Torsten Heinen created GEOS-5054:
------------------------------------
Summary: Role lookup fails on secured LDAP servers
Key: GEOS-5054
URL: https://jira.codehaus.org/browse/GEOS-5054
Project: GeoServer
Issue Type: Bug
Components: Security
Affects Versions: 2.2-beta1
Environment: Geoserver 2.2-beta-1, Active Directory based secured
LDAP, Tomcat 7.0.26, Java 1.7
Reporter: Torsten Heinen
Assignee: Andrea Aime
Attachments: geoserver-ldap-roles.log
As described in http://thread.gmane.org/gmane.comp.gis.geoserver.user/32105,
the LDAP role lookup seems to fail on LDAP servers that does not allow
anonymous bind. However, the user lookup works fine. The LDAP error indicates
that the anonymous lookup in the LDAP is not allowed. A probably similar
problem has been discussed and solved in:
http://stackoverflow.com/questions/5255158/spring-ldap-bind-for-successfull-connection
Configuration:
ServerURL: ldap://ldapserver:ldapport/dc=subdomain,dc=company,dc=com
User lookup pattern: cn={0}, ou=users, ou=path-to-users
Group search base: ou=groups,ou=path-to-groups
Group search filter: member={1}
Tomcat log:
{quote}
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr:
DSID-0C090627, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, vece]; remaining name
'OU=groups,OU=path-to-groups'
{quote}
Geoserver log:
{quote\
2012-04-18 13:56:47,874 DEBUG [userdetails.DefaultLdapAuthoritiesPopulator] -
Getting authorities for user
cn=testuser,ou=user,ou=path-to-users,dc=subdomain,dc=company,dc=com
2012-04-18 13:56:47,874 DEBUG [userdetails.DefaultLdapAuthoritiesPopulator] -
Searching for roles for user 'testuser', DN =
'cn=testuser,ou=user,ou=path-to-users,dc=subdomain,dc=company,dc=com', with
filter member={1} in search base 'OU=groups,OU=path-to-groups'
2012-04-18 13:56:47,874 DEBUG [ldap.SpringSecurityLdapTemplate] - Using filter:
member=testuser
2012-04-18 13:56:47,875 INFO [core.LdapTemplate] - The returnObjFlag of
supplied SearchControls is not set but a ContextMapper is used - setting flag
to true
2012-04-18 13:56:47,877 WARN
[authentication.SpringSecurityAuthenticationSource] - No Authentication object
set in SecurityContext - returning empty String as Principal
2012-04-18 13:56:47,877 WARN
[authentication.SpringSecurityAuthenticationSource] - No Authentication object
set in SecurityContext - returning empty String as Credentials
{quote}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
