Hi Cliff, I don't know if it's simply a mistype, but I see that in your initial mail the group is named "Geobase Admins", with a space in it, but in configuration you are missing the space.
Mauro 2014-04-01 17:40 GMT+02:00 Cliff Ingham <[email protected]>: > Sure. (I've changed the domain name of the server, to avoid embarrassment). > > Again, the part for the authentication itself seems to be working. > > Server URL: ldaps://localhost:636/dc=cob,dc=bloomington,dc=in,dc=gov > TLS: not checked > User lookup pattern: > Filter used to lookup user: userPrincipalName={0} > Format used for user login name: {0}@bloomington.in.gov > > > Here's what I've got in there right now. I've also tried many > variations of these settings, as well. > > Authorization > ------------ > Use LDAP groups for authorization: checked > Bind user before searching for groups: checked > Group search base:CN=GeobaseAdmins,OU=Application Groups,OU=COB > Groups,OU=Groups > Group search filter: member=CN={0},OU=Showers,OU=ITS,OU=City > Hall,OU=Departments,DC=cob,DC=bloomington,DC=in,DC=gov > Group to use as ADMIN: GEOBASEADMINS > Group to use as GROUP_ADMIN: > > > On 04/01/2014 11:24 AM, Mauro Bartolomeoli wrote: > > Hi Cliff, > > can you share the configuration of the LDAPAuthenticationProvider you are > > using? > > > > Mauro > > > > > > 2014-04-01 16:50 GMT+02:00 Cliff Ingham <[email protected]>: > > > >> I am having trouble using Active Directory while still designating > >> certain users to have the ADMIN role in geoserver. > >> > >> I am using Geoserver 2.5.0 and have been following the documentation at: > >> > >> > http://docs.geoserver.org/stable/en/user/security/tutorials/activedirectory/index.html > >> > >> I am able to successfully authenticate users against Active Directory. > >> You can type in a username, password for a user and Geoserver logs them > >> in. However, I am not able to grant certain users the ADMIN role. > >> > >> How should I be translating our Active Directory structure into the LDAP > >> setting fields? > >> > >> We have created a group in ADS: > >> CN=Geobase Admins,OU=Application Groups,OU=COB > >> Groups,OU=Groups,DC=cob,DC=bloomington,DC=in,DC=gov > >> > >> Members for this group show up in the group's member parameter as: > >> CN=username,OU=Showers,OU=ITS,OU=City > >> Hall,OU=Departments,DC=cob,DC=bloomington,DC=in,DC=gov > >> > >> In the LDAP Authentication Provider screen, I am not certain if I am > >> getting the settings correct. I believe Geoserver is doing a search for > >> groups using a username as the filter. In order to get a search like > >> this to work in my LDAP client, I have to use: > >> > >> Search Base:CN=GeobaseAdmins,OU=Application Groups,OU=COB > >> Groups,OU=Groups,dc=cob,dc=bloomington,dc=in,dc=gov > >> > >> Search filter:member=CN=username,OU=Showers,OU=ITS,OU=City > >> Hall,OU=Departments,DC=cob,DC=bloomington,DC=in,DC=gov > >> > >> I have tried entering this information into the LDAP setting fields in > >> many ways, yet, when I try the instructions in "Test a LDAP login", the > >> user I log in as does not have administrative functionality. > >> > >> > >> -- > >> Cliff Ingham > >> City of Bloomington, Indiana > >> http://www.ohloh.net/accounts/inghamn > >> > >> > >> > ------------------------------------------------------------------------------ > >> _______________________________________________ > >> Geoserver-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/geoserver-users > >> > > > > > > > -- == Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK for more information. == Dott. Mauro Bartolomeoli @mauro_bart Senior Software Engineer GeoSolutions S.A.S. Via Poggio alle Viti 1187 55054 Massarosa (LU) Italy phone: +39 0584 962313 fax: +39 0584 1660272 http://www.geo-solutions.it http://twitter.com/geosolutions_it -------------------------------------------------------
------------------------------------------------------------------------------
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
