OMERO - Image Server - Configuration

This page describes basic configuration as well as more advanced tasks like integrate OMERO with LDAP (active directory). The scripts omero-config.sh and omero-config-ldap.sh can be used for unattended configurations.

Unless otherwise stated, all task should be performed using the omero system account. The steps on the install page should already have been done.

If you have followed the instructions on the install page, then open a root terminal and run 'su - omero'. The omero command should be in the PATH.

Basic configuration

Configure the database connection for the database created in a previous step:

  bash$> omero config set omero.db.name omero
  bash$> omero config set omero.db.user omero
  bash$> omero config set omero.db.pass 
  bash$> omero config set omero.data.dir /data/omero

Continue by creating the database tables and indexes:

  bash$> omero db script
  bash$> psql -h localhost -U omero omero < *.sql

LDAP authentication

This section describes configuring LDAP authentication using active directory. It's assumed that anonymous bind is unsupported, so a domain user account is required.

  # Generic settings:
  bash$> omero config set omero.ldap.config true
  bash$> omero config set omero.ldap.base DC=example,DC=com
  bash$> omero config set omero.ldap.referral follow
  bash$> omero config set omero.ldap.urls ldaps://dc.example.com:636

  # Configure Java CA certificate keystore (use 'locate cacerts' to find):
  bash$> omero config set omero.security.trustStore /etc/ssl/certs/java/cacerts

  # LDAP connection account (read-only):
  bash$> omero config set omero.ldap.password <secret>
  bash$> omero config set omero.ldap.username user@example.com

  # Configure authentication:
  bash$> omero config set omero.ldap.user_filter "(memberOf=CN=Omero Users,OU=Omero,DC=example,DC=com)"
  bash$> omero config set omero.ldap.user_mapping omeName=sAMAccountName,firstName=givenName,lastName=sn,email=mail

You might encounter SSL-connection problems with Java. See the Java SSL connection page for further guidance.

LDAP groups

These setting will automatic create all groups that the user logging on belongs to. The OMERO group name is mapped against the CN attribute for each group:

  bash$> omero config set omero.ldap.group_mapping name=cn
  bash$> omero config set omero.ldap.new_user_group :dn_attribute:memberOf
  bash$> omero config set omero.ldap.sync_on_login true

Setup OMERO.web with Apache/FastCGI

This section describes setting up FastCGI with Apache. The first step is to configure fastcgi-tcp and generate a Apache template file:

  bash$> cd /usr/local/omero
  bash$> omero config set omero.web.application_server "fastcgi-tcp"
  bash$> omero web config --system apache > apache.conf

Now (as root) include the template file in the main Apache configuration. The steps is distribution dependent, these are for Debian:

  bash$> cd /etc/apache2/sites-enabled
  bash$> mv -i /usr/local/omero/server/apache.conf /usr/local/omero/server/etc/
  bash$> ln -sf /usr/local/omero/server/etc/apache.conf 99-omero-web.conf 
  bash$> cd /etc/apache2/mods-enabled
  bash$> ln -s ../mods-available/rewrite.load .

Restart Apache

  bash$> /etc/init.d/apache2 configtest
  bash$> /etc/init.d/apache2 restart

OMERO.web should now be available from http://localhost/omero