OMERO and LDAP questions

Hi everyone.

My OMERO.server installation (coupled with OMERO.web) works well now. I can create profiles (i created a test profile for me) and i can make basic operations.

But now, me and the server administration team are struggling with the LDAP implementation: we have a LDAP architecture at our research institute and we want to make OMERO compatible with it. My team informed me they implemented it (with a lot of rough edges), and they are trying to configure and debug it properly.

Personally, i am not knowledgeable about LDAP (let alone the particular implementation at our institute), so i can’t help with their eventual error messages. So, i want to ask you if you have a good “standardized procedure” to test and debug OMERO with LDAP.

I know my question is very wide, so if you can also post some forum links about this topic, it might help.

Do you have some clues?

Thanks by advance, Marc.

Hi @mmongy,

https://github.com/glencoesoftware/omero-ldaptool will likely do what you want. I set up a quick docker-compose based OMERO with LDAP activated:

version: "3"

services:

  database:
    image: "postgres:11"
    environment:
      POSTGRES_USER: omero
      POSTGRES_DB: omero
      POSTGRES_PASSWORD: omero
    networks:
      - omero
    volumes:
      - "database:/var/lib/postgresql/data"
    ports:
        - "5432:5432"

  omeroserver:
    image: "openmicroscopy/omero-server:5.6"
    environment:
      CONFIG_omero_db_host: database
      CONFIG_omero_db_user: omero
      CONFIG_omero_db_pass: omero
      CONFIG_omero_db_name: omero
      CONFIG_omero_ldap_config: "true"
      CONFIG_omero_ldap_urls: "ldap://ldap:10389"
      CONFIG_omero_ldap_base: "dc=openmicroscopy,dc=org"
      CONFIG_omero_ldap_group__filter: "(objectClass=groupOfUniqueNames)"
      CONFIG_omero_ldap_group__mapping: "name=cn"
      CONFIG_omero_ldap_new__user__group: "MyData"
      CONFIG_omero_ldap_new__user__group_owner: "(owner=@{dn})"
      CONFIG_omero_ldap_password: "secret"
      CONFIG_omero_ldap_sync__on__login: "true"
      CONFIG_omero_ldap_user__filter: "(objectClass=person)"
      CONFIG_omero_ldap_user__mapping: "omeName=uid,firstName=givenName,lastName=sn,email"
      CONFIG_omero_ldap_username: "uid=admin,ou=system"
      ROOTPASS: omero
    networks:
      - omero
    ports:
      - "4063:4063"
      - "4064:4064"
    volumes:
      - "omero:/OMERO"

  omeroweb:
    image: "openmicroscopy/omero-web-standalone:5.6"
    environment:
      OMEROHOST: omeroserver
    networks:
      - omero
    ports:
      - "4080:4080"

  ldap:
    image: "openmicroscopy/apacheds"
    networks:
      - omero
    ports:
        - "10389:10389"

networks:
  omero:

volumes:
  database:
  omero:

In the ldap container, I set up a user and group with:

ldapmanager init
ldapmanager user u1 --password u1
ldapmanager group u1 --member u1

Then from the omeroserver container, I downloaded the configuration:

docker-compose exec omeroserver /opt/omero/server/venv3/bin/omero config get --show-password > cfg

with this I could run build and run the tool:

./gradlew installDist
build/install/omero-ldaptool/bin/omero-ldaptool cfg u1

and see the output:

/opt/omero-ldaptool $ build/install/omero-ldaptool/bin/omero-ldaptool cfg u1
2020-06-11 14:55:54,728 [main] INFO  com.glencoesoftware.ldaptool.Main - Loading LDAP configuration from: /opt/omero-ldaptool/cfg
... skip bunch of lines ...
2020-06-11 14:55:55,347 [main] INFO  com.glencoesoftware.ldaptool.Main - Experimenter field mappings id=null email=null firstName=J. lastName=Doe institution=null ldap=true middleName=null omeName=u1
2020-06-11 14:55:55,348 [main] INFO  c.g.ldaptool.MockSimpleRoleProvider - Would have created ExperimenterGroup id=1 name=MyData perms=null strict=false isLdap=true
2020-06-11 14:55:55,348 [main] INFO  com.glencoesoftware.ldaptool.Main - Would be member of Group IDs=[1]

That should give you one working example that you can then compare to your LDAP installation, which we know are all very different from one another.

Good luck,
~Josh

Edit: the above docker-compose is now available under https://github.com/ome/docker-example-omero-ldap

In the ldap container, you can modify a user using

ldapmodify -H ldap://localhost:10389 -D uid=admin,ou=system -W < update.ldif

with this being an example of update.ldif file:

version: 1
dn: uid=t,ou=Users,dc=openmicroscopy,dc=org
changetype: modify
replace: givenName
givenName: X.

A post was split to a new topic: OMERO.insight connection fails

A post was split to a new topic: Getting started with OMERO and LDAP