Hello, We have integrated our GeoServer with active directory (AD) as per this documentation <https://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html> . We are attempting to RESTRICT GeoServer access through the use of an active directory GROUP.
Goal: - KEEP default/basic users and local user functionality as is. These users are created locally on GeoServer and authenticate using the basic method. (Working) - UPDATE the AD-LDAP authentication to: - automatically synchronize users between GeoServer and AD (Working) - restrict AD users to the AD group: portal_user group: - Only users in this group will be available in the GeoServer user list (working). - Only users in this AD group can log in to GeoServer (ISSUE: ALL AD Users can log in) *Details On Issue:* AD-LDAP has been configured to synchronize with AD and restrict to the portal_user group. HOWEVER ... by doing a different test I realized still any AD user can log in. The configuration I put in place was apparently only for setting roles and permissions once the user has logged in, but not to restrict or limit who can log in. I tested other different LDAP filters trying to restrict *Portal_User* group only but it was worse (I got errors when trying to log in). Thanks in advance for any suggestions. Please reply all. Vera
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users