Hi Vera,
I haven't tried to do exactly what you are attempting, so I can't offer
direct help.
That said, just as sanity check, have you read through the security part
of the GeoServer docs
(https://docs.geoserver.org/latest/en/user/security/index.html)? It is
fairly thorough.
You could skip straight to the Auth chain
(https://docs.geoserver.org/latest/en/user/security/auth/chain.html) and
web UI pieces
(https://docs.geoserver.org/latest/en/user/security/auth/web.html).
As a guess, you may want to look through the data directory for
ROLE_AUTHENTICATED to get a sense of a what an authenticated users ought
to be able to do.
Cheers,
Jim
On 3/25/2020 3:24 PM, Vera Green wrote:
Hello,
If you have any related experience/advice we would appreciate it.
thanks much,
Vera
On Sat, Mar 21, 2020 at 8:01 PM Vera Green <vera.green...@gmail.com
<mailto:vera.green...@gmail.com>> wrote:
Hello,
We have integrated our GeoServer with active directory (AD) as per
this documentation
<https://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html>.
We are attempting to RESTRICT GeoServer access through the use of
an active directory GROUP.
Goal:
* KEEP default/basic users and local user functionality as is.
These users are created locally on GeoServer and authenticate
using the basic method. (Working)
* UPDATE the AD-LDAP authentication to:
o automatically synchronize users between GeoServer and AD
(Working)
o restrict AD users to the AD group: portal_user group:
+ Only users in this group will be available in the
GeoServer user list (working).
+ Only users in this AD group can log in to GeoServer
(ISSUE: ALL AD Users can log in)
*_Details On Issue:_*
AD-LDAP has been configured to synchronize with AD and restrict to
the portal_user group.
HOWEVER ... by doing a different test I realized still any AD user
can log in. The configuration I put in place was apparently only
for setting roles and permissions once the user has logged in, but
not to restrict or limit who can log in.
I tested other different LDAP filters trying to restrict
/Portal_User/ group only but it was worse (I got errors when
trying to log in).
Thanks in advance for any suggestions.
Please reply all.
Vera
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
