Hi all, has anybody managed to map the LDAP groups to GeoServer roles? In what GS version? Is 2.3.2. known to work with LDAP groups?
(for details, please check the original post below) Kind Regards, Michal Dne 17.06.2013 18:25, [email protected] napsal: > Dear all, > > I am struggling to map the LDAP groups to GeoServer roles. I am using > GeoServer 2.3.2 and I followed the tutorial here: > > http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html > The result is that I can log in to GeoServer as LDAP user, but no > role is assigned (except > ROLE_AUTHENTICATED). > > I tried it twice: > > First, I followed the tutorial step-by-step. I have configured the > LDAP connection, logged in as "bob", that was fine. Then I configured > LDAP groups mapping, added new role ROLE_ADMIN and configured it to > be > the Administrator role as described in the tutorial. The result was, > that I was able to log in as "bill", but no administration rights > were > available. As a side-effect, the "admin" user lost the administration > rights as well. (Note, that there are differences between the 2.3.2 > version and the tutorial screenshots: In the "XML Role Service > default", "Settings" tab, the choice for "Group administrator role" > is > missing in the screenshot. And, while the documentation speaks about > "ROLE_ADMINISTRATOR" and "ROLE_GROUP_ADMIN" roles, in 2.3.2 there are > "ADMIN" and "GROUP_ADMIN" roles instead.) > > Second, I followed the tutorial regarding the configuration, but > rather created "ROLE_USER" role in GeoServer for testing. I > configured > some layers to be readable for this role only and checked the > configuration with new GeoServer user with this role assigned. Then I > logged in as LDAP user "bob", (who is in the "user" LDAP group and > hence shoud have "ROLE_USER" GeoServer role assigned). "bob" can > log-in, but cannot see the restricted layers. (Yes, I did configure > the "Group search base" and "Group search filter" as described in the > tutorial.) GeoServer log is attached. Looking there, I see > > Granted Authorities: ; > > and > > Granted Authorities: ROLE_AUTHENTICATED > > so no LDAP groups were mapped. > > Would you have any idea or hint? > > Thank you very much in advance, > > Michal > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > > _______________________________________________ > Geoserver-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/geoserver-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
