[conradL@qimr13054 stardog]$ ldapsearch -LLL "CN=stardogSuperUsers" dn cn member -b "ou=Groups,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=au" -H ldap://bioldapv01.adqimr.ad.lan -D 'CN=manager,DC=genomeinfo,DC=qimrberghofer,DC=edu,DC=au' -y ~/.ldap.pwddn: cn=stardogSuperUsers,ou=Groups,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=aucn: stardogSuperUsersmember: cn=conradL,ou=QIMR Users,ou=QIMR Accounts,dc=adqimr,dc=ad,dc=lan
[conradL@qimr13054 stardog]$ ldapsearch -LLL "CN=stardogUsers" dn cn member -b "ou=Groups,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=au" -H ldap://bioldapv01.adqimr.ad.lan -D 'CN=manager,DC=genomeinfo,DC=qimrberghofer,DC=edu,DC=au' -y ~/.ldap.pwddn: cn=stardogUsers,ou=Groups,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=aucn: stardogUsersmember: cn=johnPe,ou=QIMR Users,ou=QIMR Accounts,dc=adqimr,dc=ad,dc=lanmember: cn=oliverH,ou=QIMR Users,ou=QIMR Accounts,dc=adqimr,dc=ad,dc=lan
[conradL@qimr13054 stardog]$ cat $STARDOG_HOME/stardog.propertiessecurity.realms = ldapldap.provider.url = ldap://*************ldap.security.principal = cn=manager,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=auldap.security.credentials = ***************ldap.user.dn.template = cn={0},ou=QIMR Users,ou=QIMR Accounts,dc=adqimr,dc=ad,dc=lanldap.group.lookup.string = ou=Groups,dc=genomeinfo,dc=qimrberghofer,dc=edu,dc=auldap.users.cn = stardogUsersldap.superusers.cn = stardogSuperUsers
[conradL@qimr13054 stardog]$ stardog-admin user list -u conradL
+----------+| Username |+----------++----------+
[conradL@qimr13054 stardog]$ stardog-admin user permission -u conradL conradL+---------------+---------------+-------------+-----------+| Resource Type | Resource Name | Permissions | Source |+---------------+---------------+-------------+-----------+| * | * | CDRWGKX | [conradL] |+---------------+---------------+-------------+-----------+
[conradL@qimr13054 stardog]$ stardog-admin user permission -u conradL oliverHUser oliverH has no permissions.
[conradL@qimr13054 stardog]$ stardog-admin user grant -a read -o db:* -u conradL oliverHSuccessfully granted the permission.[conradL@qimr13054 stardog]$ stardog-admin user permission -u conradL oliverH+---------------+---------------+-------------+-----------+| Resource Type | Resource Name | Permissions | Source |+---------------+---------------+-------------+-----------+| db | * | --R---- | [oliverH] |+---------------+---------------+-------------+-----------+
[conradL@qimr13054 stardog]$ stardog-admin server stop -u conradL && stardog-admin server startStardog server successfully received the shutdown request.Jun 16, 2015 3:57:42 PM org.quartz.impl.StdSchedulerFactory instantiateINFO: Using default implementation for ThreadExecutorJun 16, 2015 3:57:42 PM org.quartz.core.SchedulerSignalerImpl <init>INFO: Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImplJun 16, 2015 3:57:42 PM org.quartz.core.QuartzScheduler <init>INFO: Quartz Scheduler v.2.1.3 created.Jun 16, 2015 3:57:42 PM org.quartz.simpl.RAMJobStore initializeINFO: RAMJobStore initialized.Jun 16, 2015 3:57:42 PM org.quartz.core.QuartzScheduler initializeINFO: Scheduler meta-data: Quartz Scheduler (v2.1.3) '33728776-263e-4407-afe5-67ab4e7c038c' with instanceId 'NON_CLUSTERED' Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally. NOT STARTED. Currently in standby mode. Number of jobs executed: 0 Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads. Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
Jun 16, 2015 3:57:42 PM org.quartz.impl.StdSchedulerFactory instantiateINFO: Quartz scheduler '33728776-263e-4407-afe5-67ab4e7c038c' initialized from an externally provided properties instance.Jun 16, 2015 3:57:42 PM org.quartz.impl.StdSchedulerFactory instantiateINFO: Quartz scheduler version: 2.1.3Jun 16, 2015 3:57:42 PM org.quartz.core.QuartzScheduler startINFO: Scheduler 33728776-263e-4407-afe5-67ab4e7c038c_$_NON_CLUSTERED started.Jun 16, 2015 3:57:42 PM com.complexible.stardog.security.impl.AbstractExistingSecurityResourcesLoader permissionsMapWARNING: Ignoring permission for unrecognized subject: tag:stardog.com:2011-10-11:stardog:security:User-4iwpi3j1tboxrtshhafjssdtv
************************************************************This copy of Stardog is licensed to Conrad Leonard (conrad....@qimrberghofer.edu.au), QIMR Berghofer Medical Research InstituteThis is a Community licenseThis license does not expire.************************************************************
:; ;; `;`: `'+', :: `++ `;:` +###++, ,#+ `++ . ##+.,', '#+ ++ + ,## ####++ ####+: ##,++` .###+++ .####+ ####++++# `##+ ####+' ##+#++ ###++``###'+++ `###'+++ ###`,++,: ####+ ##+ ++. ##: ### `++ ### `++` ##` ++: ###++, ##+ ++, ##` ##; `++ ##: ++; ##, ++: ;+++ ##+ ####++, ##` ##: `++ ##: ++' ;##'#++ ;++ ##+ ### ++, ##` ##' `++ ##; ++: ####+ ,. +++ ##+ ##: ++, ##` ### `++ ### .++ '#; ,####++' +##++ ###+#+++` ##` :####+++ `####++' ;####++` `####+; ##++ ###+,++` ##` ;###:++ `###+; `###++++ ## `++ .## ;++ #####++` `;;;.
************************************************************Stardog server 3.0.2 started on Tue Jun 16 15:57:42 AEST 2015.
Stardog server is listening on all network interfaces.SNARL server available at snarl://localhost:5820.HTTP server available at http://localhost:5820.
STARDOG_HOME=/data/stardog
LOG_FILE=/data/stardog/stardog.log
[conradL@qimr13054 stardog]$ stardog-admin user permission -u conradL oliverHUser oliverH has no permissions.
This copy of Stardog is licensed to Conrad Leonard (conrad.leonard@qimrberghofer.edu.au), QIMR Berghofer Medical Research Institute
--
-- --
You received this message because you are subscribed to the C&P "Stardog" group.
To post to this group, send email to sta...@clarkparsia.com
To unsubscribe from this group, send email to
stardog+u...@clarkparsia.com
For more options, visit this group at
http://groups.google.com/a/clarkparsia.com/group/stardog?hl=en
2. An LDAP-authenticated user with read permissions on all databases and metadata gets 'Permission denied' message when attempting to log in from the webconsole login page http://<server>:<port>/#/login, although if they go directly to a permitted database url e.g. http://<server>:<port>/<database>#!/schema then they are prompted with a pop-up login dialog, which correctly allows access.
3. When LDAP authentication is enabled, the Users screen under webconsole "Security" menu shows nothing, although both stardogUsers and stardogSuperUsers groups have members. This isn't a big deal, but I would expect that the users named in those groups should be displayed here.
This copy of Stardog is licensed to Conrad Leonard (conrad.leonard@qimrberghofer.edu.au), QIMR Berghofer Medical Research Institute