Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

User Story #747 (closed)

Opened 17 years ago

Closed 17 years ago

Last modified 16 years ago

System Authentication using LDAP

Reported by: atarkowska Owned by: aleksandrat
Priority: minor Milestone: 3.0-Beta2
Component: General Keywords: n.a.
Cc: cxallan Story Points: n.a.
Sprint: n.a. Importance: n.a.
Total Remaining Time: n.a. Estimated Remaining Time: n.a.

Description

The story comes from requirement of uploading Omero DB by users from LDAP (popular users' store place).

The scheme of logic is attached on graph1.

The purpose case:
1) user is on OmeroDB, he/she has got omeroname and password
2) user is on OmeroDB, he/she has got omeroname and DN
3) user is on OmeroDB, he/she has't got any password/DN on password table
4) user is not on OmeroDB, he/she hasn't got any password/DN on password table

Re.1 and re.2

select p.hash as PASSWD, p.dn as DN

from experimenter e, password p
where e.omename=?
and e.id = p.experimenter_id

Will give a result (password or DN).
If DN check that specified user exist in LDAP and his password is correct.

Re.3 and re.4

Will not give any result, should be searched on LDAP.
If there is no user with specified 'cn' or more then 1 user with 'cn' under specified base throw an exception. If user was found add this user to OmeroDB, set his DN on password table.

Configuration file (omero.properties) includes only:
omero.ldap.urls= 'ldap://host:port'
omero.ldap.username= 'if log in to Ldap require special user'
omero.ldap.password= 'for above user'
omero.ldap.base= 'place from where starts subtree'

Optional configuration:
Can be set optional group and/or attributes requirements. Suggested place for storage these data will be on OmeroDB.

Attachments (2)

graph1.2.jpg (64.2 KB) - added by atarkowska 17 years ago.
graph2.1.jpg (163.2 KB) - added by atarkowska 16 years ago.

Download all attachments as: .zip

Change History (8)

Changed 17 years ago by atarkowska

comment:1 Changed 17 years ago by atarkowska

  • Resolution set to fixed
  • Status changed from new to closed

r1715 and improving errors: r1716, r1717, r1718, r1719

comment:2 Changed 16 years ago by jmoore

  • Milestone changed from Unscheduled to 3.0-Beta2

comment:3 Changed 16 years ago by atarkowska

Allow to connect with secure connection with ldap. r2100

comment:4 Changed 16 years ago by atarkowska

Beginning with OMERO-3.0-Beta3, the OMERO server has unified the handling of login sessions among both the JBoss and the OmeroBlitz servers. To support LDAP plugin authentication is moved to checkPassword.

Changed 16 years ago by atarkowska

comment:5 Changed 16 years ago by atarkowska

r2411

comment:6 Changed 16 years ago by atarkowska

reverting r2412

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.65558 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!