[python-ldap] LDAP Authentication
Durdevic, Marija
marija.durdevic at medunigraz.at
Wed Jun 1 10:20:50 EDT 2016
Dear all,
I am trying to setup LDAP for my Galaxy web-app. Python-ldap file: https://github.com/galaxyproject/galaxy/blob/dev/lib/galaxy/auth/providers/ldap_ad.py
My configuration file is:
I changed configuration to :
<?xml version="1.0"?>
<auth>
<authenticator>
<type>ldap</type>
<filter>'{email}'.endswith('@mycompany.com')</filter>
<options>
<allow-register>True</allow-register>
<auto-register>True</auto-register>
<allow-password-change>False</allow-password-change>
<server>ldap://ldap. mycompany.com</server>
<ldap-options>OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW</ldap-options>
<login-use-username>False</login-use-username>
<continue-on-failure>True</continue-on-failure>
<search-fields>uid,mail</search-fields>
<search-filter>(mail={email})</search-filter>
<search-base>ou=pers,ou=usr,o=mcp</search-base>
<bind-user>{dn}</bind-user>
<bind-password>{password}</bind-password>
<auto-register-username>{uid}</auto-register-username>
<auto-register-email>{mail}</auto-register-email>
</options>
</authenticator>
<authenticator>
<type>localdb</type>
<options>
<allow-password-change>true</allow-password-change>
</options>
</authenticator>
</auth>
And error in log file is:
galaxy.auth.providers.ldap_ad DEBUG 2016-06-01 15:13:28,135 LDAP authenticate: email is marija.durdevic at medunigraz.at<mailto:marija.durdevic at medunigraz.at> galaxy.auth.providers.ldap_ad
DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: username is None galaxy.auth.providers.ldap_ad
DEBUG 2016-06-01 15:13:28,136 LDAP authenticate: options are {'bind-user': '{dn}', 'search-fields': 'uid,mail', 'login-use-username': 'False', 'allow-register': 'True', 'ldap-options': 'OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW', 'auto-register-email': '{mail}', 'server': 'ldap://ldap.mycompany.com', 'auto-register': 'True', 'search-base': 'ou=pers,ou=usr,o=mug', 'search-filter': '(mail={email})', 'continue-on-failure': 'True', 'auto-register-username': '{uid}', 'bind-password': '{password}', 'allow-password-change': 'False'} galaxy.auth.providers.ldap_ad
DEBUG 2016-06-01 15:13:28,144 LDAP authenticate: Valid LDAP option pair OPT_X_TLS_REQUIRE_CERT=OPT_X_TLS_ALLOW -> 24582=3 galaxy.auth.providers.ldap_ad
DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: dn is cn=o_durdevic,ou=pers,ou=usr,o=mug
galaxy.auth.providers.ldap_ad
DEBUG 2016-06-01 15:13:28,160 LDAP authenticate: search attributes are {'mail': ['marija.durdevic at medunigraz.at'], 'uid': ['o_durdevic']} galaxy.auth.providers.ldap_ad WARNING 2016-06-01 15:13:28,169 LDAP authenticate: bind exception Traceback (most recent call last):
File "lib/galaxy/auth/providers/ldap_ad.py", line 168, in authenticate
whoami = l.whoami_s()
File "/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 641, in whoami_s
return self._ldap_call(self._l.whoami_s,serverctrls,clientctrls)
File "/home/galaxy/galaxy/.venv/local/lib/python2.7/site-packages/ldap/ldapobject.py", line 106, in _ldap_call
result = func(*args,**kwargs)
PROTOCOL_ERROR: {'info': 'Unrecognized extended operation', 'desc': 'Protocol error'}
Any recommendation?
Thanks in advance.
Regards,
Marija
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20160601/ee351696/attachment.html>
More information about the python-ldap
mailing list