-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

I've been trying to get the new LDAP module to work. It works fine for
existing users but I can't get auto-register to work. In the logs I can
see the successful logins look like this;

galaxy.webapps.galaxy.controllers.user DEBUG 2015-09-02 13:35:06,130
trans.app.config.auth_config_file: ./config/auth_conf.xml
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP
authenticate: email is mj...@aber.ac.uk
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,131 LDAP
authenticate: username is mjv08
....
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:35:06,235 LDAP
authentication successful

and those that are unsuccessful have a username as None, which is why
the search filter isn't working;

galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP
authenticate: email is unregu...@aber.ac.uk
galaxy.auth.providers.ldap_ad DEBUG 2015-09-02 13:47:13,951 LDAP
authenticate: username is None
....
galaxy.auth.providers.ldap_ad WARNING 2015-09-02 13:47:14,110 LDAP
authenticate: search returned no results

My auth_config.xml openldap authenticator looks like this (edited to
remove openldap server details);

        <authenticator>
                <type>ldap</type>
                <filter>'{email}'.endswith('@example.com')</filter>
                <options>
                        <auto-register>True</auto-register>
                        <allow-register>Challenge</allow-register>
                        <server>ldaps://dc1.example.com</server>
                       
<search-base>ou=People,dc=dc1,dc=example,dc=com</search-base>
                       
<search-user>cn=searchuser,ou=People,dc=dc1,dc=example,dc=com</search-user>
                       
<search-password>searchuserpassword</search-password>
                        <search-fields>cn,mail</search-fields>
                       
<search-filter>(&amp;(cn={username})(mail={email}))</search-filter>
                        <bind-user>{dn}</bind-user>
                        <bind-password>{password}</bind-password>
                       
<auto-register-username>{cn}</auto-register-username>
                        <auto-register-email>{mail}</auto-register-email>
                </options>
        </authenticator>


Are there any settings in galaxy.ini that are required to enable this to
work?

Many thanks

Martin



- -- 

- --
Dr. Martin Vickers

Data Manager/HPC Systems Administrator
Institute of Biological, Environmental and Rural Sciences
IBERS New Building
Aberystwyth University

w: http://www.martin-vickers.co.uk/
e: mj...@aber.ac.uk
t: 01970 62 2807
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQEcBAEBAgAGBQJV5vO7AAoJEHa0a8GkKQgIJJQH/20auDZKNYOw0JfXq6y/DpY9
2d7C5e81BepLfi3b715vhuG5qtJUj+fLkI86fgKgloo/y4SqQWeni51buxs3kgSl
L0ynVeZC/hIQSSLIEUTfPomT0CIR4GdPwnegbqaWZuy3NBlq2Rj6Boc2V/6EIp1M
ARlEKeV/gK64h/cq2guTbPLdgK5vnGFCNKcsLLYCLelBmpXfjRG8z9JIa1nLa/F/
4p1KaIX+UqCTMZrGAOM2S5Fb3rfmeApcp73w6aM4RDKwdJpsfuhQhFwtkPFjfSyn
GrQM6naA/qY8m+Gtl+he6L7XczP4nFyan1JN9AcWEGtzHBappPKMeI/L7ZLoHTw=
=Cwa8
-----END PGP SIGNATURE-----


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to