Task #11876 (new)
Opened 10 years ago
Last modified 10 years ago
BUG: LDAP group filter not working — at Initial Version
Reported by: | atarkowska | Owned by: | jamoore |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4.10 |
Component: | Services | Version: | 4.4.9 |
Keywords: | n.a. | Cc: | bpindelski, jamoore, jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description
While setting up LDAP authentication limiting users to members of only one group it turned out that group filter is not taken to the account at all.
omero.ldap.urls=ldap://ldap.lifesci.dundee.ac.uk:389
omero.ldap.base=ou=lifesci,o=dundee
omero.ldap.config=True
omero.ldap.new_user_group=MY GROUP
omero.ldap.user_filter=(objectClass=inetorgperson)
Setting group filter to the following still let everyone log in:
omero.ldap.group_filter=(objectClass=groupOfNames)
omero.ldap.group_filter=(&(objectClass=groupOfUniqueNames)(cn=omero-cls-gallery,ou=groups,ou=lifesci,o=dundee))
LSC ldap has no group mapping in user entry thats why we are unable to filter that directly. But as tested 2 years ago https://trac.openmicroscopy.org.uk/ome/ticket/6248#comment:11 ticket 6248] I am sure it was possible and working well.