Re: [Geoserver-users] ogc api features filter: during

2024-03-02 Thread Andrea Aime 
I'm just guessing here (answering from phone), but if memory serves me
right, the default filter language changed from ECQL to CQL2 (following the
evolution of the standard), with an implementation that's also not up to
date (CQL2 keeps on changing). Try using filter-lang to choose ECQL instead?

Ah, found the syntax for CQL2, something like this (found it in tests for
our current implementation):

T_DURING(ATTR1, INTERVAL(TIMESTAMP('2006-11-30T01:30:00Z'),
TIMESTAMP('2006-12-31T01:30:00Z')))

However, it seems the CQL2 syntax evolved in the meantime, and the function
in the latest version can only be used
to compare an interval with another interval, and not any longer an instant
with an interval. Check the standard DRAFT here:
https://docs.ogc.org/DRAFTS/21-065.html

Long story short, if you want something that is stable interface wise, at
least for the time being, add "&filter-lang=ecql-tex" to your request
and keep on using GeoServer's own CQL flavor.


Regards,

Andrea Aime


==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail


On Sat, Mar 2, 2024 at 9:35 AM Jody Garnett  wrote:

> Verbeeck,
>
> The best way to assist with this project is to pitch in and help during an
> ogc / osgeo code sprint. Or to interact with the developer Andrea who is
> seeking funding to work on this module.
>
> It is really nice that you are testing, since the specification is a
> moving target I am not surprised if some functionality changes between 2.19
> and 2.24 (which is quite a long time for a community module).
>
> I also would love to see this module improved, but do not know how to get
> it funded (or myself time to work on it).
> --
> Jody Garnett
>
>
> On Mar 1, 2024 at 6:33:40 AM, Verbeeck Bart (AIV) via Geoserver-users <
> geoserver-users@lists.sourceforge.net> wrote:
>
>>
>>
>> Dear all
>>
>>
>>
>> The question below appears to be under LDAP snow.
>>
>> Meanwhile I found another time related issue
>>
>> in 2.19 time can be between single quotes (but doesn’t have to
>>
>> geo.api.vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
>> < %272024-02-28T09:19:48.330Z%27
>> 
>>
>> geo.api.vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
>> < 2024-02-28T09:19:48.330Z
>> 
>>
>>
>>
>> in 2.24 it has to be between single quotes
>>
>> geo.api.beta-vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
>> < %272024-02-28T09:19:48.330Z%27
>> 
>>
>> geo.api.beta-vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
>> < 2024-02-28T09:19:48.330Z
>> 
>>  (gives
>> error)
>>
>>
>>
>> same question: Is this a definitive chang

Re: [Geoserver-users] LDAP authentication with group/role discovery still seems broken

2024-03-02 Thread Ian Turton 
As I said I updated the manual to try to make this clearer, if you can
think of anything else that could be added please do edit it too.

Ian

On Fri, 1 Mar 2024, 13:43 ,  wrote:

> Ian, thank you so much! Your boldness saved the day/week/month :)
>
> Ian Turton schrieb am 29.02.2024 16:00 (GMT +01:00):
>
> > My notes also include in bold `You must make the new role service the
> > active one by changing the drop down on the `security->settings` page
> >
> https://docs.geoserver.org/latest/en/user/security/webadmin/settings.html#active-role-service
>
> This was it!
>
> Interestingly the log still says "[security.ldap] - Roles from search: []"
> but my test user DOES get its roles assigned properly now using our LDAP
> server:
>
> 01 Mar 08:29:05 DEBUG  [security.ldap] - Getting authorities for user
> uid=foo,cn=admins,cn=users,dc=example,dc=com
> 01 Mar 08:29:05 DEBUG  [security.ldap] - Searching for roles for user
> 'foo', DN = 'uid=foo,cn=admins,cn=users,dc=example,dc=com', with filter
> (&(objectClass=univentionGroup)(memberUid={1})) in search base
> 'cn=services,cn=groups,dc=example,dc=com'
> 01 Mar 08:29:05 DEBUG  [security.ldap] - Roles from search: []
> 01 Mar 08:29:05 DEBUG  [ldap.LDAPSecurityProvider$1] - Authenticated user
> 01 Mar 08:29:05 DEBUG
> [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Set
> SecurityContextHolder to UsernamePasswordAuthenticationToken
> [Principal=LdapUserDetailsImpl
> [Dn=uid=foo,cn=admins,cn=users,dc=example,dc=com; Username=foo;
> Password=[PROTECTED]; Enabled=true; AccountNonExpired=true;
> CredentialsNonExpired=true; AccountNonLocked=true; Granted Authorities=[]],
> Credentials=[PROTECTED], Authenticated=true,
> Details=GeoServerWebAuthenticationDetails [RemoteIpAddress=127.0.0.1,
> SessionId=123123123], Granted Authorities=[ROLE_AUTHENTICATED,
> ROLE_GEOSERVER_GLOBAL_ADMINS, ROLE_BEWARE_OF_THE_LEOPARD]]
>
> Phew!
>
> This leaves me confused though.
> - Are there two ways of group/role discovery for LDAP users, one in the
> Authentication Provider and one with a Role Service? What is the
> difference? Are they completely different things?
> - From the logs and behaviour it seems like the three "[security.ldap]"
> lines come from the Authentication Provider while the Role Service
> discovers them silently? Why does one discovery log something and the other
> doesn't?
>
> I'll update
> https://gis.stackexchange.com/questions/477658/geoserver-does-not-find-ldap-groups-of-user
> momentarily, including the minimal configuration I ended up with. There is
> better formatting and higher search engine discovery on that site so I hope
> you don't mind if I switch from the mailing list.
>
> Cheers, Hannes
>
> PS: Future reader, once you switch the Role Service your GeoServer user
> "admin" won't become a GeoServer admin anymore. Make sure you have access
> to the "root" user's master password or that your LDAP setup includes a
> user that will become GeoServer admin!
>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Re: [Geoserver-users] ogc api features filter: during

2024-03-02 Thread Jody Garnett 
 Verbeeck,

The best way to assist with this project is to pitch in and help during an
ogc / osgeo code sprint. Or to interact with the developer Andrea who is
seeking funding to work on this module.

It is really nice that you are testing, since the specification is a moving
target I am not surprised if some functionality changes between 2.19 and
2.24 (which is quite a long time for a community module).

I also would love to see this module improved, but do not know how to get
it funded (or myself time to work on it).
--
Jody Garnett


On Mar 1, 2024 at 6:33:40 AM, Verbeeck Bart (AIV) via Geoserver-users <
geoserver-users@lists.sourceforge.net> wrote:

>
>
> Dear all
>
>
>
> The question below appears to be under LDAP snow.
>
> Meanwhile I found another time related issue
>
> in 2.19 time can be between single quotes (but doesn’t have to
>
> geo.api.vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> < %272024-02-28T09:19:48.330Z%27
> 
>
> geo.api.vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> < 2024-02-28T09:19:48.330Z
> 
>
>
>
> in 2.24 it has to be between single quotes
>
> geo.api.beta-vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> < %272024-02-28T09:19:48.330Z%27
> 
>
> geo.api.beta-vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> < 2024-02-28T09:19:48.330Z
> 
>  (gives
> error)
>
>
>
> same question: Is this a definitive change or a bug?
>
>
>
> Bart
>
> *Van:* Verbeeck Bart (AIV) via Geoserver-users <
> geoserver-users@lists.sourceforge.net>
> *Verzonden:* woensdag 28 februari 2024 11:43
> *Aan:* geoserver-users 
> *Onderwerp:* [Geoserver-users] ogc api features filter: during
>
>
>
> Hello
>
>
>
> Concerning versions 2.19 -> 2.24, ogc api features
>
>
>
> It appears that version 2.24 doesnot (2.19 did) support the time filter
> keyword “during”.
>
>
>
> Is this a definitive change or a bug?
>
>
>
> 2.19
>
> geo.api.vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> during 2024-02-28T09:19:48.330Z/2024-03-29T22:59:59.999Z
> 
>
>
>
> 2.24
>
> geo.api.beta-vlaanderen.be/GIPOD/ogc/features/collections/HINDERGEVOLG/items?f=application/json&startIndex=0&crs=EPSG:31370&limit=20&filter=HindranceStart
> during 2024-02-28T09:19:48.330Z/2024-03-29T22:59:59.999Z
> 
>
>
>
> Bart
> ___
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
___
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to req