Integration of OMERO server with Active Directory (using LDAP)

Hi, so far we were using OMERO server with local user accoutns and now trying to integrate with AD (LDAP port 389). AD user cannot login and we see bleow in Blitz log file.

2020-10-15 14:32:17,296 INFO [ ome.security.basic.EventHandler] (l.Server-2) Auth: user=0,group=0,event=558417(Sessions),sess=331876e2-9ac2-402a-b4ab-1025b52ec01b

2020-10-15 14:32:17,300 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-2) Default choice on create user: XXXX (ome.conditions.ApiUsageException: Cannot find unique user DistinguishedName: found=0 (XXXX))

2020-10-15 14:32:17,301 WARN [ ome.logic.AdminImpl] (l.Server-2) Password provider returned null: ome.security.auth.PasswordProviders@4fbc763c

2020-10-15 14:32:17,302 INFO [ org.perf4j.TimingLogger] (l.Server-2) start[1602761537289] time[13] tag[omero.call.success.ome.services.sessions.SessionManagerImpl$9.doWork]

2020-10-15 14:32:17,302 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Rslt: false

2020-10-15 14:32:17,302 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Executor.doWork – java.lang.String.akazmi

2020-10-15 14:32:17,302 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Args: [null, InternalSF@1193797116]

2020-10-15 14:32:17,303 INFO [ ome.security.basic.EventHandler] (l.Server-2) Auth: user=0,group=0,event=null(Internal),sess=331876e2-9ac2-402a-b4ab-1025b52ec01b

2020-10-15 14:32:17,304 INFO [ org.perf4j.TimingLogger] (l.Server-2) start[1602761537302] time[2] tag[omero.call.success.ome.services.blitz.fire.PermissionsVerifierI$1.doWork]

2020-10-15 14:32:17,305 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Rslt: null

2020-10-15 14:32:17,318 INFO [ ome.services.util.ServiceHandler] (l.Server-3) Executor.doWork – ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO[guest]

2020-10-15 14:32:17,318 INFO [ ome.services.util.ServiceHandler] (l.Server-3) Args: [null, InternalSF@1193797116]

2020-10-15 14:32:17,319 INFO [ ome.security.basic.EventHandler] (l.Server-3) Auth: user=0,group=0,event=null(Sessions),sess=331876e2-9ac2-402a-b4ab-1025b52ec01b

2020-10-15 14:32:17,321 INFO [ org.perf4j.TimingLogger] (l.Server-3) start[1602761537318] time[2]

Hi @scadmin! Welcome to image.sc.

This largely says that the LDAP query that is being run isn’t finding any results. Can you show us the omero.ldap.* configuration properties from omero config get? Also, do you have any examples of what DNs you are attempting to query for?

If all else fails, you might be interested in trying https://github.com/glencoesoftware/omero-ldaptool

I outline an example of using it in OMERO and LDAP questions

All the best,
~Josh