Jelle I did all that and it looks correct.. it is retrieving the correct field. This is the error i am still getting.. I am using pretty much the same option in other apps.. galaxy.webapps.galaxy.controllers.user DEBUG 2017-06-14 12:04:40,648 trans.app.config.auth_config_file: ./config/auth_conf.xml galaxy.auth.providers.ldap_ad DEBUG 2017-06-14 12:04:40,648 LDAP authenticate: email is johnuser@example.org galaxy.auth.providers.ldap_ad DEBUG 2017-06-14 12:04:40,648 LDAP authenticate: username is None galaxy.auth.providers.ldap_ad DEBUG 2017-06-14 12:04:40,648 LDAP authenticate: options are {'bind-user': '{dn}', 'search-fields': 'uid,mail', 'login-use-username': 'False', 'allow-register': 'True', 'ldap-options': 'OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW', 'auto-register-email': '{email}', 'server': 'ldap://ldap.nyumc.org', 'auto-register': 'True', 'search-base': 'DC=example,DC=org', 'search-filter': '(mail={email})', 'continue-on-failure': 'True', 'auto-register-username': '{sAMAccountName', 'bind-password': '{password}', 'allow-password-change': 'False'} galaxy.auth.providers.ldap_ad DEBUG 2017-06-14 12:04:40,648 LDAP authenticate: Valid LDAP option pair OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW -> 24582=3 galaxy.auth.providers.ldap_ad ERROR 2017-06-14 12:04:40,648 LDAP authenticate: search exception Traceback (most recent call last): File "/home/galaxy/galaxy/lib/galaxy/auth/providers/ldap_ad.py", line 118, in authenticate ldap.set_option(*opt) File "/home/galaxy/galaxy/.venv/lib/python2.7/site-packages/ldap/functions.py", line 135, in set_option return _ldap_function_call(None,_ldap.set_option,option,invalue) File "/home/galaxy/galaxy/.venv/lib/python2.7/site-packages/ldap/functions.py", line 66, in _ldap_function_call result = func(*args,**kwargs) ValueError: option error Are you running MS AD ? if so, could i take a look at your config file? ThanksJohn From: Jelle Scholtalbers <j.scholtalbers@gmail.com> To: Hans-Rudolf Hotz <hrh@fmi.ch> Cc: John Chen <jchen162@yahoo.com>; Galaxy Dev List <galaxy-dev@lists.galaxyproject.org> Sent: Monday, June 12, 2017 3:16 AM Subject: Re: [galaxy-dev] AD Intergration Hi John, as a tip, you can use the tool "ldapsearch", from e.g. the package "openldap-client", to figure out with which attributes you search and which attributes you can retrieve. Examples:$ ldapsearch -vv -x -H ldap://dc1.example.com -b cn=Users,dc=exampke,dc=org" # retrieve all AD/ldap entries $ ldapsearch -vv -x -H ldap://dc1.example.com -b cn=Users,dc=exampke,dc=org "uid=a_username" # retrieve all attributes for user with uid "a_username"$ ldapsearch -vv -x -H ldap://dc1.example.com -b cn=Users,dc=exampke,dc=org "sAMAccountName=a_username" mail # only retrieve the mail attribute by searching for the sAMAccountName In addition, if you get it working, you might want to switch to the more secure ldaps if that is supported by your IT. Cheers,Jelle On Mon, Jun 12, 2017 at 8:32 AM, Hans-Rudolf Hotz <hrh@fmi.ch> wrote: On 06/09/2017 03:29 PM, John Chen wrote: Hans-Rudolf, That got me past the error, but I i am now having issue authenticating with against AD, as if its not able to search for the users. Do I need a binding service account to search AD object? Does the bottow 5 lines look correct? They look right, but I can't say whether they are correct. You need to discuss this with the person who has set up your Active Directory Hans-Rudolf <search-base>cn=galaxy,ou=Secu rity,ou=somegroup,dc=example, dc=org</search-base> <search-filter>(&(objectCl ass=user)(sAMAccountName={ username}))</search-filter> <search-user>ADsearchAccount< /search-user> <search-password>AD_Search_Pa sswrd</search-password> <bind-user>{sAMAccountName}</ bind-user> The logs show that it found the userID and email, but gets an invalid password on the webportal galaxy.webapps.galaxy.controll ers.user DEBUG 2017-06-09 09:26:34,592 trans.app.config.auth_config_f ile: ./config/auth_conf.xml galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: email is testUser.name@example.org galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: username is testUser galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: options are {'bind-user': '{sAMAccountName}', 'search-fields': 'sAMAccountName,mail', 'login-use-username': 'True', 'allow-register': 'False', 'auto-register-email': '{mail}', 'server': 'ldap://xxx.xxx.xx', 'auto-register': 'True', 'search-base': 'cn=xxx-xx,ou=Security,ou=xxxx x xxx,dc=xxx,dc=xx', 'search-filter': '(&(objectClass=user)(sAMAccou ntName={username}))', 'auto-register-username': '{sAMAccountName}', 'search-password': 'xxxx', 'search-user': 'xxxx', 'bind-password': '{password}'} galaxy.auth.providers.ldap_ad WARNING 2017-06-09 09:26:34,596 LDAP authenticate: search returned no results 10.127.220.227 - - [09/Jun/2017:09:26:34 -0400] "POST /user/login?use_panels=False HTTP/1.1" 200 - "http://glxlcdcpvm01.nyumc.org :8080/user/login?use_panels= False" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0" ------------------------------ ------------------------------ ------------ *From:* Hans-Rudolf Hotz <hrh@fmi.ch> *To:* John Chen <jchen162@yahoo.com>; Galaxy Dev List <galaxy-dev@lists.galaxyprojec t.org> *Sent:* Friday, June 9, 2017 3:34 AM *Subject:* Re: [galaxy-dev] AD Intergration always keep the mailing list in the loop! in order for others to help or learn On 06/08/2017 07:27 PM, John Chen wrote: > Hans-Rudolf > > This is the error I get when I start the Galaxy server. > ... > xml.etree.ElementTree.ParseErr or: mismatched tag: line 8, column 105 > This is very informative. Looking at line 8 in your file: <server><a class="moz-txt-link-freetext" href="ldap://ldap.xxx.xx">ldap ://ldap.xxx.xx</server> The element "a" is not terminated What happens, if you try just <server>ldap://ldap.xxx.xx</se rver> Regards, Hans-Rudolf ______________________________ _____________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.o rg/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/sear ch/