Hello,
We have integrated our GeoServer with active directory (AD) as per this
documentation
<https://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html>
.
We are attempting to RESTRICT GeoServer access through the use of an active
directory GROUP.
Goal:
- KEEP default/basic users and local user functionality as is. These
users are created locally on GeoServer and authenticate using the basic
method. (Working)
- UPDATE the AD-LDAP authentication to:
- automatically synchronize users between GeoServer and AD (Working)
- restrict AD users to the AD group: portal_user group:
- Only users in this group will be available in the GeoServer user
list (working).
- Only users in this AD group can log in to GeoServer (ISSUE: ALL
AD Users can log in)
*Details On Issue:*
AD-LDAP has been configured to synchronize with AD and restrict to the
portal_user group.
HOWEVER ... by doing a different test I realized still any AD user can log
in. The configuration I put in place was apparently only for setting roles
and permissions once the user has logged in, but not to restrict or limit
who can log in.
I tested other different LDAP filters trying to restrict *Portal_User* group
only but it was worse (I got errors when trying to log in).
Thanks in advance for any suggestions.
Please reply all.
Vera
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
