Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Pieter Neerincx wrote: Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Correct, this feature was missing. As of changeset 5469:7c101a11d261 Galaxy will now set the username to the value preceeding the '@' in the email address, or append '-integer' if that username is taken. Users can modify their username from the 'User' menu in the masthead. --nate Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
On Thu, Apr 28, 2011 at 5:33 PM, Nate Coraor n...@bx.psu.edu wrote: Pieter Neerincx wrote: Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Correct, this feature was missing. As of changeset 5469:7c101a11d261 Galaxy will now set the username to the value preceeding the '@' in the email address, or append '-integer' if that username is taken. Users can modify their username from the 'User' menu in the masthead. --nate Thanks Nate for the info. I would like to add though that this might not work for many organizations. Many places have for example: lhermida as username leandro.herm...@domain.org as the email address Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Leandro,
On Apr 27, 2011, at 3:50 PM, Leandro Hermida wrote:
Hi,
Just wondering if I got my setup right, I have Galaxy front-ended by Apache
doing the static caching, proxying and LDAP auth. What's nice is that user's
don't have to be created by an admin if the user authenticates and authorizes
properly against the LDAP config then Galaxy will automatically create the
user locally.
My question is that it shows that the User Name is not set for such users,
is this the way its supposed to be
No
or can I modify my LDAP config in such a way that it does set a User Name?
Yes, you can. I have a similar setup:
#
# For short logins. (Requires rewriting AuthLDAPBindDN to long form.)
#
AuthLDAPURL
ldap://ldap.uu.nl/ou=medewerkers,o=uu?uuShortID,uuMail;
AuthLDAPBindDN
uid=${REMOTE_USER}@soliscom.uu.nl,ou=medewerkers,o=uu
#
# Pass the user's e-mail address on to Galaxy as login
#
RewriteEngine On
RequestHeader set REMOTE_USER %{AUTHENTICATE_UUMAIL}e
Note that the uuMail attribute requested via the AuthLDAPURL somehow gets
expanded into an AUTHENTICATE_UUMAIL environment variable, which can then be
used to rewrite REMOTE_USER. You should be able to get something similar, but
the exact syntax will depend on the attributes defined in your LDAP. Note that
the example above allows my users to login with the part of their account
before the @. Since the domain part after the @ is the same for all of them
(soliscom.uu.nl), this saves them some typing when logging in :). Their e-mail
addresses may be different though, so I rewrite the REMOTE_USER to display
their e-mail address as Galaxy account in the web interface.
Cheers,
Pi
regards,
Leandro
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
-
mobile: +31 6 143 66 783
e-mail: pieter.neeri...@gmail.com
skype: pieter.online
-
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Pieter,
On Wed, Apr 27, 2011 at 4:14 PM, Pieter Neerincx
pieter.neeri...@gmail.comwrote:
Hi Leandro,
On Apr 27, 2011, at 3:50 PM, Leandro Hermida wrote:
Hi,
Just wondering if I got my setup right, I have Galaxy front-ended by
Apache doing the static caching, proxying and LDAP auth. What's nice is
that user's don't have to be created by an admin if the user authenticates
and authorizes properly against the LDAP config then Galaxy will
automatically create the user locally.
My question is that it shows that the User Name is not set for such
users, is this the way its supposed to be
No
or can I modify my LDAP config in such a way that it does set a User
Name?
Yes, you can. I have a similar setup:
#
# For short logins. (Requires rewriting AuthLDAPBindDN to long form.)
#
AuthLDAPURL ldap://
ldap.uu.nl/ou=medewerkers,o=uu?uuShortID,uuMail
AuthLDAPBindDN uid=${REMOTE_USER}@soliscom.uu.nl
,ou=medewerkers,o=uu
#
# Pass the user's e-mail address on to Galaxy as login
#
RewriteEngine On
RequestHeader set REMOTE_USER %{AUTHENTICATE_UUMAIL}e
Note that the uuMail attribute requested via the AuthLDAPURL somehow gets
expanded into an AUTHENTICATE_UUMAIL environment variable, which can then be
used to rewrite REMOTE_USER. You should be able to get something similar,
but the exact syntax will depend on the attributes defined in your LDAP.
Note that the example above allows my users to login with the part of their
account before the @. Since the domain part after the @ is the same for all
of them (soliscom.uu.nl), this saves them some typing when logging in :).
Their e-mail addresses may be different though, so I rewrite the REMOTE_USER
to display their e-mail address as Galaxy account in the web interface.
I have this *exact* same setup as you where I am authenticating with the
LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this
sets the Galaxy user email address (which in Galaxy is the user ID) but is
*doesn't* set any *User Name*, all my external users have User Name not
set. Are you sure your setup above sets the User Name to something? Check
under Admin - Manage Users, under the User Name column all my users that
are external yes say not set.
Cheers,
Pi
regards,
Leandro
___
Please keep all replies on the list by using reply all
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
http://lists.bx.psu.edu/
