omero-documentation icon indicating copy to clipboard operation
omero-documentation copied to clipboard

Published 20 hours ago verified publisher icon ome

LDAP Problems

Open inDane opened this issue 5 years ago • 4 comments

I've had problems with the LDAP settings. I solved my problems, but I'd like to share my experience. You can perhaps add some lines to the documentation, so that other people don't need to make the same mistakes.

The first problem was that i have some special characters in my Password: OMERO.server/bin/omero config set omero.ldap.password "hel!o" results in an error. Then i thought, i can just use \ to except that. OMERO.server/bin/omero config set omero.ldap.password "hel\!o" But this does actually get used for authentication, which resulsts in a bad credentials error. You can see the config in /OMERO.server/etc/grid/config.xml

This is the error stated in log/Blitz-0.log

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839]

The next problem that occurred was

ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.PartialResultException): Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''

This is, because omero.ldap.referral default is false. For our Active Directory we need omero.ldap.referral follow OMERO.server/bin/omero config set omero.ldap.referral "follow"

ome.conditions.ValidationException: not-null property references a null or transient value: ome.model.meta.Experimenter.lastName; nested exception is org.hibernate.PropertyValueException: not-null property references a null or transient value: ome.model.meta.Experimenter.lastName

The last problem getting LDAP to work was the user_mapping. I've customized the option and cut some parts of it, which i thought were unnecessary. Every variable needs to be filled! Otherwise it will fail with the error stated above.

OMERO.server/bin/omero config set omero.ldap.user_mapping "omeName=sAMAccountName, firstName=givenName, lastName=sn, email=mail, institution=department, middleName=middleName"

I hope this is the right place to put this inquiry.

inDane avatar Aug 01 '19 10:08 inDane