Hallo,
i have problems to configurate geoserver 2.4.4 with OpenLDAP.
The user authentification is no problem, but the role mapping.
This ist the configuration:
auth/LDAP/config.xml:
<ldap>
<id>-124b92a0:144408f13cf:-7ff6</id>
<name>LDAP</name>
<className>org.geoserver.security.ldap.LDAPAuthenticationProvider</className>
<serverURL>ldap://LDAPServerAdress:389/dc=test2,dc=test,dc=de</serverURL>
<groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
<groupSearchFilter>memberUid={0}</groupSearchFilter>
<useTLS>false</useTLS>
<userDnPattern>uid={0},ou=people</userDnPattern>
</ldap>
<id>-124b92a0:144408f13cf:-7ff6</id>
<name>LDAP</name>
<className>org.geoserver.security.ldap.LDAPAuthenticationProvider</className>
<serverURL>ldap://LDAPServerAdress:389/dc=test2,dc=test,dc=de</serverURL>
<groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
<groupSearchFilter>memberUid={0}</groupSearchFilter>
<useTLS>false</useTLS>
<userDnPattern>uid={0},ou=people</userDnPattern>
</ldap>
role/LDAP/config.xml
<org.geoserver.security.ldap.LDAPRoleServiceConfig>
<id>-124b92a0:144408f13cf:-7ff5</id>
<name>LDAP</name>
<className>org.geoserver.security.ldap.LDAPRoleService</className>
<serverURL>ldap://LDAPServerAdress:389/dc=test2,dc=test,dc=de</serverURL>
<groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
<groupSearchFilter>memberUid={0}</groupSearchFilter>
<useTLS>false</useTLS>
<bindBeforeGroupSearch>true</bindBeforeGroupSearch>
<adminGroup>ROLE_GEOSERVER_ADMIN</adminGroup>
<groupAdminGroup>ROLE_GEOSERVER_GROUP_ADMIN</groupAdminGroup>
<user>cn=admin,dc=test2,dc=test,dc=de</user>
<password>secret</password>
<allGroupsSearchFilter>cn=*</allGroupsSearchFilter>
</org.geoserver.security.ldap.LDAPRoleServiceConfig>
<id>-124b92a0:144408f13cf:-7ff5</id>
<name>LDAP</name>
<className>org.geoserver.security.ldap.LDAPRoleService</className>
<serverURL>ldap://LDAPServerAdress:389/dc=test2,dc=test,dc=de</serverURL>
<groupSearchBase>ou=GeoServer,ou=group</groupSearchBase>
<groupSearchFilter>memberUid={0}</groupSearchFilter>
<useTLS>false</useTLS>
<bindBeforeGroupSearch>true</bindBeforeGroupSearch>
<adminGroup>ROLE_GEOSERVER_ADMIN</adminGroup>
<groupAdminGroup>ROLE_GEOSERVER_GROUP_ADMIN</groupAdminGroup>
<user>cn=admin,dc=test2,dc=test,dc=de</user>
<password>secret</password>
<allGroupsSearchFilter>cn=*</allGroupsSearchFilter>
</org.geoserver.security.ldap.LDAPRoleServiceConfig>
role/default/roles.xml
<roleRegistry xmlns="http://www.geoserver.org/security/roles" version="1.0">
<roleList>
<role id="ADMIN"/>
<role id="GROUP_ADMIN"/>
<role id="ROLE_GEOSERVER_ADMIN"/>
<role id="ROLE_GEOSERVER_GROUP_ADMIN"/>
</roleList>
<userList>
<userRoles username="admin">
<roleRef roleID="ADMIN"/>
</userRoles>
</userList>
<groupList>
<groupRoles groupname="ROLE_GEOSERVER_ADMIN">
<roleRef roleID="ROLE_GEOSERVER_ADMIN"/>
</groupRoles>
</groupList>
</roleRegistry>
<roleList>
<role id="ADMIN"/>
<role id="GROUP_ADMIN"/>
<role id="ROLE_GEOSERVER_ADMIN"/>
<role id="ROLE_GEOSERVER_GROUP_ADMIN"/>
</roleList>
<userList>
<userRoles username="admin">
<roleRef roleID="ADMIN"/>
</userRoles>
</userList>
<groupList>
<groupRoles groupname="ROLE_GEOSERVER_ADMIN">
<roleRef roleID="ROLE_GEOSERVER_ADMIN"/>
</groupRoles>
</groupList>
</roleRegistry>
The LDAP containt the Groups geoserver_admin and geoserver_group_admin. The member attribute is memberUid.
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
