Hello, If you have any related experience/advice we would appreciate it. thanks much, Vera
On Sat, Mar 21, 2020 at 8:01 PM Vera Green <vera.green...@gmail.com> wrote: > Hello, > We have integrated our GeoServer with active directory (AD) as per this > documentation > <https://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html> > . > We are attempting to RESTRICT GeoServer access through the use of an > active directory GROUP. > > Goal: > > - KEEP default/basic users and local user functionality as is. These > users are created locally on GeoServer and authenticate using the basic > method. (Working) > - UPDATE the AD-LDAP authentication to: > - automatically synchronize users between GeoServer and AD (Working) > - restrict AD users to the AD group: portal_user group: > - Only users in this group will be available in the GeoServer > user list (working). > - Only users in this AD group can log in to GeoServer (ISSUE: > ALL AD Users can log in) > > > *Details On Issue:* > > AD-LDAP has been configured to synchronize with AD and restrict to the > portal_user group. > > HOWEVER ... by doing a different test I realized still any AD user can > log in. The configuration I put in place was apparently only for setting > roles and permissions once the user has logged in, but not to restrict or > limit who can log in. > > I tested other different LDAP filters trying to restrict *Portal_User* group > only but it was worse (I got errors when trying to log in). > > > Thanks in advance for any suggestions. > > Please reply all. > > Vera >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
