On 04/02/2014 03:07 AM, Mauro Bartolomeoli wrote: > Moving this discussion too back to the mailing list. > > > 2014-04-01 20:26 GMT+02:00 Cliff Ingham <[email protected]>: > >> I've tried simply setting member={0}, but that does not work. And I'm >> not really certain how that could. How does the system know our full DN >> for users? > > > This is simple: when you authenticate geoserver gets the full user info > (including his/her DN from the LDAP repository, then it can use that or the > entered username to look for group membership). The fact that it doesn't > assign you admin role could be due to: > - inability to search for membership for security reasons (but normally a > logon user should be able to to those searches) > - wrong search filter > - some bugs in the code
We're using Active Directory and non-default directory structure. I still cannot figure out how geoserver would actually know the DN for a user. It would not get it from the bind operation. We bind with just a plain email address and password. This bind process does not return any data about the user entry. You would need to do a search for the user to get the full DN. And geoserver does not seem to have a configuration asking for the search base and filter for users. > > We had recently some problems when the folder containing groups has > subfolders inside. Could this be your case? We do, in fact, have lots of nested folders in our "Application Groups" folder. > > Thanks > Mauro Bartolomeoli > > ------------------------------------------------------------------------------ _______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
