Hi Mauro, thank you very much for your answer!
Dne 19.06.2013 20:50, Mauro Bartolomeoli napsal: > From my experience it depends on the LDAP server used. I had > successfully configured it with OpenLDAP. Which type of server are > you > using? I just used the acme-ldap.jar referenced from the tutorial. http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html I can try the OpenLDAP instead. > One limit of the 2.3.2 version is that it cannot read groups if > searches require the user to be logged in, because group searches are > all done anonymously. I assume you mean to be logged in into the LDAP, am I right? > In 2.4 version this will be possible. If you > wish you can try a nightly of the 2.4 (master) version to see if that > works in your case. > > Also, can you also tell me how have you configured group base and > filter? As in the tutorial: LDAP: ou=groups,dc=acme,dc=org cn=users,ou=groups,dc=acme,dc=org member: uid=bob,ou=people,dc=acme,dc=org member: uid=alice,ou=people,dc=acme,dc=org cn=admins,ou=groups,dc=acme,dc=org member: uid=bill,ou=people,dc=acme,dc=org GeoServer: Set Group search base to “ou=groups” Set Group search filter to “member={0}” Thank you again, Michal > > Mauro > > Il giorno 19/giu/2013 20:03, <[email protected]> ha scritto: > >> Hi all, >> >> has anybody managed to map the LDAP groups to GeoServer roles? In >> what >> GS version? Is 2.3.2. known to work with LDAP groups? >> >> (for details, please check the original post below) >> >> Kind Regards, >> >> Michal >> >> Dne 17.06.2013 18:25, [email protected] napsal: >> > Dear all, >> > >> > I am struggling to map the LDAP groups to GeoServer roles. I am >> using >> > GeoServer 2.3.2 and I followed the tutorial here: >> > >> > >> http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html >> [1] >> > The result is that I can log in to GeoServer as LDAP user, but no >> > role is assigned (except >> > ROLE_AUTHENTICATED). >> > >> > I tried it twice: >> > >> > First, I followed the tutorial step-by-step. I have configured the >> > LDAP connection, logged in as "bob", that was fine. Then I >> configured >> > LDAP groups mapping, added new role ROLE_ADMIN and configured it >> to >> > be >> > the Administrator role as described in the tutorial. The result >> was, >> > that I was able to log in as "bill", but no administration rights >> > were >> > available. As a side-effect, the "admin" user lost the >> administration >> > rights as well. (Note, that there are differences between the >> 2.3.2 >> > version and the tutorial screenshots: In the "XML Role Service >> > default", "Settings" tab, the choice for "Group administrator >> role" >> > is >> > missing in the screenshot. And, while the documentation speaks >> about >> > "ROLE_ADMINISTRATOR" and "ROLE_GROUP_ADMIN" roles, in 2.3.2 there >> are >> > "ADMIN" and "GROUP_ADMIN" roles instead.) >> > >> > Second, I followed the tutorial regarding the configuration, but >> > rather created "ROLE_USER" role in GeoServer for testing. I >> > configured >> > some layers to be readable for this role only and checked the >> > configuration with new GeoServer user with this role assigned. >> Then I >> > logged in as LDAP user "bob", (who is in the "user" LDAP group and >> > hence shoud have "ROLE_USER" GeoServer role assigned). "bob" can >> > log-in, but cannot see the restricted layers. (Yes, I did >> configure >> > the "Group search base" and "Group search filter" as described in >> the >> > tutorial.) GeoServer log is attached. Looking there, I see >> > >> > Granted Authorities: ; >> > >> > and >> > >> > Granted Authorities: ROLE_AUTHENTICATED >> > >> > so no LDAP groups were mapped. >> > >> > Would you have any idea or hint? >> > >> > Thank you very much in advance, >> > >> > Michal >> > >> > >> > >> ------------------------------------------------------------------------------ >> > This SF.net email is sponsored by Windows: >> > >> > Build for Windows Store. >> > >> > http://p.sf.net/sfu/windows-dev2dev [2] >> > >> > _______________________________________________ >> > Geoserver-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/geoserver-users [3] >> >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by Windows: >> >> Build for Windows Store. >> >> http://p.sf.net/sfu/windows-dev2dev [2] >> _______________________________________________ >> Geoserver-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/geoserver-users [3] > > > Links: > ------ > [1] > http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html > [2] http://p.sf.net/sfu/windows-dev2dev > [3] https://lists.sourceforge.net/lists/listinfo/geoserver-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
