Hi Mauro,
I used the 1st method. I may have logged in with bill's credentials before
setting the groups once, but when I tested a second time on a clean install
I did not, and still saw the same caching issue. I wonder if this is
browser or system specific (I was testing on Chrome / Mac OS X 10.12)
Torben
On Wed, Jan 25, 2017 at 1:40 AM, Mauro Bartolomeoli <
[email protected]> wrote:
> Hi Torben,
> I looked a little bit more into the issue you reported.
>
> It seems to work as expected to me. Going to explain: you can give admin
> rights to users coming from LDAP in two ways:
> 1) using the LDAP Authentication Provider only, and filling the groups
> section as explained here: http://docs.geoserver.
> org/latest/en/user/security/tutorials/ldap/index.html#map-
> ldap-groups-to-geoserver-roles; a role service is not needed for this.
>
> After doing that, bill can log in with admin rights (I was able to do that
> on a fresh 2.10.1 installation). Question: did you login with bill
> credentials before mapping the groups (then you could experience caching
> issues)?
>
> 2) creating an LDAP role service as explained here:
> http://docs.geoserver.org/latest/en/user/security/
> tutorials/ldap/index.html#configure-the-ldap-role-service
> and setting that role service as the active one (this is not mentioned in
> the tutorial, where the role service is created, but not really enabled for
> active usage); the purpose of the tutorial was to enable seeing roles from
> LDAP in the authorizations sections (data / services), not enabling the
> role service for role binding; we can probably add a sentence or two in the
> tutorial to clarify this
>
> Regards,
> Mauro Bartolomeoli
>
> 2017-01-19 1:56 GMT+01:00 Torben Barsballe <[email protected]>:
>
>> I was testing out the GeoServer Authentication
>> <http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html>with
>> LDAP tutorial, and ran into this issue.
>>
>> After Step 5 of Map LDAP groups to GeoServer roles
>> <http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html#map-ldap-groups-to-geoserver-roles>,
>> the users with administrative roles (e.g. bill) do not behave as
>> administrators, but rather as regular users.
>>
>> Once restarting GeoServer, the users with administrative roles behave as
>> administrators, as expected.
>>
>> Reported as https://osgeo-org.atlassian.net/browse/GEOS-7936
>>
>>
>> I am not quite sure if this a documentation error with the tutorial, or a
>> regression in the LDAP security settings. If anyone with more experience
>> using the LDAP provider knows which of these is more likely, your knowledge
>> would be appreciated.
>>
>> Note that I was able to reproduce this issue with GeoServer 2.8.3 as well.
>>
>>
>> Torben
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Geoserver-devel mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
