I'd suggest running 2.16 or 2.17 with Java 8 - to rule out a java change.
If it continues to be an issue then we'll need to look to see if there were
any changes in the LDAP authentication code.
Ian
On Fri, 29 May 2020 at 13:51, Richard Duivenvoorde <rdmaili...@duif.net>
wrote:
> Hi List,
>
> We have/had a working setup to secure layers based on LDAP/AD groups.
> All works fine in 2.13.1 java8 (Windows machines, all java from
> adoptopenjdk)
>
> Then we got a new server (Windows0) and installed 2.16 (also tried 2.17)
> and jdk11 and with identical setup I NEVER receive my 'groups'...
>
> I'm aware of caches etc etc, so have restarted both
> tomcat/browser/etcetc 1000 times. I keep seeing:
>
> DEBUG [org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] -
> Roles from search: []
>
> This logline looks 100% the same between the two versions:
>
> [org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] -
> Searching for roles for user 'n3704', DN = 'CN=Duivenvoorde\,
> Richard,OU=Users,OU=Xendesktop,OU=XXXX,dc=nieuwegein,dc=nl', with filter
> (member={0}) in search base 'OU=Security Groups,OU=Groups,OU=XXXX'
>
> Except that 2.13 returns my groups :-(
>
> I even installed a fresh 2.13.1 with java8 on that machine, got a fresh
> data_dir from the war, and put succesfully ldap security on sf.roads
> layer...
>
> But then going back to 2.16 (even reusing the succesfull data-dir) fails
> again.
>
> This is very hard to debug (I cannot see what is logged at the Active
> Directory end, as that is corporate stuff there).
>
> Anybody a clue? Only thing that changes is java (and I cannot test that
> because 2.13 does not work with java11, and 2.16 not with java8 (mmm
> THAT I did test).
>
> Anybody has a recent succesfull LDAP setup?
>
> Or hints on how to debug this (all Windows there, and not able to setup
> a full debug setup there).
>
> Any help appreciated
>
> Regards,
>
> Richard Duivenvoorde
>
>
> _______________________________________________
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
--
Ian Turton
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
