-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Nicola,
It's an OpenLDAP server. uid isn't set on ours, it's cn instead, so
using ldapsearch I can correctly bind;
dn: cn=mjv08,ou=Person,dc=dc1,dc=example,dc=com
objectClass: aberPerson
cn: mjv08
So authentication to the ldap server is working, the issue seems to
be that when it's an unknown user, it's passing the following search
string;
(&(cn=None)(mail=unknownuser@aber.ac.uk))
rather than;
(&(cn=unknownuser)(mail=unknownuser@aber.ac.uk))
hence the;
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 15:40:07,322 LDAP
authenticate: username is None
galaxy.auth.providers.ldap_ad WARNING 2015-09-02 15:40:07,485 LDAP
authenticate: search returned no results
How is {username} in auth_config.xml set? Does it parse {email} to
get it?
Many thanks,
Martin
On 09/02/2015 03:38 PM, Nicola Soranzo wrote:
> Hi Martin,
> what LDAP server are you using? We have tested only OpenLDAP
and
> ActiveDirectory, but should work on any LDAP server.
>
> If it is OpenLDAP, I think you should use:
>
> <search-fields>uid,mail</search-fields>
>
<search-filter>(&(mail={email})(uid={username}))</search-filter>
>
<auto-register-username>{uid}</auto-register-username>
>
> More details in:
>
>
https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample
>
> Cheers,
> Nicola
>
> Il 02.09.2015 15:03 Martin Vickers ha scritto:
>
> Hi All,
>
> I've been trying to get the new LDAP module to work. It works
fine for
> existing users but I can't get auto-register to work. In the
logs I can
> see the successful logins look like this;
>
> galaxy.webapps.galaxy.controllers.user DEBUG 2015-09-02
13:35:06,130
> trans.app.config.auth_config_file: ./config/auth_conf.xml
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131
LDAP
> authenticate: email is mjv08@aber.ac.uk [1]
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131
LDAP
> authenticate: username is mjv08
> ....
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,235
LDAP
> authentication successful
>
> and those that are unsuccessful have a username as None,
which is why
> the search filter isn't working;
>
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951
LDAP
> authenticate: email is unreguser@aber.ac.uk [2]
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951
LDAP
> authenticate: username is None
> ....
> galaxy.auth.providers.ldap_ad WARNING 2015-09-02 13:47:14,110
LDAP
> authenticate: search returned no results
>
> My auth_config.xml openldap authenticator looks like this
(edited to
> remove openldap server details);
>
> ldap
> '{email}'.endswith('@example.com')
>
> True
> Challenge
> ldaps://dc1.example.com
>
> ou=People,dc=dc1,dc=example,dc=com
>
> cn=searchuser,ou=People,dc=dc1,dc=example,dc=com
>
> searchuserpassword
> cn,mail
>
> (&(cn={username})(mail={email}))
> {dn}
> {password}
>
> {cn}
> {mail}
>
> Are there any settings in galaxy.ini that are required to
enable this to
> work?
>
> Many thanks
>
> Martin
>
>
>
> Connetti gratis il mondo con la nuova indoona: hai la chat,
le chiamate, le video chiamate e persino le chiamate di gruppo.
> E chiami gratis anche i numeri fissi e mobili nel mondo!
> Scarica subito l’app Vai su https://www.indoona.com/
>
>
- --
- --
Dr. Martin Vickers
Data Manager/HPC Systems Administrator
Institute of Biological, Environmental and Rural Sciences
IBERS New Building
Aberystwyth University
w: http://www.martin-vickers.co.uk/
e: mjv08@aber.ac.uk
t: 01970 62 2807
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQEcBAEBAgAGBQJV5wzhAAoJEHa0a8GkKQgIdGIH/3yjT7hz+3IECPIak4qyiEbF
C/4s+gpQdKnQHMJrg0xB1aB7lXhO+LjgP9bkZLMwBlQpiOPz2cApZ9e51S+vIXEU
e+MoOYIXputDgG49pfl6TB9N0fR2FIZcnp5vy3GBFUIWreJRvRX2EuiI97iY7iei
eSg9cjZ6UIWZBKdo+PrO1hPdhkAX+l5Kd8HMipLuInKpvZDZfiBxQMd4zFCIGz3W
vSymyQSHQpOul3rnwp70l76doT9jqsBW3ggpnwdbP2/pgRLvmPkyvCh2u2fyrouv
vsj11ODrskIZb10YyXy5QxsbluaThA1QeTw+0s+UEIPrNvyLcrSmuidHDjlnV5I=
=zSFZ
-----END PGP SIGNATURE-----