I am having trouble using Active Directory while still designating certain users to have the ADMIN role in geoserver.
I am using Geoserver 2.5.0 and have been following the documentation at: http://docs.geoserver.org/stable/en/user/security/tutorials/activedirectory/index.html I am able to successfully authenticate users against Active Directory. You can type in a username, password for a user and Geoserver logs them in. However, I am not able to grant certain users the ADMIN role. How should I be translating our Active Directory structure into the LDAP setting fields? We have created a group in ADS: CN=Geobase Admins,OU=Application Groups,OU=COB Groups,OU=Groups,DC=cob,DC=bloomington,DC=in,DC=gov Members for this group show up in the group's member parameter as: CN=username,OU=Showers,OU=ITS,OU=City Hall,OU=Departments,DC=cob,DC=bloomington,DC=in,DC=gov In the LDAP Authentication Provider screen, I am not certain if I am getting the settings correct. I believe Geoserver is doing a search for groups using a username as the filter. In order to get a search like this to work in my LDAP client, I have to use: Search Base:CN=GeobaseAdmins,OU=Application Groups,OU=COB Groups,OU=Groups,dc=cob,dc=bloomington,dc=in,dc=gov Search filter:member=CN=username,OU=Showers,OU=ITS,OU=City Hall,OU=Departments,DC=cob,DC=bloomington,DC=in,DC=gov I have tried entering this information into the LDAP setting fields in many ways, yet, when I try the instructions in "Test a LDAP login", the user I log in as does not have administrative functionality. -- Cliff Ingham City of Bloomington, Indiana http://www.ohloh.net/accounts/inghamn ------------------------------------------------------------------------------ _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
