Hi Marija,
does it work without

<ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options>


?

Cheers,
Nicola

On 01/06/16 14:17, Durdevic, Marija wrote:
Dear Nicola,

Thank you very much for your help, I appreciate it a lot.

With recommended changes, I am getting just error message in Galaxy web-app: No 
such user or invalid password. There is no error msg in log file.

I changed configuration to :

<?xml version="1.0"?>
<auth>
   <authenticator>
     <type>ldap</type>
     <filter>'{email}'.endswith('@mycompany.com')</filter>
     <options>
       <allow-register>True</allow-register>
       <auto-register>True</auto-register>
       <allow-password-change>False</allow-password-change>
       <server>ldap://ldap. mycompany.com</server>
       <ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options>
       <login-use-username>False</login-use-username>
       <continue-on-failure>True</continue-on-failure>
       <search-fields>uid,mail</search-fields>
       <search-filter>(mail={email})</search-filter>
       <search-base>ou=pers,ou=usr,o=mcp</search-base>
       <bind-user>{dn}</bind-user>
       <bind-password>{password}</bind-password>
       <auto-register-username>{uid}</auto-register-username>
       <auto-register-email>{mail}</auto-register-email>
     </options>
   </authenticator>

   <authenticator>
     <type>localdb</type>
     <options>
       <allow-password-change>true</allow-password-change>
     </options>
   </authenticator>
</auth>

And error in log file is:


galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,135 LDAP authenticate: 
email is marija.durde...@medunigraz.at
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: 
username is None
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: 
options are {'bind-user': '{dn}', 'search-fields': 'uid,mail', 
'login-use-username': 'False', 'allow-register': 'True', 'ldap-options': 
'OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW', 'auto-register-email': '{mail}', 
'server': 'ldap://ldap.medunigraz.at', 'auto-register': 'True', 'search-base': 
'ou=pers,ou=usr,o=mug', 'search-filter': '(mail={email})', 
'continue-on-failure': 'True', 'auto-register-username': '{uid}', 
'bind-password': '{password}', 'allow-password-change': 'False'}
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,144 LDAP authenticate: 
Valid LDAP option pair OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW -> 24582=3
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: 
dn is cn=o_durdevic,ou=pers,ou=usr,o=mug
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: 
search attributes are {'mail': ['marija.durde...@medunigraz.at'], 'uid': 
['o_durdevic']}
galaxy.auth.providers.ldap_ad WARNING 2016-06-01 15:13:28,169 LDAP 
authenticate: bind exception
Traceback (most recent call last):
   File "lib/galaxy/auth/providers/ldap_ad.py", line 168, in authenticate
     whoami = l.whoami_s()
   File 
"/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
 line 641, in whoami_s
     return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls)
   File 
"/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py",
 line 106, in _ldap_call
     result = func(*args,**kwargs)
PROTOCOL_ERROR: {'info': 'Unrecognized extended operation', 'desc': 'Protocol 
error'}
10.17.16.180 - - [01/Jun/2016:15:13:28 +0200] "POST /user/login?use_panels=False HTTP/1.1" 200 - 
"https://galaxy.medunigraz.at/user/login?use_panels=False"; "Mozilla/5.0 (Windows NT 6.1; 
WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36"
[pid: 23119|app: 0|req: 1/1] 10.17.16.180 () {54 vars in 1146 bytes} [Wed Jun  1 
15:13:28 2016] POST /user/login?use_panels=False => generated 5018 bytes in 101 
msecs (HTTP/1.1 200) 2 headers in 73 bytes (1 switches on core 0)


-----Original Message-----
From: Nicola Soranzo [mailto:nicola.sora...@gmail.com] On Behalf Of Nicola 
Soranzo
Sent: Wednesday, June 01, 2016 2:56 PM
To: Durdevic, Marija; galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] LDAP authentification

Hi Marija,
try to change to this:

<search-filter>(uid={username})</search-filter>

and/or:

<bind-user>{dn}</bind-user>

and let us know if you still have errors (please attach the sanitized logs).

Cheers,
Nicola

On 01/06/16 12:51, Durdevic, Marija wrote:
Dear Nicola,

Thank you for response.
I am having all those information, and I am following sample file, but still 
unsuccessfully.
Here is my auth_conf file:


<?xml version="1.0"?>
<auth>
      <authenticator>
          <type>ldap</type>
          <filter>'{email}'.endswith('@mycompany.com')</filter>
          <options>
              <allow-register>False</allow-register>
              <auto-register>True</auto-register>
              <allow-password-change>False</allow-password-change>
              <server>ldap://ldap.mycompany.com</server>
              
<ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options>
              <login-use-username>True</login-use-username>
              <continue-on-failure>False</continue-on-failure>
              <search-fields>uid, mail</search-fields>
              
<search-filter>(&#124;(mail={email})(uid={username}))</search-filter>
              <search-base>ou=pers,ou=usr,o=com</search-base>

              <bind-user>{email}</bind-user>
              <bind-password>{password}</bind-password>
              <auto-register-username>{uid}</auto-register-username>
              <auto-register-email>{email}</auto-register-email>
          </options>
      </authenticator>

      <authenticator>
          <type>localdb</type>
          <options>
              <allow-password-change>true</allow-password-change>
          </options>
      </authenticator>
</auth>


And

Thank you for your help.

Regards,
Marija

From: Nicola Soranzo [mailto:nicola.sora...@gmail.com] On Behalf Of Nicola 
Soranzo
Sent: Wednesday, June 01, 2016 12:47 PM
To: Durdevic, Marija; galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] LDAP authentification

Hi Marija,
LDAP authentication is usually quite site-specific, config/auth_conf.xml.sample 
contains example and documentation that should help you, but you still need to 
know the necessary details about how LDAP authentication works on your network, 
e.g. LDAP type (OpenLDAP or MS Active Directory), server address, search and 
bind parameters...

Cheers,
Nicola
On 31/05/16 14:20, Durdevic, Marija wrote:
Can someone please be so kind to post auth_conf.xml file with all changes. I am 
trying to setup it, but unsuccessfully.

Thanks in advance.
Regards,
Marija

Mag. Marija Đurđević
Core Facility Computational Bioanalytics

Medical University of Graz
Center for Medical Research
Stiftingtalstraße 24, A-8010 Graz
Austria

Phone: +43 316/385-73024
Fax:+43 316/385-73009

Email: marija.djurdje...@medunigraz.at<mailto:marija.djurdje...@medunigraz.at>
Email: 
marija.djurdje...@klinikum-graz.at<mailto:marija.djurdje...@klinikum-graz.at>

Web: https://zmf.medunigraz.at/





___________________________________________________________

Please keep all replies on the list by using "reply all"

in your mail client.  To manage your subscriptions to this

and other Galaxy lists, please use the interface at:

    https://lists.galaxyproject.org/



To search Galaxy mailing lists use the unified search at:

    http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
 https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
 http://galaxyproject.org/search/mailinglists/

Reply via email to