On Sat, Jun 22, 2013 at 7:06 AM, Andrea Aime
<[email protected]>wrote:
> On Sat, Jun 22, 2013 at 2:57 PM, Mauro Bartolomeoli <
> [email protected]> wrote:
>
>>
>>
>>
>> 2013/6/22 Andrea Aime <[email protected]>
>>
>>> On Thu, Jun 20, 2013 at 8:50 AM, Mauro Bartolomeoli <
>>> [email protected]> wrote:
>>>
>>>> Yes, but what I exactly mean is that the Geoserver LDAP module,
>>>> internally, does two things:
>>>> 1) login to the LDAP server with the user credentials to authenticate
>>>> it (and this seems to be working for you) and then logs out from the LDAP
>>>> server (it only logins to check the user is authenticated)
>>>> 2) retrieve user groups with an anonymous search, without making a new
>>>> login to the LDAP server with user credentials. Many LDAP servers deny the
>>>> search to anonymous users and so no groups are retrieved, also if the user
>>>> is correctly authenticated
>>>>
>>>
>>> Ah, really? This seems a bit dumb... would it be hard to make it
>>> authenticate also on the second request?
>>> If we have a user, why not use it, is there some particular setup where
>>> that would cause issues?
>>>
>>
>> Yes, sure, and this is already done with GEOS-5805 on master (using the
>> new option bindBeforeGroupSearch), but that enhancement has not been
>> backported to 2.3.x yet (by the way, I was thinking to backport it, after
>> 2.3.3 is out, what do you think about that?).
>>
>
> Sounds reasonable to me, but I'm not too familiar with the LDAP code, we
> should hear from Justin
> too, and ask on the geoserver-devel list just to make sure.
> Afaik you have been using the GEOS-5805 results on the stable series
> already (in a pre-production
> environment? or was it production?) and it's working fine, right?
>
All for the backport. The ldap code pre the changes was mauro wasn't
exactly rock solid :) I think these changes make it much more useful. +1
and great work Mauro.
>
> Cheers
> Andrea
>
> --
> ==
> Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
> information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
Justin Deoliveira
OpenGeo - http://opengeo.org
Enterprise support for open source geospatial.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
