Hi Richard, we are using LDAP. LDAp was already running fine 2 years ago with Geoserver 2.13 when I joined my new employer. Our role service confguration (german ui) is approximately as follows:
Administrator Role: ROLE_ADMIN Group administrator role: ROLE_GRUPPEN_ADMIN Server-URL: ldap://****.de:389/dc=huhu,dc=de No TLS search base for groups; ou=ogc_dienste Suchfilter für Gruppenzugehörigkeit von Benutzern: member=cn={0},ou=user,dc=huhu,dc=de Suchfilter für alle Gruppen: cn=* verwendeter Filter für Benutzersuche: member=cn={0},ou=user,dc=huhu,dc=de authentification credentials and not Enable Hierarchical groups search Stefan Am 01.06.2020 um 13:23 schrieb Richard Duivenvoorde: > Hi Stefan, > > Thank, for the check! I was eager to see if it fitted, but we already > did not configure TLS ... I tested both, but without success > Are you authenticating against an Active Directory, or ldap? > > Pretty frustrating this. There is so much to configure with magic terms > like (member={0}) etc etc, and 'Group Search base' on different config > pages. > > There has to be some difference. I even swapped the spring-ldap jars in > the versions (without success). > Tried the 'group search' thingie etc etc > > There is (to me) no way to see what is sended/received (LDAP-wise) > because only the abstract filter and outcome are logged (and THOSE are > exactly the same, except that 2.13 is returning a set and >2.15 is not)? > > Regards, > Richard Duivenvoorde > > On 6/1/20 8:39 AM, Stefan Overkamp wrote: >> Hi list, >> >> we are running geoserver 2.17.0 in a docker container with >> tomcat:9.0.31-jdk11-openjdk >> and have no problems. >> >> I took a look into our ticket system and found an issue 2 month ago with >> ldap >> I had to change geoserver/security/role/[ourroleservicename]/config.xml >> from >> >> |<useTLS>true</useTLS> | >> >> to >> >> |<useTLS>false</useTLS> | >> >> Maybe there ist the same server configuration change on Richards ldap site. >> >> Stefan -- Dipl. Ing. Stefan Overkamp Laakmannsbusch 44, 42555 Velbert tel.: 0177 / 79 76 159 overk...@posteo.de _______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
