Richard Duivenvoorde ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A962dcbb5-105d-4b46-be3a-260ed24e958b ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10452?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) GEOS-10452 ( https://osgeo-org.atlassian.net/browse/GEOS-10452?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) Use of Active Directory authorisation seems broken since 2.15.2 (LDAP still works) ( https://osgeo-org.atlassian.net/browse/GEOS-10452?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) Issue Type: Bug Assignee: Unassigned Created: 07/Apr/22 5:38 PM Environment: Geoserver >= 2.15.2 on Windows, securing layers against Active Directory using the LDAP authentication Priority: Medium Reporter: Richard Duivenvoorde ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3A962dcbb5-105d-4b46-be3a-260ed24e958b ) In 2020 after an upgrade from 2.13 to a current version the untill then good working LDAP/Active directory authentication failed to work: https://sourceforge.net/p/geoserver/mailman/geoserver-users/thread/d2bb87fd-7a89-0aa5-7a3f-e975aaeba967%40posteo.de/ Recently on the mailing list somebody else reported the exact same issue: https://sourceforge.net/p/geoserver/mailman/geoserver-users/?viewmonth=202203 title ‘LDAP past version 15.2’ Untill now we ‘worked around this’ by using an old geoserver instance for the secure layer. In the thread above somebody suggested to try to remove gs-sec-ldap-2.xx.jar gs-web-sec-ldap-2.xx.jar and installing the related jars from the last working version, 2.15.2: gs-sec-ldap-2.15.2.jar gs-web-sec-ldap-2.15.2.jar That actually works! Another observation by others: LDAP also still works! I think around this commit: https://github.com/geoserver/geoserver/commit/c6ec068909cb552333d2a5ae0ea314ca37218b7b Fixing this: https://osgeo-org.atlassian.net/projects/GEOS/issues/GEOS-9199 https://github.com/geoserver/geoserver/pull/3487 our (earlier) working Active Directory setup actually broke down. My problem is that I cannot create an Active Directory myself (and certainly not a public one). So I’m very much hoping that somebody who can create an AD and can debug Geoserver (which I fail to do in the client environment (because of Windows/Firewall/Proxy etc etc) is able to reproduce this. As said in the mailing lists, Geoserver never receives any ‘Roles from search’ anymore: [org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] - Roles from search: [] ‘Offending’ line: https://github.com/geoserver/geoserver/blob/2.13.x/src/security/ldap/src/main/java/org/geoserver/security/ldap/BindingLdapAuthoritiesPopulator.java#L201 So: same datadir/config in 2.13 is working fine, above 2.15.x this breaks. Replacing the 2 jars above in a current Geoserver (just tested 2.20.0) immidialty make AD authentication work again. We do have some funding available for somebody willing (and able) to pick this up, either creating an actual fix, OR maybe adding some more debug info (in case this is a configuration issue, or AD is misbehaving) ( https://osgeo-org.atlassian.net/browse/GEOS-10452#add-comment?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10452#add-comment?atlOrigin=eyJpIjoiNWRjOTAzMjM3NGRhNDQ5OWJkY2FjYmFmZWM5ZWQwZmEiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100198- sha1:6f7fe5b )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
