All, As I have not seen much activity on this particular topic. I am wondering whether we were able to successfully deploy Geoserver on this particular platform. Is there any documentation available?
On Jun 22, 2013, at 10:29 AM, geoserver-users-requ...@lists.sourceforge.net wrote: > Send Geoserver-users mailing list submissions to > geoserver-users@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/geoserver-users > or, via email, send a message with subject or body 'help' to > geoserver-users-requ...@lists.sourceforge.net > > You can reach the person managing the list at > geoserver-users-ow...@lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Geoserver-users digest..." > > > Today's Topics: > > 1. Re: Cannot map LDAP groups to GeoServer roles (Mauro Bartolomeoli) > 2. Re: Cannot map LDAP groups to GeoServer roles (Andrea Aime) > 3. Re: Cannot map LDAP groups to GeoServer roles (Justin Deoliveira) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 22 Jun 2013 14:57:21 +0200 > From: Mauro Bartolomeoli <mauro.bartolome...@geo-solutions.it> > Subject: Re: [Geoserver-users] Cannot map LDAP groups to GeoServer > roles > To: Andrea Aime <andrea.a...@geo-solutions.it> > Cc: Mauro Bartolomeoli <mauro.bartolome...@geo-solutions.it>, > GeoServer Mailing List List <geoserver-users@lists.sourceforge.net> > Message-ID: > <cadqu8v1bohbne8cvcw-moews90sm_pmcwycefaejqesq9zq...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > 2013/6/22 Andrea Aime <andrea.a...@geo-solutions.it> > >> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli < >> mauro.bartolome...@geo-solutions.it> wrote: >> >>> Yes, but what I exactly mean is that the Geoserver LDAP module, >>> internally, does two things: >>> 1) login to the LDAP server with the user credentials to authenticate it >>> (and this seems to be working for you) and then logs out from the LDAP >>> server (it only logins to check the user is authenticated) >>> 2) retrieve user groups with an anonymous search, without making a new >>> login to the LDAP server with user credentials. Many LDAP servers deny the >>> search to anonymous users and so no groups are retrieved, also if the user >>> is correctly authenticated >> >> Ah, really? This seems a bit dumb... would it be hard to make it >> authenticate also on the second request? >> If we have a user, why not use it, is there some particular setup where >> that would cause issues? > > Yes, sure, and this is already done with GEOS-5805 on master (using the new > option bindBeforeGroupSearch), but that enhancement has not been backported > to 2.3.x yet (by the way, I was thinking to backport it, after 2.3.3 is > out, what do you think about that?). > > Mauro > -- > == > Our support, Your Success! Visit http://opensdi.geo-solutions.it for more > information. > == > > Dott. Mauro Bartolomeoli > @mauro_bart > Senior Software Engineer > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Sat, 22 Jun 2013 15:06:01 +0200 > From: Andrea Aime <andrea.a...@geo-solutions.it> > Subject: Re: [Geoserver-users] Cannot map LDAP groups to GeoServer > roles > To: Mauro Bartolomeoli <mauro.bartolome...@geo-solutions.it>, Justin > Deoliveira <jdeol...@opengeo.org> > Cc: GeoServer Mailing List List > <geoserver-users@lists.sourceforge.net> > Message-ID: > <CA+nxMTubXh=ft4zqko9u0xd+sajrgg3xjqexngaazmsmqqu...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > On Sat, Jun 22, 2013 at 2:57 PM, Mauro Bartolomeoli < > mauro.bartolome...@geo-solutions.it> wrote: > >> >> >> >> 2013/6/22 Andrea Aime <andrea.a...@geo-solutions.it> >> >>> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli < >>> mauro.bartolome...@geo-solutions.it> wrote: >>> >>>> Yes, but what I exactly mean is that the Geoserver LDAP module, >>>> internally, does two things: >>>> 1) login to the LDAP server with the user credentials to authenticate >>>> it (and this seems to be working for you) and then logs out from the LDAP >>>> server (it only logins to check the user is authenticated) >>>> 2) retrieve user groups with an anonymous search, without making a new >>>> login to the LDAP server with user credentials. Many LDAP servers deny the >>>> search to anonymous users and so no groups are retrieved, also if the user >>>> is correctly authenticated >>> >>> Ah, really? This seems a bit dumb... would it be hard to make it >>> authenticate also on the second request? >>> If we have a user, why not use it, is there some particular setup where >>> that would cause issues? >> >> Yes, sure, and this is already done with GEOS-5805 on master (using the >> new option bindBeforeGroupSearch), but that enhancement has not been >> backported to 2.3.x yet (by the way, I was thinking to backport it, after >> 2.3.3 is out, what do you think about that?). > > Sounds reasonable to me, but I'm not too familiar with the LDAP code, we > should hear from Justin > too, and ask on the geoserver-devel list just to make sure. > Afaik you have been using the GEOS-5805 results on the stable series > already (in a pre-production > environment? or was it production?) and it's working fine, right? > > Cheers > Andrea > > -- > == > Our support, Your Success! Visit http://opensdi.geo-solutions.it for more > information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 1660272 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 3 > Date: Sat, 22 Jun 2013 08:29:17 -0600 > From: Justin Deoliveira <jdeol...@opengeo.org> > Subject: Re: [Geoserver-users] Cannot map LDAP groups to GeoServer > roles > To: Andrea Aime <andrea.a...@geo-solutions.it> > Cc: Mauro Bartolomeoli <mauro.bartolome...@geo-solutions.it>, > GeoServer Mailing List List <geoserver-users@lists.sourceforge.net> > Message-ID: > <CAEwWEk0=GgRohQOQWX7pC=nz0k5y9zzm351hymcqh8znow5...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > On Sat, Jun 22, 2013 at 7:06 AM, Andrea Aime > <andrea.a...@geo-solutions.it>wrote: > >> On Sat, Jun 22, 2013 at 2:57 PM, Mauro Bartolomeoli < >> mauro.bartolome...@geo-solutions.it> wrote: >> >>> >>> >>> >>> 2013/6/22 Andrea Aime <andrea.a...@geo-solutions.it> >>> >>>> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli < >>>> mauro.bartolome...@geo-solutions.it> wrote: >>>> >>>>> Yes, but what I exactly mean is that the Geoserver LDAP module, >>>>> internally, does two things: >>>>> 1) login to the LDAP server with the user credentials to authenticate >>>>> it (and this seems to be working for you) and then logs out from the LDAP >>>>> server (it only logins to check the user is authenticated) >>>>> 2) retrieve user groups with an anonymous search, without making a new >>>>> login to the LDAP server with user credentials. Many LDAP servers deny the >>>>> search to anonymous users and so no groups are retrieved, also if the user >>>>> is correctly authenticated >>>> >>>> Ah, really? This seems a bit dumb... would it be hard to make it >>>> authenticate also on the second request? >>>> If we have a user, why not use it, is there some particular setup where >>>> that would cause issues? >>> >>> Yes, sure, and this is already done with GEOS-5805 on master (using the >>> new option bindBeforeGroupSearch), but that enhancement has not been >>> backported to 2.3.x yet (by the way, I was thinking to backport it, after >>> 2.3.3 is out, what do you think about that?). >> >> Sounds reasonable to me, but I'm not too familiar with the LDAP code, we >> should hear from Justin >> too, and ask on the geoserver-devel list just to make sure. >> Afaik you have been using the GEOS-5805 results on the stable series >> already (in a pre-production >> environment? or was it production?) and it's working fine, right? > > All for the backport. The ldap code pre the changes was mauro wasn't > exactly rock solid :) I think these changes make it much more useful. +1 > and great work Mauro. > >> >> Cheers >> Andrea >> >> -- >> == >> Our support, Your Success! Visit http://opensdi.geo-solutions.it for more >> information. >> == >> >> Ing. Andrea Aime >> @geowolf >> Technical Lead >> >> GeoSolutions S.A.S. >> Via Poggio alle Viti 1187 >> 55054 Massarosa (LU) >> Italy >> phone: +39 0584 962313 >> fax: +39 0584 1660272 >> mob: +39 339 8844549 >> >> http://www.geo-solutions.it >> http://twitter.com/geosolutions_it >> >> ------------------------------------------------------- > > > > -- > Justin Deoliveira > OpenGeo - http://opengeo.org > Enterprise support for open source geospatial. > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > > ------------------------------ > > _______________________________________________ > Geoserver-users mailing list > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users > > > End of Geoserver-users Digest, Vol 85, Issue 90 > *********************************************** ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
