Hi.
>From my experience it depends on the LDAP server used. I had successfully
configured it with OpenLDAP. Which type of server are you using?
One limit of the 2.3.2 version is that it cannot read groups if searches
require the user to be logged in, because group searches are all done
anonymously. In 2.4 version this will be possible. If you wish you can try
a nightly of the 2.4 (master) version to see if that works in your case.
Also, can you also tell me how have you configured group base and filter?
Mauro
Il giorno 19/giu/2013 20:03, <[email protected]> ha scritto:
> Hi all,
>
> has anybody managed to map the LDAP groups to GeoServer roles? In what
> GS version? Is 2.3.2. known to work with LDAP groups?
>
> (for details, please check the original post below)
>
> Kind Regards,
>
> Michal
>
> Dne 17.06.2013 18:25, [email protected] napsal:
> > Dear all,
> >
> > I am struggling to map the LDAP groups to GeoServer roles. I am using
> > GeoServer 2.3.2 and I followed the tutorial here:
> >
> >
> http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html
> > The result is that I can log in to GeoServer as LDAP user, but no
> > role is assigned (except
> > ROLE_AUTHENTICATED).
> >
> > I tried it twice:
> >
> > First, I followed the tutorial step-by-step. I have configured the
> > LDAP connection, logged in as "bob", that was fine. Then I configured
> > LDAP groups mapping, added new role ROLE_ADMIN and configured it to
> > be
> > the Administrator role as described in the tutorial. The result was,
> > that I was able to log in as "bill", but no administration rights
> > were
> > available. As a side-effect, the "admin" user lost the administration
> > rights as well. (Note, that there are differences between the 2.3.2
> > version and the tutorial screenshots: In the "XML Role Service
> > default", "Settings" tab, the choice for "Group administrator role"
> > is
> > missing in the screenshot. And, while the documentation speaks about
> > "ROLE_ADMINISTRATOR" and "ROLE_GROUP_ADMIN" roles, in 2.3.2 there are
> > "ADMIN" and "GROUP_ADMIN" roles instead.)
> >
> > Second, I followed the tutorial regarding the configuration, but
> > rather created "ROLE_USER" role in GeoServer for testing. I
> > configured
> > some layers to be readable for this role only and checked the
> > configuration with new GeoServer user with this role assigned. Then I
> > logged in as LDAP user "bob", (who is in the "user" LDAP group and
> > hence shoud have "ROLE_USER" GeoServer role assigned). "bob" can
> > log-in, but cannot see the restricted layers. (Yes, I did configure
> > the "Group search base" and "Group search filter" as described in the
> > tutorial.) GeoServer log is attached. Looking there, I see
> >
> > Granted Authorities: ;
> >
> > and
> >
> > Granted Authorities: ROLE_AUTHENTICATED
> >
> > so no LDAP groups were mapped.
> >
> > Would you have any idea or hint?
> >
> > Thank you very much in advance,
> >
> > Michal
> >
> >
> >
> ------------------------------------------------------------------------------
> > This SF.net email is sponsored by Windows:
> >
> > Build for Windows Store.
> >
> > http://p.sf.net/sfu/windows-dev2dev
> >
> > _______________________________________________
> > Geoserver-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
> _______________________________________________
> Geoserver-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
