MS Active Directory Authentication
Hello Everyone, Is there an example of the auth_config.xml for a MS Active directory connection? I would like to all my users to register and login to Galaxy with their AD username and password. Note: We don't use a "@example.com" extension for our usernames just "username". Thanks in advance Dwayne
Hi Dwayne, see https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample <type>ldap</type> is equivalent to <type>activedirectory</type> Something like this may work for you: <auth> <authenticator> <type>activedirectory</type> <options> <allow-register>False</allow-register> <auto-register>True</auto-register> <server>ldap://dc1.example.com</server> <login-use-username>True</login-use-username> <search-fields>sAMAccountName,mail</search-fields> <search-base>dc=dc1,dc=example,dc=com</search-base> <search-filter>(&(objectClass=user)(sAMAccountName={username}))</search-filter> <search-user>jsmith</search-user> <search-password>mysecret</search-password> <bind-user>{sAMAccountName}</bind-user> <bind-password>{password}</bind-password> <auto-register-username>{sAMAccountName}</auto-register-username> <auto-register-email>{mail}</auto-register-email> </options> </authenticator> </auth> Cheers, Nicola On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote:
Hello Everyone,
Is there an example of the auth_config.xml for a MS Active directory connection?
I would like to all my users to register and login to Galaxy with their AD username and password.
Note: We don’t use a “@example.com” extension for our usernames just “username”.
Thanks in advance
Dwayne
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Thanks Nicola, Updated the auth_config.xml file but got the following message in the paster.log. Any idea how to fix? DEBUG 2015-10-13 14:18:11,644 LDAP authenticate: could not load ldap module Dwayne From: Nicola Soranzo [mailto:nicola.soranzo@gmail.com] On Behalf Of Nicola Soranzo Sent: Tuesday, October 13, 2015 1:44 PM To: McCully, Dwayne (NIH/NIAMS) [C] <dmccully@mail.nih.gov>; galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] MS Active Directory Authentication Hi Dwayne, see https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf.xml.sample <type>ldap</type> is equivalent to <type>activedirectory</type> Something like this may work for you: <auth> <authenticator> <type>activedirectory</type> <options> <allow-register>False</allow-register> <auto-register>True</auto-register> <server>ldap://dc1.example.com</server> <login-use-username>True</login-use-username> <search-fields>sAMAccountName,mail</search-fields> <search-base>dc=dc1,dc=example,dc=com</search-base> <search-filter>(&(objectClass=user)(sAMAccountName={username}))</search-filter> <search-user>jsmith</search-user> <search-password>mysecret</search-password> <bind-user>{sAMAccountName}</bind-user> <bind-password>{password}</bind-password> <auto-register-username>{sAMAccountName}</auto-register-username> <auto-register-email>{mail}</auto-register-email> </options> </authenticator> </auth> Cheers, Nicola On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote: Hello Everyone, Is there an example of the auth_config.xml for a MS Active directory connection? I would like to all my users to register and login to Galaxy with their AD username and password. Note: We don’t use a “@example.com” extension for our usernames just “username”. Thanks in advance Dwayne ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Hi Dwayne, you need to install the Python LDAP module: http://www.python-ldap.org/ https://pypi.python.org/pypi/python-ldap/ If you are using a virtualenv (which is recommended for a production server), activate it and then execute: pip install ldap Cheers, Nicola Il giorno mar, 13/10/2015 alle 18.23 +0000, McCully, Dwayne (NIH/NIAMS) [C] ha scritto:
Thanks Nicola,
Updated the auth_config.xml file but got the following message in the paster.log. Any idea how to fix?
DEBUG 2015-10-13 14:18:11,644 LDAP authenticate: could not load ldap module
Dwayne
From: Nicola Soranzo [mailto:nicola.soranzo@gmail.com] On Behalf Of Nicola Soranzo Sent: Tuesday, October 13, 2015 1:44 PM To: McCully, Dwayne (NIH/NIAMS) [C] <dmccully@mail.nih.gov>; galaxy-dev@lists.galaxyproject.org Subject: Re: [galaxy-dev] MS Active Directory Authentication
Hi Dwayne,
see https://github.com/galaxyproject/galaxy/blob/dev/config/auth_conf .xml.sample
<type>ldap</type> is equivalent to <type>activedirectory</type>
Something like this may work for you:
<auth> <authenticator> <type>activedirectory</type> <options> <allow-register>False</allow-register> <auto-register>True</auto-register> <server>ldap://dc1.example.com</server> <login-use-username>True</login-use-username> <search-fields>sAMAccountName,mail</search-fields> <search-base>dc=dc1,dc=example,dc=com</search-base> <search -filter>(&(objectClass=user)(sAMAccountName={username}))</search -filter> <search-user>jsmith</search-user> <search-password>mysecret</search-password> <bind-user>{sAMAccountName}</bind-user> <bind-password>{password}</bind-password> <auto-register-username>{sAMAccountName}</auto-register -username> <auto-register-email>{mail}</auto-register-email> </options> </authenticator> </auth>
Cheers, Nicola On 13/10/15 17:44, McCully, Dwayne (NIH/NIAMS) [C] wrote: Hello Everyone,
Is there an example of the auth_config.xml for a MS Active directory connection? I would like to all my users to register and login to Galaxy with their AD username and password.
Note: We don’t use a “@example.com” extension for our usernames just “username”.
Thanks in advance
Dwayne
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
participants (2)
-
McCully, Dwayne (NIH/NIAMS) [C] -
Nicola Soranzo