Hi
I set the configuration based on the tutorials to configure Geoserver
with AD
But it is not working as expected
In my Active Directory I have some users (ulysse and priam ) priam
belongs to GROUP1 , not ulysse
GROUP1 contains the list of admin users. My purpose is to give access
only to the admin users
GROUPUSERS is the organisation unit containing my users and groups
At the time beeing , I can log-in with priam or ulysse ... no difference
In the logs hereafter I have a message : "Roles from search: []" ==>
1) I did not set up any roles in Geoserver .... should I ?
Is it mandatory ?
2) or role is equivalent to group in LDAP ?
I tried to set those fields as follow in line with the ldapsearch
command. Not sure it is correct
<http://osgeo-org.1560.x6.nabble.com/file/t386351/XXXX.png>
And finally , how to interpret the logs for the LDAP queries ?
3) Is there a direct mapping such as :
"in search base" =
-b in ldapsearch
"with filter"
= filter list in ldapsearch
"Searching for roles for user" =
distinguishedname in ldapsearch
If you have any suggestions . Thanks for your help
+ ----------------------------------------------------- +
To check my LDAP request , I tried these
ldapsearch -xLLL -h $HOST -p $PORT -D $DN -w $PS -b
'ou=groupusers,dc=XXXX,dc=com'
"(&(distinguishedname=cn=ulysse,ou=groupusers,dc=XXXX,dc=com)(memberof=CN=GROUP1,ou=groupusers,DC=XXXX,DC=com))"
no data : OK. This is expected
ldapsearch -xLLL -h $HOST -p $PORT -D $DN -w $PS -b
'ou=groupusers,dc=XXXX,dc=com'
"(&(distinguishedname=cn=priam,ou=groupusers,dc=XXXX,dc=com)(memberof=CN=GROUP1,ou=groupusers,DC=XXXX,DC=com))"
priam is return : This is also expected OK
+--------------------------------------------------------------------------------------+
14 Apr 14:57:54 DEBUG
[org.geoserver.security.ldap.LDAPSecurityProvider$1] - Processing
authentication request for user: ulysse
14 Apr 14:57:54 DEBUG
[org.geoserver.security.ldap.GeoserverLdapBindAuthenticator] - Retrieving
user object using filter...
14 Apr 14:57:54 DEBUG
[org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] - Getting
authorities for user CN=ulysse,OU=groupusers,dc=XXXX,dc=com
14 Apr 14:57:54 DEBUG
[org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] - Searching
for roles for user 'ulysse', DN = 'CN=ulysse,OU=groupusers,dc=XXXX,dc=com',
with filter memberof=CN=GROUP1,ou=groupusers,DC=XXXX,DC=com in search base
'ou=groupusers,dc=XXXX,dc=com'
14 Apr 14:57:54 DEBUG
[org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] - Roles from
search: []
14 Apr 14:57:54 DEBUG
[org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter$1]
- Authentication success. Updating SecurityContextHolder to contain:
org.springframework.security.authentication.UsernamePasswordAuthenticationToken@487e0b7:
Principal:
org.springframework.security.ldap.userdetails.LdapUserDetailsImpl@faaa0f75:
Dn: CN=ulysse,OU=groupusers,dc=XXXX,dc=com; Username: ulysse; Password:
[PROTECTED]; Enabled: true; AccountNonExpired: true; CredentialsNonExpired:
true; AccountNonLocked: true; Not granted any authorities; Credentials:
[PROTECTED]; Authenticated: true; Details:
org.geoserver.security.filter.GeoServerWebAuthenticationDetails@0:
RemoteIpAddress: fe80:0:0:0:b2b9:25af:db1d:1a19%3; SessionId:
node0hpogk9zta2i81aarekjkevalv0; Granted
--
Sent from: http://osgeo-org.1560.x6.nabble.com/GeoServer-User-f3786390.html
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
