LDAPS authentication for GALAXY when you use self-signed certificate

By: | Comments: No Comments

Posted in categories: Uncategorized

The current version of GALAXY (https://usegalaxy.org/) will run into error when using ldaps authentication mechanics. The error is
Traceback (most recent call last):
File “/home/galaxy/galaxy-dist/lib/galaxy/auth/providers/ldap_ad.py”, line 117, in authenticate
ldap.set_option(_opt)
File “/home/galaxy/galaxy-dist/.venv/local/lib/python2.7/site-packages/ldap/functions.py”, line 135, in set_option
return _ldap_function_call(None,_ldap.set_option,option,invalue)
File “/home/galaxy/galaxy-dist/.venv/local/lib/python2.7/site-packages/ldap/functions.py”, line 66, in _ldap_function_call
result = func(_args,**kwargs)
ValueError: option error
The function in Python LDAP binary _ldap.so func(_args,**kwargs) does not take the option argument “OPT_X_TLS_REQUIRE_CERT” properly.
The CentOS 7 system version of python-ldap binary has the same issue.

To overcome this, you will need to download the python-ldap source from
wget https://pypi.python.org/packages/67/d9/fa0ea70d1792875745116ad62ac8d4bcb07550b15cded591bb57df6a6d9a/python-ldap-2.4.32.tar.gz#md5=7c46c8a04acc227a778c7900c87cdfc7
then install certain devel package using
yum install openldap-devel
then build the source by running
python setup.py build
Afterward, you do not need to replace the entire ldap directory, but only overwrite the _ldap.so file in your galaxy/.venv/lib/python2.7/site-packages/ by the file from your build in ./build/lib.linux-x86_64-2.7/ folder.
Then the ldaps will work.

Be the first to comment!

Leave a Reply