Hi Pavel,
the only particular thing I can spot in your configuration is that you use
the ldaps protocol (LDAP over SSL) but have not checked the TLS flag.
I think this can be part of the problem.
After enabling it you will probably have to deal with certificates and that
sort of stuff.
Regards,
Mauro Bartolomeoli
2015-02-24 5:06 GMT+01:00 <pavel.golodon...@csiro.au>:
> Hi Mauro,
>
> I have tried many different configurations but they all failed with same
> or very similar exceptions. I have attached a screenshot of one of the
> latest attempts that I’m made to JIRA issue
> https://jira.codehaus.org/browse/GEOS-6894. Here’s a direct link
> https://jira.codehaus.org/secure/attachment/67287/2015-02-24_120152.png
>
> I tried to follow many examples that I could find on the web, including
> geoserver docs and others like
> http://geoserver.geo-solutions.it/edu/en/security/ldap_authentication.html
>
> Thank you.
>
> Cheers,
> Pavel
>
>
> From: maurobartolome...@gmail.com [mailto:maurobartolome...@gmail.com] On
> Behalf Of Mauro Bartolomeoli
> Sent: Friday, 20 February 2015 3:56 PM
> To: Golodoniuc, Pavel (Mineral Resources, Kensington)
> Cc: GeoServer Mailing List List; Justin Deoliveira
> Subject: Re: LDAP authentication fails with "invalid DN"
>
> Hi Pavel,
>
> can you please share the configuration details for the LDAP authentication
> provider? A screenshot showing all the parameters you entered is fine.
>
> Thanks
> Mauro
>
>
> 2015-02-20 5:19 GMT+01:00 <pavel.golodon...@csiro.au>:
> Hi,
>
> I'm trying to set up a layer-based LDAP authentication in GeoServer in
> order to leverage existing infrastructure for user and group management.
> I've read
> http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html
> and tried many configuration options but still couldn't get it to work.
> Numerous posts in blogs and forums reporting similar issues with LDAP
> authentication didn't help much. I have seen a similar issue reported
> earlier https://jira.codehaus.org/browse/GEOS-5999 and there was one more
> that I can't find anymore..
>
> I consistently get [LDAP: error code 34 - invalid DN] error and the
> following gets logged in slapd syslog:
>
> Jan 29 10:52:05 cgsrv4 slapd[3326]: conn=8628 op=0 do_bind: invalid dn
> ((uid=Username))
>
> If I try to fully qualify the user lookup pattern
> (uid={0},ou=Users,dc=arrc,dc=csiro,dc=au) as some forum posts suggest I get
> the following with nothing logged in slapd logs (it looks like it doesn't
> even get there):
>
> 29 Jan 10:54:01 WARN [web.security] - Cannot authenticate Username
> javax.naming.AuthenticationException: Cannot authenticate Username
>
> I have logged the issue in JIRA https://jira.codehaus.org/browse/GEOS-6894
> with logs and stacktraces attached. I hope this extra bit of information
> will help identify the issue.
>
> Any help of suggestions where do I need to look at will be highly
> appreciated.
>
> Or maybe there're other ways to set up layer based authentication. Any
> experiences?
>
> CC'd the coders of this module so they'll hopefully where I've got it
> wrong.
>
> Thanks for your help!
>
> Pavel
>
>
>
>
> --
> ==
> GeoServer Professional Services from the experts! Visit
> http://goo.gl/NWWaa2 for more information.
> ==
>
> Dott. Mauro Bartolomeoli
> @mauro_bart
> Senior Software Engineer
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
> AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
> Le informazioni contenute in questo messaggio di posta elettronica e/o
> nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
> loro utilizzo è consentito esclusivamente al destinatario del messaggio,
> per le finalità indicate nel messaggio stesso. Qualora riceviate questo
> messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
> darcene notizia via e-mail e di procedere alla distruzione del messaggio
> stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
> divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
> utilizzarlo per finalità diverse, costituisce comportamento contrario ai
> principi dettati dal D.Lgs. 196/2003.
>
> The information in this message and/or attachments, is intended solely for
> the attention and use of the named addressee(s) and may be confidential or
> proprietary in nature or covered by the provisions of privacy act
> (Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
> Code).Any use not in accord with its purpose, any disclosure, reproduction,
> copying, distribution, or either dissemination, either whole or partial, is
> strictly forbidden except previous formal approval of the named
> addressee(s). If you are not the intended recipient, please contact
> immediately the sender by telephone, fax or e-mail and delete the
> information in this message that has been received in error. The sender
> does not give any warranty or accept liability as the content, accuracy or
> completeness of sent messages and accepts no responsibility for changes
> made after they were sent or for other risks which arise as a result of
> e-mail transmission, viruses, etc.
>
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
--
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
==
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
*AVVERTENZE AI SENSI DEL D.Lgs. 196/2003*
Le informazioni contenute in questo messaggio di posta elettronica e/o
nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il
loro utilizzo è consentito esclusivamente al destinatario del messaggio,
per le finalità indicate nel messaggio stesso. Qualora riceviate questo
messaggio senza esserne il destinatario, Vi preghiamo cortesemente di
darcene notizia via e-mail e di procedere alla distruzione del messaggio
stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso,
divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od
utilizzarlo per finalità diverse, costituisce comportamento contrario ai
principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for
the attention and use of the named addressee(s) and may be confidential or
proprietary in nature or covered by the provisions of privacy act
(Legislative Decree June, 30 2003, no.196 - Italy's New Data Protection
Code).Any use not in accord with its purpose, any disclosure, reproduction,
copying, distribution, or either dissemination, either whole or partial, is
strictly forbidden except previous formal approval of the named
addressee(s). If you are not the intended recipient, please contact
immediately the sender by telephone, fax or e-mail and delete the
information in this message that has been received in error. The sender
does not give any warranty or accept liability as the content, accuracy or
completeness of sent messages and accepts no responsibility for changes
made after they were sent or for other risks which arise as a result of
e-mail transmission, viruses, etc.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
