-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Nicola,

It's an OpenLDAP server. uid isn't set on ours, it's cn instead, so using ldapsearch I can correctly bind;

dn: cn=mjv08,ou=Person,dc=dc1,dc=example,dc=com
objectClass: aberPerson
cn: mjv08

So authentication to the ldap server is working, the issue seems to be that when it's an unknown user, it's passing the following search string;

(&(cn=None)(mail=unknownuser@aber.ac.uk))

rather than;

(&(cn=unknownuser)(mail=unknownuser@aber.ac.uk))

hence the;

galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 15:40:07,322 LDAP authenticate: username is None
galaxy.auth.providers.ldap_ad WARNING 2015-09-02 15:40:07,485 LDAP authenticate: search returned no results

How is {username} in auth_config.xml set? Does it parse {email} to get it?

Many thanks,

Martin

On 09/02/2015 03:38 PM, Nicola Soranzo wrote:
> Hi Martin,
> what LDAP server are you using? We have tested only OpenLDAP and
> ActiveDirectory, but should work on any LDAP server.
>
> If it is OpenLDAP, I think you should use:
>
> <search-fields>uid,mail</search-fields>
> <search-filter>(&amp;(mail={email})(uid={username}))</search-filter>
> <auto-register-username>{uid}</auto-register-username>
>
> More details in:
>
> https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample
>
> Cheers,
> Nicola
>
> Il 02.09.2015 15:03 Martin Vickers ha scritto:
>
> Hi All,
>
> I've been trying to get the new LDAP module to work. It works fine for
> existing users but I can't get auto-register to work. In the logs I can
> see the successful logins look like this;
>
> galaxy.webapps.galaxy.controllers.user DEBUG 2015-09-02 13:35:06,130
> trans.app.config.auth_config_file: ./config/auth_conf.xml
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP
> authenticate: email is mjv08@aber.ac.uk [1]
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP
> authenticate: username is mjv08
> ....
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,235 LDAP
> authentication successful
>
> and those that are unsuccessful have a username as None, which is why
> the search filter isn't working;
>
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP
> authenticate: email is unreguser@aber.ac.uk [2]
> galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP
> authenticate: username is None
> ....
> galaxy.auth.providers.ldap_ad WARNING 2015-09-02 13:47:14,110 LDAP
> authenticate: search returned no results
>
> My auth_config.xml openldap authenticator looks like this (edited to
> remove openldap server details);
>
> ldap
> '{email}'.endswith('@example.com')
>
> True
> Challenge
> ldaps://dc1.example.com
>
> ou=People,dc=dc1,dc=example,dc=com
>
> cn=searchuser,ou=People,dc=dc1,dc=example,dc=com
>
> searchuserpassword
> cn,mail
>
> (&(cn={username})(mail={email}))
> {dn}
> {password}
>
> {cn}
> {mail}
>
> Are there any settings in galaxy.ini that are required to enable this to
> work?
>
> Many thanks
>
> Martin
>
>
>
> Connetti gratis il mondo con la nuova indoona:  hai la chat, le chiamate, le video chiamate e persino le chiamate di gruppo.
> E chiami gratis anche i numeri fissi e mobili nel mondo!
> Scarica subito l’app Vai su https://www.indoona.com/
>
>


- --

- --
Dr. Martin Vickers

Data Manager/HPC Systems Administrator
Institute of Biological, Environmental and Rural Sciences
IBERS New Building
Aberystwyth University

w: http://www.martin-vickers.co.uk/
e: mjv08@aber.ac.uk
t: 01970 62 2807
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQEcBAEBAgAGBQJV5wzhAAoJEHa0a8GkKQgIdGIH/3yjT7hz+3IECPIak4qyiEbF
C/4s+gpQdKnQHMJrg0xB1aB7lXhO+LjgP9bkZLMwBlQpiOPz2cApZ9e51S+vIXEU
e+MoOYIXputDgG49pfl6TB9N0fR2FIZcnp5vy3GBFUIWreJRvRX2EuiI97iY7iei
eSg9cjZ6UIWZBKdo+PrO1hPdhkAX+l5Kd8HMipLuInKpvZDZfiBxQMd4zFCIGz3W
vSymyQSHQpOul3rnwp70l76doT9jqsBW3ggpnwdbP2/pgRLvmPkyvCh2u2fyrouv
vsj11ODrskIZb10YyXy5QxsbluaThA1QeTw+0s+UEIPrNvyLcrSmuidHDjlnV5I=
=zSFZ
-----END PGP SIGNATURE-----