Hello,
From my experience, By default, Active Directory does not allow bind
operation over plain LDAP, you need LDAPS for that to happen.
My 2 cents.
Youssef Ghorbal
------------------------------------
On 9 Jun 2017, at 15:29, John Chen
<jchen162@yahoo.com<mailto:jchen162@yahoo.com>> wrote:
Hans-Rudolf,
That got me past the error, but I i am now having issue authenticating with against AD, as
if its not able to search for the users. Do I need a binding service account to search AD
object? Does the bottow 5 lines look correct?
<search-base>cn=galaxy,ou=Security,ou=somegroup,dc=example,dc=org</search-base>
<search-filter>(&(objectClass=user)(sAMAccountName={username}))</search-filter>
<search-user>ADsearchAccount</search-user>
<search-password>AD_Search_Passwrd</search-password>
<bind-user>{sAMAccountName}</bind-user>
The logs show that it found the userID and email, but gets an invalid password on the
webportal
galaxy.webapps.galaxy.controllers.user DEBUG 2017-06-09 09:26:34,592
trans.app.config.auth_config_file: ./config/auth_conf.xml
galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: email is
testUser.name@example.org<mailto:testUser.name@example.org>
galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: username is
testUser
galaxy.auth.providers.ldap_ad DEBUG 2017-06-09 09:26:34,592 LDAP authenticate: options are
{'bind-user': '{sAMAccountName}', 'search-fields':
'sAMAccountName,mail', 'login-use-username': 'True',
'allow-register': 'False', 'auto-register-email':
'{mail}', 'server': 'ldap://xxx.xxx.xx', 'auto-register':
'True', 'search-base': 'cn=xxx-xx,ou=Security,ou=xxxxx
xxx,dc=xxx,dc=xx', 'search-filter':
'(&(objectClass=user)(sAMAccountName={username}))',
'auto-register-username': '{sAMAccountName}', 'search-password':
'xxxx', 'search-user': 'xxxx', 'bind-password':
'{password}'}
galaxy.auth.providers.ldap_ad WARNING 2017-06-09 09:26:34,596 LDAP authenticate: search
returned no results
10.127.220.227 - - [09/Jun/2017:09:26:34 -0400] "POST /user/login?use_panels=False
HTTP/1.1" 200 -
"http://glxlcdcpvm01.nyumc.org:8080/user/login?use_panels=False"
"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0"
________________________________
From: Hans-Rudolf Hotz <hrh@fmi.ch<mailto:hrh@fmi.ch>>
To: John Chen <jchen162@yahoo.com<mailto:jchen162@yahoo.com>>; Galaxy Dev List
<galaxy-dev@lists.galaxyproject.org<mailto:galaxy-dev@lists.galaxyproject.org>>
Sent: Friday, June 9, 2017 3:34 AM
Subject: Re: [galaxy-dev] AD Intergration
always keep the mailing list in the loop! in order for others to help or
learn
On 06/08/2017 07:27 PM, John Chen wrote:
Hans-Rudolf
This is the error I get when I start the Galaxy server.
...
xml.etree.ElementTree.ParseError: mismatched tag: line 8, column 105
This is very informative. Looking at line 8 in your file:
<server><a class="moz-txt-link-freetext"
href="ldap://ldap.xxx.xx">ldap://ldap.xxx.xx</server>
The element "a" is not terminated
What happens, if you try just
<server>ldap://ldap.xxx.xx</server>
Regards, Hans-Rudolf
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/