Migrating user account from galaxy specific to LDAP

classic Classic list List threaded Threaded
6 messages Options
| Threaded
Open this post in threaded view
|

Migrating user account from galaxy specific to LDAP

Teshome Dagne Mulugeta

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Migrating user account from galaxy specific to LDAP

Eric Rasche-2
Hi Teshome,

I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their "old" histories, and no new accounts were generated.

If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. 
Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their "new" accounts.

Failing that, a method of last resort:
You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.)

Hope that helps,

Cheers,
Eric


2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta <[hidden email]>:

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Migrating user account from galaxy specific to LDAP

Jelle Scholtalbers
Hi Teshome,

I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;)

Cheers,

Jelle

On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche <[hidden email]> wrote:
Hi Teshome,

I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their "old" histories, and no new accounts were generated.

If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. 
Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their "new" accounts.

Failing that, a method of last resort:
You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.)

Hope that helps,

Cheers,
Eric


2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta <[hidden email]>:

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Migrating user account from galaxy specific to LDAP

Eric Rasche-2
Jelle,

REMOTE_USER impersonation was fixed a few releases back. Many of the academic admins complained about it being broken at the last GCC, and it was fixed a little while after that. I am currently using it it with apache+CAS auth.

Cheers,
Eric

2015-04-30 10:28 GMT-05:00 Jelle Scholtalbers <[hidden email]>:
Hi Teshome,

I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;)

Cheers,

Jelle

On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche <[hidden email]> wrote:
Hi Teshome,

I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their "old" histories, and no new accounts were generated.

If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. 
Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their "new" accounts.

Failing that, a method of last resort:
You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.)

Hope that helps,

Cheers,
Eric


2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta <[hidden email]>:

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/




--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Migrating user account from galaxy specific to LDAP

Will Holtz
In reply to this post by Jelle Scholtalbers
I use LDAP authentication on my Galaxy instance and can still impersonate users.

-Will


On Thu, Apr 30, 2015 at 8:28 AM, Jelle Scholtalbers <[hidden email]> wrote:
Hi Teshome,

I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;)

Cheers,

Jelle

On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche <[hidden email]> wrote:
Hi Teshome,

I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their "old" histories, and no new accounts were generated.

If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. 
Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their "new" accounts.

Failing that, a method of last resort:
You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.)

Hope that helps,

Cheers,
Eric


2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta <[hidden email]>:

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
<a href="tel:404-692-2048" value="+14046922048" target="_blank">404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
The information contained in this e-mail message or any attachment(s) may be confidential and/or privileged and is intended for use only by the individual(s) to whom this message is addressed.  If you are not the intended recipient, any dissemination, distribution, copying, or use is strictly prohibited.  If you receive this e-mail message in error, please e-mail the sender at [hidden email] and destroy this message and remove the transmission from all computer directories (including e-mail servers).

Please consider the environment before printing this email.

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/
| Threaded
Open this post in threaded view
|

Re: Migrating user account from galaxy specific to LDAP

Eric Rasche-2
That was fixed before 14.08, since github kindly shows which branches a commit is in.

2015-04-30 10:30 GMT-05:00 Will Holtz <[hidden email]>:
I use LDAP authentication on my Galaxy instance and can still impersonate users.

-Will


On Thu, Apr 30, 2015 at 8:28 AM, Jelle Scholtalbers <[hidden email]> wrote:
Hi Teshome,

I assume you have good reasons for switching to LDAP (e.g. users only need to remember their main password), but just as a side note, we recently switched back from LDAP authentication to local user authentication to have a bit more control. One of the main reasons is being able to 'impersonate a user', a capability lost when using external authentication. We do not regret it ;)

Cheers,

Jelle

On Thu, Apr 30, 2015 at 5:01 PM, Eric Rasche <[hidden email]> wrote:
Hi Teshome,

I solved this by manually editing the user's emails in the database. I did this during the downtime, and just switched their old email address to their LDAP address, causing them to see their "old" histories, and no new accounts were generated.

If your users have already logged in (and thus have two accounts, one old, one new) it's slightly more complicated. 
Your best bet is to set up some downtime immediately, and do the above, causing the users to lose anything in their "new" accounts.

Failing that, a method of last resort:
You can update history IDs to the new users, i.e. find a mapping from old email + old user ID to new email + new user ID, and then run queries like UPDATE history set user_id=new_user_id where user_id=old_user_id but that only migrates histories, I don't know what else is keyed on user IDs (probably data libraries? Workflows? Hmm.)

Hope that helps,

Cheers,
Eric


2015-04-30 1:01 GMT-05:00 Teshome Dagne Mulugeta <[hidden email]>:

​Hi,


We are currently using galaxy specific login using email address. We changed the authentication to LDAP. Most users email address doesn't match with their registered email address in LDAP. Now, users are not able to see their previous works which is expected of course but I have no clue how to fix it. Please help. 


Cheers,
Teshome

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
<a href="tel:404-692-2048" value="+14046922048" target="_blank">404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/



--
The information contained in this e-mail message or any attachment(s) may be confidential and/or privileged and is intended for use only by the individual(s) to whom this message is addressed.  If you are not the intended recipient, any dissemination, distribution, copying, or use is strictly prohibited.  If you receive this e-mail message in error, please e-mail the sender at [hidden email] and destroy this message and remove the transmission from all computer directories (including e-mail servers).

Please consider the environment before printing this email.



--
Eric Rasche
Programmer II

Center for Phage Technology
Rm 312A, BioBio
Texas A&M University
College Station, TX 77843
404-692-2048


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  https://lists.galaxyproject.org/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/