AD/LDAP Integration

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

AD/LDAP Integration

Yip, Miu ki
Hi all,

After setting up AD/LDAP in Galaxy, we noticed that for some reason, some users are able to log in but others were not. We don’t think that it has anything to do with the set up of LDAP or AD at our institute and we’ve tried to find common threads between the users who can log in but we have not found anything interesting.

Could someone explain what exactly Galaxy looks for when signing users in with AD/LDAP? We found the source code here: ./lib/galaxy/auth/providers/ldap_ad.py but all the code seems to be functioning properly.

Here is one of the error outputs in the log when somebody tries to log in for the first time, but cannot:

galaxy.auth.providers.ldap_ad DEBUG 2017-02-01 17:16:17,954 LDAP authenticate: whoami is u:SCIEDU\chess
galaxy.auth.providers.ldap_ad DEBUG 2017-02-01 17:16:17,954 LDAP authentication successful
server ip - - [01/Feb/2017:17:16:12 -0400] "POST /galaxy/user/login?use_panels=False HTTP/1.0" 200 - “http:/galaxyurl.edu/galaxy/user/login?use_panels=False<http://galaxy/user/login?use_panels=False>" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
----------------------------------------
Exception happened during processing of request from ('127.0.0.1', 55724)
Traceback (most recent call last):
  File "/localdata1/galaxy/.venv/lib/python2.7/site-packages/paste/httpserver.py", line 1085, in process_request_in_thread
    self.finish_request(request, client_address)
  File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib64/python2.7/SocketServer.py", line 651, in __init__
    self.finish()
  File "/usr/lib64/python2.7/SocketServer.py", line 710, in finish
    self.wfile.close()
  File "/usr/lib64/python2.7/socket.py", line 279, in close
    self.flush()
  File "/usr/lib64/python2.7/socket.py", line 303, in flush
    self._sock.sendall(view[write_offset:write_offset+buffer_size])
error: [Errno 32] Broken pipe


Any insight would be appreciated. Thanks!
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: AD/LDAP Integration

Hans-Rudolf Hotz
Hi

I have no solution for you so far. However, I recommend to have a closer
look at the entries in the 'galaxy_user' table for the users which work,
and the users which don't work. In particular, check for 'email' and
'username' whether they are exactly the same as in your accounts provider.

I assume, you have galaxy users, which have been using galaxy before you
switched to external authentication?

Or have you used authentication through apache before?





Regards, Hans-Rudolf





On 02/02/2017 04:12 PM, Yip, Miu ki wrote:

> Hi all,
>
> After setting up AD/LDAP in Galaxy, we noticed that for some reason, some users are able to log in but others were not. We don’t think that it has anything to do with the set up of LDAP or AD at our institute and we’ve tried to find common threads between the users who can log in but we have not found anything interesting.
>
> Could someone explain what exactly Galaxy looks for when signing users in with AD/LDAP? We found the source code here: ./lib/galaxy/auth/providers/ldap_ad.py but all the code seems to be functioning properly.
>
> Here is one of the error outputs in the log when somebody tries to log in for the first time, but cannot:
>
> galaxy.auth.providers.ldap_ad DEBUG 2017-02-01 17:16:17,954 LDAP authenticate: whoami is u:SCIEDU\chess
> galaxy.auth.providers.ldap_ad DEBUG 2017-02-01 17:16:17,954 LDAP authentication successful
> server ip - - [01/Feb/2017:17:16:12 -0400] "POST /galaxy/user/login?use_panels=False HTTP/1.0" 200 - “http:/galaxyurl.edu/galaxy/user/login?use_panels=False<http://galaxy/user/login?use_panels=False>" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.95 Safari/537.36"
> ----------------------------------------
> Exception happened during processing of request from ('127.0.0.1', 55724)
> Traceback (most recent call last):
>    File "/localdata1/galaxy/.venv/lib/python2.7/site-packages/paste/httpserver.py", line 1085, in process_request_in_thread
>      self.finish_request(request, client_address)
>    File "/usr/lib64/python2.7/SocketServer.py", line 334, in finish_request
>      self.RequestHandlerClass(request, client_address, self)
>    File "/usr/lib64/python2.7/SocketServer.py", line 651, in __init__
>      self.finish()
>    File "/usr/lib64/python2.7/SocketServer.py", line 710, in finish
>      self.wfile.close()
>    File "/usr/lib64/python2.7/socket.py", line 279, in close
>      self.flush()
>    File "/usr/lib64/python2.7/socket.py", line 303, in flush
>      self._sock.sendall(view[write_offset:write_offset+buffer_size])
> error: [Errno 32] Broken pipe
>
>
> Any insight would be appreciated. Thanks!
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>    https://lists.galaxyproject.org/
>
> To search Galaxy mailing lists use the unified search at:
>    http://galaxyproject.org/search/mailinglists/
>
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/