We proxy everything through a Django app (codename GoldenEye, which also
does somewhat intelligent caching), though its probably 3-6 months from
becoming public (internally developed opensource app for the government). We
needed to have role based access control for vehicle tracking and sensitive
data sets our department deals with.
Django tied into AD users/groups nicely with django-auth-ldap (
http://packages.python.org/django-auth-ldap/)
To integrate with legacy (i.e. non openlayers) clients the django app issues
tokens that can be used as a request parameter to authenticate a user
instead of a cookie while they have an openlayers client open, so they can
use the wms/wfs services in clients like qgis/arcgis - it also lets web apps
without a secure backchannel get issued a permanent token and have all their
access spoofed as one user without exposing our directory
Hope that helps - I'll try and get some code out as soon as possible but
flat strapped at the moment preparing for the aussie fire season. Would be
nice to tie something similar into geonode (http://geonode.org/) but our use
cases are a bit custom at the moment.
Kind Regards,
Adon
On 25 August 2011 16:52, Mathieu Baudier <[email protected]> wrote:
> > Postgresql has user accounts , Geoserver has user accounts, and Ubuntu
> > has user accounts. How do I coordinate all of these users accounts to
> allow
> > access to some and restrict access to others?
>
> An approach is to integrate everything in LDAP.
> That's what we do but (on CentOS / RHEL):
> - OS users and groups in LDAP
> - GeoServer users in LDAP:
> http://wiki.osgeo.org/wiki/Enterprise_Linux_GIS#LDAP_Authentication
> (instrucitons are not platform specific).
>
> However in GeoServer we only synchronize authentication and did not
> succeed (nor really tried yet) to integrate authorization.
>
> Otherwise I saw once the GeoShield project being presented at a conference:
> http://istgeo.ist.supsi.ch/site/projects/geoshield
>
> Sounds interesting but I never tried it.
>
>
> ------------------------------------------------------------------------------
> EMC VNX: the world's simplest storage, starting under $10K
> The only unified storage solution that offers unified management
> Up to 160% more powerful than alternatives and 25% more efficient.
> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
--
Adon Metcalfe
Labyrinth Data Services Pty Ltd
http://www.labyrinthdata.net.au
------------------------------------------------------------------------------
EMC VNX: the world's simplest storage, starting under $10K
The only unified storage solution that offers unified management
Up to 160% more powerful than alternatives and 25% more efficient.
Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
