Task #11876 (new)
Opened 10 years ago
Last modified 10 years ago
BUG: LDAP group filter not working — at Version 1
Reported by: | atarkowska | Owned by: | jamoore |
---|---|---|---|
Priority: | blocker | Milestone: | OMERO-4.4.10 |
Component: | Services | Version: | 4.4.9 |
Keywords: | n.a. | Cc: | bpindelski, jamoore, jburel |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | n.a. |
Sprint: | n.a. |
Description (last modified by atarkowska)
While setting up LDAP authentication limiting users to members of only one group it turned out that group filter is not taken to the account at all.
omero.ldap.urls=ldap://ldap.lifesci.dundee.ac.uk:389 omero.ldap.base=ou=lifesci,o=dundee omero.ldap.config=True omero.ldap.new_user_group=MY GROUP omero.ldap.user_filter=(objectClass=inetorgperson)
Setting group filter to the following still let everyone log in:
omero.ldap.group_filter=(objectClass=groupOfNames) omero.ldap.group_filter=(&(objectClass=groupOfUniqueNames)(cn=omero-cls-gallery,ou=groups,ou=lifesci,o=dundee))
LSC ldap has no group mapping in user entry thats why we are unable to filter that directly. But as tested 2 years ago https://trac.openmicroscopy.org.uk/ome/ticket/6248#comment:11 ticket 6248] I am sure it was possible and working well.