Re: [Geoserver-users] Cannot map LDAP groups to GeoServer roles

Sat, 22 Jun 2013 06:07:11 -0700 

On Sat, Jun 22, 2013 at 2:57 PM, Mauro Bartolomeoli <
mauro.bartolome...@geo-solutions.it> wrote:

>
>
>
> 2013/6/22 Andrea Aime <andrea.a...@geo-solutions.it>
>
>> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli <
>> mauro.bartolome...@geo-solutions.it> wrote:
>>
>>> Yes, but what I exactly mean is that the Geoserver LDAP module,
>>> internally, does two things:
>>>  1) login to the LDAP server with the user credentials to authenticate
>>> it (and this seems to be working for you) and then logs out from the LDAP
>>> server (it only logins to check the user is authenticated)
>>>  2) retrieve user groups with an anonymous search, without making a new
>>> login to the LDAP server with user credentials. Many LDAP servers deny the
>>> search to anonymous users and so no groups are retrieved, also if the user
>>> is correctly authenticated
>>>
>>
>> Ah, really? This seems a bit dumb... would it be hard to make it
>> authenticate also on the second request?
>> If we have a user, why not use it, is there some particular setup where
>> that would cause issues?
>>
>
> Yes, sure, and this is already done with GEOS-5805 on master (using the
> new option bindBeforeGroupSearch), but that enhancement has not been
> backported to 2.3.x yet (by the way, I was thinking to backport it, after
> 2.3.3 is out, what do you think about that?).
>

Sounds reasonable to me, but I'm not too familiar with the LDAP code, we
should hear from Justin
too, and ask on the geoserver-devel list just to make sure.
Afaik you have been using the GEOS-5805 results on the stable series
already (in a pre-production
environment? or was it production?) and it's working fine, right?

Cheers
Andrea

-- 
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054  Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39  339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to