Re: [galaxy-dev] Migrating user account from galaxy specific to LDAP
Jelle, REMOTE_USER impersonation was fixed a few releases back. Many of the academic admins complained about it being broken at the last GCC, and it was fixed a little while after that. I am currently using it it with apache+CAS auth. Cheers, Eric 2015-04-30 10:28 GMT-05:00 Jelle Scholtalbers j.scholtalb...@gmail.com: Hi Teshome, I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;) Cheers, Jelle On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche e...@tamu.edu wrote: Hi Teshome, I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their old histories, and no new accounts were generated. If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their new accounts. Failing that, a method of last resort: You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.) Hope that helps, Cheers, Eric 2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta teshome.mulug...@nmbu.no: Hi, We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. Cheers, Teshome ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] Migrating user account from galaxy specific to LDAP
Hi Teshome, I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;) Cheers, Jelle On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche e...@tamu.edu wrote: Hi Teshome, I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their old histories, and no new accounts were generated. If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their new accounts. Failing that, a method of last resort: You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.) Hope that helps, Cheers, Eric 2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta teshome.mulug...@nmbu.no : Hi, We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. Cheers, Teshome ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] Migrating user account from galaxy specific to LDAP
That was fixed before 14.08, since github kindly shows which branches a commit is in. https://github.com/galaxyproject/galaxy/commit/a8d23c257d53d8cf1924c482266fd61125b3b6c6 2015-04-30 10:30 GMT-05:00 Will Holtz who...@lygos.com: I use LDAP authentication on my Galaxy instance and can still impersonate users. -Will On Thu, Apr 30, 2015 at 8:28 AM, Jelle Scholtalbers j.scholtalb...@gmail.com wrote: Hi Teshome, I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;) Cheers, Jelle On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche e...@tamu.edu wrote: Hi Teshome, I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their old histories, and no new accounts were generated. If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their new accounts. Failing that, a method of last resort: You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.) Hope that helps, Cheers, Eric 2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta teshome.mulug...@nmbu.no: Hi, We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. Cheers, Teshome ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- The information contained in this e-mail message or any attachment(s) may be confidential and/or privileged and is intended for use only by the individual(s) to whom this message is addressed. If you are not the intended recipient, any dissemination, distribution, copying, or use is strictly prohibited. If you receive this e-mail message in error, please e-mail the sender at who...@lygos.com and destroy this message and remove the transmission from all computer directories (including e-mail servers). Please consider the environment before printing this email. -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] Migrating user account from galaxy specific to LDAP
Hi Teshome, I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their old histories, and no new accounts were generated. If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their new accounts. Failing that, a method of last resort: You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.) Hope that helps, Cheers, Eric 2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta teshome.mulug...@nmbu.no: Hi, We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. Cheers, Teshome ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Eric Rasche Programmer II Center for Phage Technology Rm 312A, BioBio Texas AM University College Station, TX 77843 404-692-2048 e...@tamu.edu rasche.e...@yandex.ru ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
