2013/6/22 Andrea Aime <andrea.a...@geo-solutions.it>
> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli <
> mauro.bartolome...@geo-solutions.it> wrote:
>
>> Yes, but what I exactly mean is that the Geoserver LDAP module,
>> internally, does two things:
>> 1) login to the LDAP server with the user credentials to authenticate it
>> (and this seems to be working for you) and then logs out from the LDAP
>> server (it only logins to check the user is authenticated)
>> 2) retrieve user groups with an anonymous search, without making a new
>> login to the LDAP server with user credentials. Many LDAP servers deny the
>> search to anonymous users and so no groups are retrieved, also if the user
>> is correctly authenticated
>>
>
> Ah, really? This seems a bit dumb... would it be hard to make it
> authenticate also on the second request?
> If we have a user, why not use it, is there some particular setup where
> that would cause issues?
>
Yes, sure, and this is already done with GEOS-5805 on master (using the new
option bindBeforeGroupSearch), but that enhancement has not been backported
to 2.3.x yet (by the way, I was thinking to backport it, after 2.3.3 is
out, what do you think about that?).
Mauro
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
