Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Pieter Neerincx wrote: Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Correct, this feature was missing. As of changeset 5469:7c101a11d261 Galaxy will now set the username to the value preceeding the '@' in the email address, or append '-integer' if that username is taken. Users can modify their username from the 'User' menu in the masthead. --nate Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
On Thu, Apr 28, 2011 at 5:33 PM, Nate Coraor n...@bx.psu.edu wrote: Pieter Neerincx wrote: Hi Leandro, On Apr 27, 2011, at 6:08 PM, Leandro Hermida wrote: Hi Pieter, cut I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Sorry for the confusion. Indeed it's the user ID alias e-mail address that is set correctly. The user name is not set and I don't know how to set it or if that is even possible with the current Galaxy Maybe some of the developers can enlighten us... Correct, this feature was missing. As of changeset 5469:7c101a11d261 Galaxy will now set the username to the value preceeding the '@' in the email address, or append '-integer' if that username is taken. Users can modify their username from the 'User' menu in the masthead. --nate Thanks Nate for the info. I would like to add though that this might not work for many organizations. Many places have for example: lhermida as username leandro.herm...@domain.org as the email address Cheers, Pi regards, Leandro - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Leandro, On Apr 27, 2011, at 3:50 PM, Leandro Hermida wrote: Hi, Just wondering if I got my setup right, I have Galaxy front-ended by Apache doing the static caching, proxying and LDAP auth. What's nice is that user's don't have to be created by an admin if the user authenticates and authorizes properly against the LDAP config then Galaxy will automatically create the user locally. My question is that it shows that the User Name is not set for such users, is this the way its supposed to be No or can I modify my LDAP config in such a way that it does set a User Name? Yes, you can. I have a similar setup: # # For short logins. (Requires rewriting AuthLDAPBindDN to long form.) # AuthLDAPURL ldap://ldap.uu.nl/ou=medewerkers,o=uu?uuShortID,uuMail; AuthLDAPBindDN uid=${REMOTE_USER}@soliscom.uu.nl,ou=medewerkers,o=uu # # Pass the user's e-mail address on to Galaxy as login # RewriteEngine On RequestHeader set REMOTE_USER %{AUTHENTICATE_UUMAIL}e Note that the uuMail attribute requested via the AuthLDAPURL somehow gets expanded into an AUTHENTICATE_UUMAIL environment variable, which can then be used to rewrite REMOTE_USER. You should be able to get something similar, but the exact syntax will depend on the attributes defined in your LDAP. Note that the example above allows my users to login with the part of their account before the @. Since the domain part after the @ is the same for all of them (soliscom.uu.nl), this saves them some typing when logging in :). Their e-mail addresses may be different though, so I rewrite the REMOTE_USER to display their e-mail address as Galaxy account in the web interface. Cheers, Pi regards, Leandro ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/ - mobile: +31 6 143 66 783 e-mail: pieter.neeri...@gmail.com skype: pieter.online - ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
Re: [galaxy-dev] User Name not set with external LDAP authentication
Hi Pieter, On Wed, Apr 27, 2011 at 4:14 PM, Pieter Neerincx pieter.neeri...@gmail.comwrote: Hi Leandro, On Apr 27, 2011, at 3:50 PM, Leandro Hermida wrote: Hi, Just wondering if I got my setup right, I have Galaxy front-ended by Apache doing the static caching, proxying and LDAP auth. What's nice is that user's don't have to be created by an admin if the user authenticates and authorizes properly against the LDAP config then Galaxy will automatically create the user locally. My question is that it shows that the User Name is not set for such users, is this the way its supposed to be No or can I modify my LDAP config in such a way that it does set a User Name? Yes, you can. I have a similar setup: # # For short logins. (Requires rewriting AuthLDAPBindDN to long form.) # AuthLDAPURL ldap:// ldap.uu.nl/ou=medewerkers,o=uu?uuShortID,uuMail AuthLDAPBindDN uid=${REMOTE_USER}@soliscom.uu.nl ,ou=medewerkers,o=uu # # Pass the user's e-mail address on to Galaxy as login # RewriteEngine On RequestHeader set REMOTE_USER %{AUTHENTICATE_UUMAIL}e Note that the uuMail attribute requested via the AuthLDAPURL somehow gets expanded into an AUTHENTICATE_UUMAIL environment variable, which can then be used to rewrite REMOTE_USER. You should be able to get something similar, but the exact syntax will depend on the attributes defined in your LDAP. Note that the example above allows my users to login with the part of their account before the @. Since the domain part after the @ is the same for all of them (soliscom.uu.nl), this saves them some typing when logging in :). Their e-mail addresses may be different though, so I rewrite the REMOTE_USER to display their e-mail address as Galaxy account in the web interface. I have this *exact* same setup as you where I am authenticating with the LDAP user ID and returning a mail LDAP attribute as REMOTE_USER, but this sets the Galaxy user email address (which in Galaxy is the user ID) but is *doesn't* set any *User Name*, all my external users have User Name not set. Are you sure your setup above sets the User Name to something? Check under Admin - Manage Users, under the User Name column all my users that are external yes say not set. Cheers, Pi regards, Leandro ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/