrg0xB1aB7lXhO+LjgP9bkZLMwBlQpiOPz2cApZ9e51S+vIXEU e+MoOYIXputDgG49pfl6TB9N0fR2FIZcnp5vy3GBFUIWreJRvRX2EuiI97iY7iei eSg9cjZ6UIWZBKdo+PrO1hPdhkAX+l5Kd8HMipLuInKpvZDZfiBxQMd4zFCIGz3W vSymyQSHQpOul3rnwp70l76doT9jqsBW3ggpnwdbP2/pgRLvmPkyvCh2u2fyrouv vsj11ODrskIZb10YyXy5QxsbluaThA1QeTw+0s+UEIPrNvyLcrSmuidHDjlnV5I= =zSFZ -----END PGP SIGNATURE-----