Hannes,
I see the group search filter you use is very complex compared to the
one Ian or I use.
Maybe your problem is there?
Best regards,
César Martínez
On Thu, 29 Feb 2024 at 16:03, Ian Turton <ijtur...@gmail.com> wrote:
>
>
>
> I'm sure that I made LDAP roles work with a more recent version of GeoServer
> at my previous job (unfortunately it's behind a firewall so I can't check) -
>
> My LDAPUserGroupService config contained:
>
> <groupSearchBase>ou=groups,dc=galbraith,dc=co,dc=uk</groupSearchBase>
> <groupNameAttribute>cn</groupNameAttribute>
>
> <allGroupsSearchFilter>(objectClass=groupOfUniqueNames)</allGroupsSearchFilter>
>
> <groupSearchFilter>(uniqueMember=uid={0},ou=users,dc=galbraith,dc=co,dc=uk)</groupSearchFilter>
> <groupMembershipAttribute>uniqueMember</groupMembershipAttribute>
> <userSearchBase>ou=users,dc=galbraith,dc=co,dc=uk</userSearchBase>
> <userNameAttribute>uid</userNameAttribute>
> <allUsersSearchFilter>(objectClass=inetOrgPerson)</allUsersSearchFilter>
> <useTLS>false</useTLS>
> <useNestedParentGroups>false</useNestedParentGroups>
> <maxGroupSearchLevel>10</maxGroupSearchLevel>
> <nestedGroupSearchFilter>(uniqueMember={0})</nestedGroupSearchFilter>
> <bindBeforeGroupSearch>true</bindBeforeGroupSearch>
> <rolePrefix>ROLE_</rolePrefix>
> <convertToUpperCase>true</convertToUpperCase>
>
> and my LDAPRoleServiceConfig
>
> included
>
> <groupSearchBase>ou=groups,dc=galbraith,dc=co,dc=uk</groupSearchBase>
> <allGroupsSearchFilter>cn=*</allGroupsSearchFilter>
>
> <groupSearchFilter>uniqueMember=uid={0},ou=users,dc=galbraith,dc=co,dc=uk</groupSearchFilter>
> <useTLS>false</useTLS>
> <useNestedParentGroups>false</useNestedParentGroups>
> <maxGroupSearchLevel>10</maxGroupSearchLevel>
> <nestedGroupSearchFilter>(member={0})</nestedGroupSearchFilter>
> <bindBeforeGroupSearch>true</bindBeforeGroupSearch>
> <adminGroup>ROLE_ADMINS</adminGroup>
> <groupAdminGroup>ROLE_ADMINS</groupAdminGroup>
> <rolePrefix>ROLE_</rolePrefix>
> <convertToUpperCase>true</convertToUpperCase>
>
>
> My notes also include in bold `You must make the new role service the active
> one by changing the drop down on the `security->settings` page
> https://docs.geoserver.org/latest/en/user/security/webadmin/settings.html#active-role-service
>
> I can highly recommend using a cli tool like ldapsearch to test out your
> queries to see what they should be, which is how I got to
> `(uniqueMember=cn={0},ou=users,dc=galbraith,dc=co,dc=uk)` for my group member
> search
>
> Ian
>
> On Thu, 29 Feb 2024 at 11:48, <hk.ihatemailingli...@enjoys.it> wrote:
>>
>> "I dont know what I am doing"-Chapter 23:
>>
>
> --
> Ian Turton
> _______________________________________________
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to this
> list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
César Martínez Izquierdo
GIS developer
- - - - - - - - - - - - - - - - - - - -
SCOLAB: http://www.scolab.es
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
