Hi Marija, does it work without <ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options>
? Cheers, Nicola On 01/06/16 14:17, Durdevic, Marija wrote:
Dear Nicola, Thank you very much for your help, I appreciate it a lot. With recommended changes, I am getting just error message in Galaxy web-app: No such user or invalid password. There is no error msg in log file. I changed configuration to : <?xml version="1.0"?> <auth> <authenticator> <type>ldap</type> <filter>'{email}'.endswith('@mycompany.com')</filter> <options> <allow-register>True</allow-register> <auto-register>True</auto-register> <allow-password-change>False</allow-password-change> <server>ldap://ldap. mycompany.com</server> <ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options> <login-use-username>False</login-use-username> <continue-on-failure>True</continue-on-failure> <search-fields>uid,mail</search-fields> <search-filter>(mail={email})</search-filter> <search-base>ou=pers,ou=usr,o=mcp</search-base> <bind-user>{dn}</bind-user> <bind-password>{password}</bind-password> <auto-register-username>{uid}</auto-register-username> <auto-register-email>{mail}</auto-register-email> </options> </authenticator> <authenticator> <type>localdb</type> <options> <allow-password-change>true</allow-password-change> </options> </authenticator> </auth> And error in log file is: galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,135 LDAP authenticate: email is [email protected] galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: username is None galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: options are {'bind-user': '{dn}', 'search-fields': 'uid,mail', 'login-use-username': 'False', 'allow-register': 'True', 'ldap-options': 'OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW', 'auto-register-email': '{mail}', 'server': 'ldap://ldap.medunigraz.at', 'auto-register': 'True', 'search-base': 'ou=pers,ou=usr,o=mug', 'search-filter': '(mail={email})', 'continue-on-failure': 'True', 'auto-register-username': '{uid}', 'bind-password': '{password}', 'allow-password-change': 'False'} galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,144 LDAP authenticate: Valid LDAP option pair OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW -> 24582=3 galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: dn is cn=o_durdevic,ou=pers,ou=usr,o=mug galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: search attributes are {'mail': ['[email protected]'], 'uid': ['o_durdevic']} galaxy.auth.providers.ldap_ad WARNING 2016-06-01 15:13:28,169 LDAP authenticate: bind exception Traceback (most recent call last): File "lib/galaxy/auth/providers/ldap_ad.py", line 168, in authenticate whoami = l.whoami_s() File "/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 641, in whoami_s return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls) File "/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call result = func(*args,**kwargs) PROTOCOL_ERROR: {'info': 'Unrecognized extended operation', 'desc': 'Protocol error'} 10.17.16.180 - - [01/Jun/2016:15:13:28 +0200] "POST /user/login?use_panels=False HTTP/1.1" 200 - "https://galaxy.medunigraz.at/user/login?use_panels=False"; "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36" [pid: 23119|app: 0|req: 1/1] 10.17.16.180 () {54 vars in 1146 bytes} [Wed Jun 1 15:13:28 2016] POST /user/login?use_panels=False => generated 5018 bytes in 101 msecs (HTTP/1.1 200) 2 headers in 73 bytes (1 switches on core 0) -----Original Message----- From: Nicola Soranzo [mailto:[email protected]] On Behalf Of Nicola Soranzo Sent: Wednesday, June 01, 2016 2:56 PM To: Durdevic, Marija; [email protected] Subject: Re: [galaxy-dev] LDAP authentification Hi Marija, try to change to this: <search-filter>(uid={username})</search-filter> and/or: <bind-user>{dn}</bind-user> and let us know if you still have errors (please attach the sanitized logs). Cheers, Nicola On 01/06/16 12:51, Durdevic, Marija wrote:Dear Nicola, Thank you for response. I am having all those information, and I am following sample file, but still unsuccessfully. Here is my auth_conf file: <?xml version="1.0"?> <auth> <authenticator> <type>ldap</type> <filter>'{email}'.endswith('@mycompany.com')</filter> <options> <allow-register>False</allow-register> <auto-register>True</auto-register> <allow-password-change>False</allow-password-change> <server>ldap://ldap.mycompany.com</server> <ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options> <login-use-username>True</login-use-username> <continue-on-failure>False</continue-on-failure> <search-fields>uid, mail</search-fields> <search-filter>(|(mail={email})(uid={username}))</search-filter> <search-base>ou=pers,ou=usr,o=com</search-base> <bind-user>{email}</bind-user> <bind-password>{password}</bind-password> <auto-register-username>{uid}</auto-register-username> <auto-register-email>{email}</auto-register-email> </options> </authenticator> <authenticator> <type>localdb</type> <options> <allow-password-change>true</allow-password-change> </options> </authenticator> </auth> And Thank you for your help. Regards, Marija From: Nicola Soranzo [mailto:[email protected]] On Behalf Of Nicola Soranzo Sent: Wednesday, June 01, 2016 12:47 PM To: Durdevic, Marija; [email protected] Subject: Re: [galaxy-dev] LDAP authentification Hi Marija, LDAP authentication is usually quite site-specific, config/auth_conf.xml.sample contains example and documentation that should help you, but you still need to know the necessary details about how LDAP authentication works on your network, e.g. LDAP type (OpenLDAP or MS Active Directory), server address, search and bind parameters... Cheers, Nicola On 31/05/16 14:20, Durdevic, Marija wrote: Can someone please be so kind to post auth_conf.xml file with all changes. I am trying to setup it, but unsuccessfully. Thanks in advance. Regards, Marija Mag. Marija Đurđević Core Facility Computational Bioanalytics Medical University of Graz Center for Medical Research Stiftingtalstraße 24, A-8010 Graz Austria Phone: +43 316/385-73024 Fax:+43 316/385-73009 Email: [email protected]<mailto:[email protected]> Email: [email protected]<mailto:[email protected]> Web: https://zmf.medunigraz.at/ ___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
