Hi Hakeem,
since you are using:
<login-use-username>True</login-use-username>
you need to use your username without the "@mydomain.com" for the first
login. After the first successful login, Galaxy will store the email
associated to your username on the AD server in its user database and
you will be able to use it as an alternative to your username to login.
Cheers,
Nicola
On 12/11/17 10:46, Hakeem Almabrazi wrote:
HI Nicola,
Thank you for your response. I have added your suggestions but still
I am getting the same error; the username is None if I used the
[email protected] <mailto:[email protected]> as a login in the
login page. Here is the error log I keep getting.
galaxy.webapps.galaxy.controllers.user DEBUG 2017-11-12 13:35:38,507
trans.app.config.auth_config_file: ./config/auth_conf.xml
galaxy.auth.providers.ldap_ad DEBUG 2017-11-12 13:35:38,507 LDAP
authenticate: email is [email protected]
galaxy.auth.providers.ldap_ad DEBUG 2017-11-12 13:35:38,507 LDAP
authenticate: username is None
galaxy.auth.providers.ldap_ad DEBUG 2017-11-12 13:35:38,507 LDAP
authenticate: options are {'bind-user':
'{sAMAccountName}@research.sidra.local', 'search-fields':
'sAMAccountName,mail', 'login-use-username': 'True', 'allow-register':
'False', 'auto-register-email': '{mail}', 'server': '
myAD.mydomain.example.local ', 'auto-register': 'True', 'search-base':
'cn=Users,dc=mydomian,dc=example,dc=local', 'auto-register-username':
'{sAMAccountName}', 'search-password': 'PASSWORD', 'search-user':
'[email protected]', 'bind-password': '{password}',
'allow-password-change': 'False'}
galaxy.auth.providers.ldap_ad DEBUG 2017-11-12 13:35:38,508 LDAP
authenticate: username must be used to login, cannot be None
And here is my updated auth_config.xml file
<?xml version="1.0"?>
<auth>
<authenticator>
<type>ldap</type>
<options>
<allow-register>False</allow-register>
<auto-register>True</auto-register>
<allow-password-change>False</allow-password-change>
<server>myAD.mydomain.example.local</server>
<login-use-username>True</login-use-username>
<search-fields>sAMAccountName,mail</search-fields>
<search-base>cn=Users,dc=mydomain,dc=example,dc=local</search-base>
<search-user>[email protected]</search-user>
<search-password>PASSWORD</search-password>
<bind-user>{sAMAccountName}@mydomain.example.local</bind-user>
<bind-password>{password}</bind-password>
<auto-register-username>{sAMAccountName}</auto-register-username>
<auto-register-email>{mail}</auto-register-email>
</options>
</authenticator>
<authenticator>
<type>localdb</type>
<options>
<allow-password-change>true</allow-password-change>
</options>
</authenticator>
</auth>
I will appreciate it if you think the file looks okay to you.
Thank you
*Hakeem Almabrazi*
Senior Software Architect
*Sidra Medical and Research Center*
Out-Patient Clinic
PO Box 26999 , Al Luqta Street
Education City North Campus
Qatar Foundation
*Tel:+974-4003-7458 (ext:37458)**|**Mobile:* +974-7479-4201
[email protected] <mailto:[email protected]> *|*www.sidra.org
<http://www.sidra.org/>
Description:
C:\Users\fgenevieve\AppData\Local\Microsoft\Windows\Temporary Internet
Files\Content.Outlook\O53SYTUP\Sidra-Logo-Member of QF Short.PNG
*From:*Nicola Soranzo [mailto:[email protected]] *On Behalf Of
*Nicola Soranzo
*Sent:* Thursday, November 09, 2017 5:44 PM
*To:* Hakeem Almabrazi; [email protected]
*Subject:* Re: [galaxy-dev] Active Directory Authentication question
Hi Hakeem,
a couple of suggestions:
- allow-register should be False
- I don't see a line with something like
<server>ldap://dc1.example.com</server> , but I suppose you have
omitted it
- if your AD server doesn't allow anonymous searches (like in my
case), you need to specify also:
<search-user>cn=jsmith,ou=People,dc=domain,dc=com</search-user>
<search-password>mysecret</search-password>
- you definitely need to specify an adapted version of these:
<bind-user>{sAMAccountName}@dc1.example.com
<mailto:[email protected]></bind-user>
<bind-password>{password}</bind-password>
<auto-register-username>{sAMAccountName}</auto-register-username>
<auto-register-email>{mail}</auto-register-email>
Hope that helps!
Cheers,
Nicola
On 09/11/17 11:24, Hakeem Almabrazi wrote:
Hello,
I have installed the latest galaxy and I would like to use the MS
Active Directory 2012 for authentication. I tried to follow the
instructions outlined here
https://galaxyproject.org/admin/config/external-user-auth/ without
touching the lib/galaxy/auth/providers/ldap_ad_py since I thought
this is related to ldap not AD.
Here is the exact auth_config.xml file
+++++++++++++++++++++++++
<?xml version="1.0"?>
<auth>
<authenticator>
<type>ldap</type>
<options>
<allow-register>True</allow-register>
<auto-register>True</auto-register>
<allow-password-change>False</allow-password-change>
<login-use-username>True</login-use-username>
<!-- For Active Directory: -->
<search-fields>sAMAccountName,mail</search-fields>
<search-base>dc=dc1,dc=example,dc=com</search-base>
<!-- If login-use-username is True -->
<search-filter>(&(objectClass=user)(sAMAccountName={username}))</search-filter>
</options>
</authenticator>
</auth>
+++++++++++++++++
When I try to login using a real user email and pwd, it says “No
user of valid password” in the Galaxy page. And here is the error
log I keep getting.
galaxy.webapps.galaxy.controllers.user DEBUG 2017-11-09
13:55:37,940 trans.app.config.auth_config_file: ./config/auth_conf.xml
galaxy.auth.providers.ldap_ad DEBUG 2017-11-09 13:55:37,940 LDAP
authenticate: email is [email protected] <mailto:[email protected]>
galaxy.auth.providers.ldap_ad DEBUG 2017-11-09 13:55:37,940 LDAP
authenticate: username is None
galaxy.auth.providers.ldap_ad DEBUG 2017-11-09 13:55:37,940 LDAP
authenticate: options are {'search-fields': 'sAMAccountName,mail',
'login-use-username': 'True', 'allow-register': 'True',
'auto-register': 'True', 'search-base':
'dc=dc1,dc=example,dc=com', 'search-filter':
'(&(objectClass=user)(sAMAccountName={username}))',
'allow-password-change': 'False'}
galaxy.auth.providers.ldap_ad DEBUG 2017-11-09 13:55:37,940 LDAP
authenticate: username must be used to login, cannot be None
galaxy.auth DEBUG 2017-11-09 13:55:37,941 Email: , Username ,
stopping due to failed non-continue
Is there anything missing from my auth_config.xml file?
I appreciate any kind of help figuring this out.
Best regards,
Hak
Disclaimer: This email and its attachments may be confidential and
are intended solely for the use of the individual to whom it is
addressed. If you are not the intended recipient, any reading,
printing, storage, disclosure, copying or any other action taken
in respect of this e-mail is prohibited and may be unlawful. If
you are not the intended recipient, please notify the sender
immediately by using the reply function and then permanently
delete what you have received. Any views or opinions expressed are
solely those of the author and do not necessarily represent those
of Sidra Medical and Research Center.
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/
Disclaimer: This email and its attachments may be confidential and are
intended solely for the use of the individual to whom it is addressed.
If you are not the intended recipient, any reading, printing, storage,
disclosure, copying or any other action taken in respect of this
e-mail is prohibited and may be unlawful. If you are not the intended
recipient, please notify the sender immediately by using the reply
function and then permanently delete what you have received. Any views
or opinions expressed are solely those of the author and do not
necessarily represent those of Sidra Medical and Research Center.
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at:
http://galaxyproject.org/search/
