Closed cha-uth closed 1 year ago
You'll need to use a tool like Apache Directory Studio to alter the display names of the users
@cha-uth -- did that work?
I haven't tried it yet
From: Ajit Londhe @.> Sent: Tuesday, June 6, 2023 12:16 PM To: OHDSI/Broadsea @.> Cc: Ha, Cung M @.>; Mention @.> Subject: Re: [OHDSI/Broadsea] how to add openldap users to atlasdb (Issue #88)
External: Increase caution when handling links and attachments.
@cha-uthhttps://github.com/cha-uth -- did that work?
- Reply to this email directly, view it on GitHubhttps://github.com/OHDSI/Broadsea/issues/88#issuecomment-1579159800, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A7NOIDLAJAET2LPCKGN4433XJ5QWPANCNFSM6AAAAAAYYU3E54. You are receiving this because you were mentioned.Message ID: @.**@.>>
Hi! Following along, I'm also trying to make use of the openldap solution, but I'm not very familiar with it. Could you clarify what a tool like Apache Directory Studio would be needed for and what can be done from the .env file? From what I understand, you can define several users and their passwords from the .env file, and as mentioned here when logging in they will be named "user1", "user2"... unless renamed from Apache Directory Studio. I can't login to ATLAS with the admin credentials set in the .env so I assume that may only be used from Apache Directory Studio as well? I also saw here that there should be a wizard to map LDAP users to ATLAS role, but I can't find it when logged as simple user, so my guess is that I need to be logged in as an admin user, but then how do I set any user as admin?
Although I can log in with the LDAP users but I cannot assign Atlas role either.
Same issue as Romain
From: RomainTching @.> Sent: Wednesday, June 7, 2023 3:32 AM To: OHDSI/Broadsea @.> Cc: Ha, Cung M @.>; Mention @.> Subject: Re: [OHDSI/Broadsea] how to add openldap users to atlasdb (Issue #88)
External: Increase caution when handling links and attachments.
Hi! Following along, I'm also trying to make use of the openldap solution, but I'm not very familiar with it. Could you clarify what a tool like Apache Directory Studio would be needed for and what can be done from the .env file? From what I understand, you can define several users and their passwords from the .env file, and as mentioned here when logging in they will be named "user1", "user2"... unless renamed from Apache Directory Studio. I can't login to ATLAS with the admin credentials set in the .env so I assume that may only be used from Apache Directory Studio as well? I also saw here https://github.com/OHDSI/Broadsea/issues/82#issuecomment-1563490008 that there should be a wizard to map LDAP users to ATLAS role, but I can't find it when logged as simple user, so my guess is that I need to be logged in as an admin user, but then how do I set any user as admin?
- Reply to this email directly, view it on GitHubhttps://github.com/OHDSI/Broadsea/issues/88#issuecomment-1580196100, or unsubscribehttps://github.com/notifications/unsubscribe-auth/A7NOIDKATIIA7LS2UNOTMD3XKA36VANCNFSM6AAAAAAYYU3E54. You are receiving this because you were mentioned.Message ID: @.**@.>>
This is the approach:
Sorry, I'm new to LDAP. What should be the Authentication Parameter credentials to use for Apache Directory Studio to connect to the openLDAP in the container? The admin credentials set in the .env? I get an authentication error so I'm not sure if I need to use one of the uid
, ou
or dc
attributes...
Romain use this for the bind user
cn=ldapadmin, dc=Whatever-you-set-in your-env-file, dc=whatever-you-set-in-your-env-file
Right, so if using the default items from the env file:
Bind DN or User: cn=ldapadmin,dc=example,dc=org Password: the default password
That seems to work! We were able to proceed with all these steps up to the point of assigning ATLAS roles to new users. Thanks a lot for your patience and help. Now this process raised another issue for source JDBC strings that I opened separately here since I'm not sure if it's directly related to OpenLDAP configuration or some kind of difference between the main and develop branch.
Great! I'll look to add this info to our readme for the next release. I'll check out the other issue in the other thread.
Got the develop branch running with openldap. Everything is working as expected.
But when a openldap user login, I get a 'user1', or 'user2' displayed although the ldap user names are something else. Also nothing can be accessed. So how do I add them to the atlasdb? Just need to know the related tables and schema (I assume it's webapi schema). I will need to add at last one user with a system level so that I can set things up.
Thanks.