Hi Joern,
2014-02-19 17:18 GMT+01:00 joern ahlers <jahl...@gmx.de>:
> Hallo,
>
> i have problems to configurate geoserver 2.4.4 with OpenLDAP.
>
> The user authentification is no problem, but the role mapping.
>
> This ist the configuration:
>
> auth/LDAP/config.xml:
>
> <ldap>
> <id>-124b92a0:144408f13cf:-7ff6</id>
> <name>LDAP</name>
>
> <className>org.geoserver.security.ldap.LDAPAuthenticationProvider</className>
> <serverURL>ldap://*LDAPServerAdress*:389/dc=*test2*,dc=*test*
> ,dc=de</serverURL>
> <groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
> <groupSearchFilter>memberUid={0}</groupSearchFilter>
> <useTLS>false</useTLS>
> <userDnPattern>uid={0},ou=people</userDnPattern>
> </ldap>
>
>
To activate role mapping from LDAP you need to fill some more options in
the LDAP Authentication Provider page:
- check the "Use LDAP groups for authorization" checkbox
- fill the "Group search base" field: ou=GeoServer,ou=group should be good
for your configuration
- fill the "Group search filter" field: memberUid={0} should be good for
your configuration
- fill the "Admin Group" field: GEOSERVER_ADMIN should be good for your
configuration
- fill the "Group Admin Group" field: GEOSERVER_GROUP_ADMIN should be good
for your configuration
Some more documentation here:
http://docs.geoserver.org/stable/en/user/webadmin/security/auth.html#ldap-provider
>
> role/LDAP/config.xml
> <org.geoserver.security.ldap.LDAPRoleServiceConfig>
> <id>-124b92a0:144408f13cf:-7ff5</id>
> <name>LDAP</name>
> <className>org.geoserver.security.ldap.LDAPRoleService</className>
> <serverURL>ldap://*LDAPServerAdress*:389/dc=*test2*,dc=*test*,dc=de
> </serverURL>
> <groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
> <groupSearchFilter>memberUid={0}</groupSearchFilter>
> <useTLS>false</useTLS>
> <bindBeforeGroupSearch>true</bindBeforeGroupSearch>
> <adminGroup>ROLE_GEOSERVER_ADMIN</adminGroup>
> <groupAdminGroup>ROLE_GEOSERVER_GROUP_ADMIN</groupAdminGroup>
> <user>cn=admin,dc=*test2*,dc=*test*,dc=de</user>
> <password>*secret*</password>
> <allGroupsSearchFilter>cn=*</allGroupsSearchFilter>
> </org.geoserver.security.ldap.LDAPRoleServiceConfig>
>
The RoleService seems to be correctly configured, but this is not used for
role mapping (so it wasn't enough to get roles to user assignment), just
for role listing and permission assignments.
Let me know if this solves your issues.
Mauro
--
==
Our support, Your Success! Visit http://opensdi.geo-solutions.it for more
information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
