Hi Torben,
I looked a little bit more into the issue you reported.
It seems to work as expected to me. Going to explain: you can give admin
rights to users coming from LDAP in two ways:
1) using the LDAP Authentication Provider only, and filling the groups
section as explained here:
http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#map-ldap-groups-to-geoserver-roles;
a role service is not needed for this.
After doing that, bill can log in with admin rights (I was able to do that
on a fresh 2.10.1 installation). Question: did you login with bill
credentials before mapping the groups (then you could experience caching
issues)?
2) creating an LDAP role service as explained here:
http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#configure-the-ldap-role-service
and setting that role service as the active one (this is not mentioned in
the tutorial, where the role service is created, but not really enabled for
active usage); the purpose of the tutorial was to enable seeing roles from
LDAP in the authorizations sections (data / services), not enabling the
role service for role binding; we can probably add a sentence or two in the
tutorial to clarify this
Regards,
Mauro Bartolomeoli
2017-01-19 1:56 GMT+01:00 Torben Barsballe <[email protected]>:
> I was testing out the GeoServer Authentication
> <http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html>with
> LDAP tutorial, and ran into this issue.
>
> After Step 5 of Map LDAP groups to GeoServer roles
> <http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#map-ldap-groups-to-geoserver-roles>,
> the users with administrative roles (e.g. bill) do not behave as
> administrators, but rather as regular users.
>
> Once restarting GeoServer, the users with administrative roles behave as
> administrators, as expected.
>
> Reported as https://osgeo-org.atlassian.net/browse/GEOS-7936
>
>
> I am not quite sure if this a documentation error with the tutorial, or a
> regression in the LDAP security settings. If anyone with more experience
> using the LDAP provider knows which of these is more likely, your knowledge
> would be appreciated.
>
> Note that I was able to reproduce this issue with GeoServer 2.8.3 as well.
>
>
> Torben
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Geoserver-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
