Ok, thanks Justin. The filter looks good when using member={1}, see
[1]. However, I've got the same servlet exception as before:
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr:
DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece];
remaining name 'ou=groups'
Actually, this error seems to indicates that Spring should bind to the
LDAP server before doing the role search. I've checked our active
directory server and as in [2] it does now allow anonymous searches.
Maybe Geoserver does not bind/authenticate to LDAP when doing the role lookup?
Cheers, Torsten
[1] Login with LDAP groups enabled and member={1} filter:
2012-04-17 13:36:00,541 DEBUG
[authentication.UsernamePasswordAuthenticationFilter] - Request is to
process authentication
2012-04-17 13:36:00,541 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.auth.GeoServerRootAuthenticationProvider
2012-04-17 13:36:00,541 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.auth.UsernamePasswordAuthenticationProvider
2012-04-17 13:36:00,541 DEBUG [dao.DaoAuthenticationProvider] -
Authentication failed: password does not match stored value
2012-04-17 13:36:00,542 DEBUG [authentication.ProviderManager] -
Authentication attempt using
org.geoserver.security.ldap.LDAPAuthenticationProvider
2012-04-17 13:36:00,542 DEBUG
[authentication.LdapAuthenticationProvider] - Processing
authentication request for user: testuser
2012-04-17 13:36:00,542 DEBUG [authentication.BindAuthenticator] -
Attempting to bind as
cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,542 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-17 13:36:00,542 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=pany,dc=com
2012-04-17 13:36:00,542 DEBUG
[ldap.DefaultSpringSecurityContextSource] - Removing pooling flag for
user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,577 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=pany,dc=com'
2012-04-17 13:36:00,577 DEBUG [authentication.BindAuthenticator] -
Retrieving attributes...
2012-04-17 13:36:00,622 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Getting authorities
for user cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com
2012-04-17 13:36:00,622 DEBUG
[userdetails.DefaultLdapAuthoritiesPopulator] - Searching for roles
for user 'testuser', DN =
'cn=testuser,ou=users,ou=path-to-users,dc=pany,dc=com', with filter
member={1} in search base 'OU=groups,OU=path-to-groups,dc=pany,dc=com'
2012-04-17 13:36:00,622 DEBUG [ldap.SpringSecurityLdapTemplate] -
Using filter: member=testuser
2012-04-17 13:36:00,622 INFO [core.LdapTemplate] - The returnObjFlag
of supplied SearchControls is not set but a ContextMapper is used -
setting flag to true
2012-04-17 13:36:00,623 WARN
[authentication.SpringSecurityAuthenticationSource] - No
Authentication object set in SecurityContext - returning empty String
as Principal
2012-04-17 13:36:00,623 WARN
[authentication.SpringSecurityAuthenticationSource] - No
Authentication object set in SecurityContext - returning empty String
as Credentials
2012-04-17 13:36:00,623 DEBUG [support.AbstractContextSource] - Using
LDAP pooling.
2012-04-17 13:36:00,623 DEBUG [support.AbstractContextSource] - Trying
provider Urls: ldap://server:389/dc=pany,dc=com
2012-04-17 13:36:00,654 DEBUG [support.AbstractContextSource] - Got
Ldap context on server 'ldap://server:389/dc=pany,dc=com'
2012-04-17 13:36:00,669 DEBUG
[context.HttpSessionSecurityContextRepository] - SecurityContext is
empty or contents are anonymous - context will not be stored in
HttpSession.
2012-04-17 13:36:00,669 DEBUG
[context.SecurityContextPersistenceFilter] - SecurityContextHolder now
cleared, as request processing completed
[2]
http://stackoverflow.com/questions/5255158/spring-ldap-bind-for-successfull-connection
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
