Hi,
still fighting
https://osgeo-org.atlassian.net/jira/core/projects/GEOS/issues/GEOS-10452
I now have a public working Active Directory and can confirm on a simple schema
that AD authorisation is still working with that simple schema
BUT: the (non public, production) is still failing to work (while working in
2.13...)
About the logic to check the (ldap) roles for a authorized user, am I right
think that:
- an (AD/LDAP) user is authenticated, and DURING the authentication the groups
are also sourced and added to the user-records (guessing here!!)
- so the logic to 'extract' the groups (for given user) is from the 'LDAP
authentication Provider' screen?
NOT so much the parameters you used for the LDAP Role Service?
There the given 'filter etc are only to authenticate given username/password to
extract all roles?
Or am I wrong here?
(From the blogs and documentation it is not so clear to me where all
Filters/Formats/Patterns in the dialogs are used for, and the fact that both
the Authentication and the Role Provider have group-params makes things more
complex to me).
IF I am right in the above, then I think that my problem is that the 'member's
in the 'groups' are not defined using their 'userPrincipalName' or
'sAMAccountName', but their CN: so I see normal names as members: 'Jim Doe'
instead...
Could this be the reason?
In the docs there is speak about 'place holders', so you can use member={0} to
search for the 'Username' in the groups.
But in this case these are Full Names.
So my question: is it possible to use member={CN} or so?
Or is the only solution, to ask the AD admins to create new groups using the
'userPrincipalName' or 'sAMAccountName' instead?
Any help or hint is appreciated,
Regards,
Richard Duivenvoorde
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
