Hi everybody,
Forwarding a thread from the users list to the developers list.
Summarizing: I would like to backport GEOS-5805 (improvements to LDAP AuthenticationProvider to allow usage with ActiveDirectory servers) to 2.3.x. I have currently tested it with a local Windows 2012 server and with a customer that is testing the latest master nightly build with their Windows 2008 server with good results (users are authenticated and roles correctly assigned based on Windows group membership, following the tutorial here: http://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html
So… other opinions?
Mauro
···
[Mauro]
[Andrea]
[Justin]
All for the backport. The ldap code pre the changes was mauro wasn’t exactly rock solid I think these changes make it much more useful. +1 and great work Mauro.
Yes, sure, and this is already done with GEOS-5805 on master (using the new option bindBeforeGroupSearch), but that enhancement has not been backported to 2.3.x yet (by the way, I was thinking to backport it, after 2.3.3 is out, what do you think about that?).
Sounds reasonable to me, but I’m not too familiar with the LDAP code, we should hear from Justin
too, and ask on the geoserver-devel list just to make sure.
Afaik you have been using the GEOS-5805 results on the stable series already (in a pre-production
environment? or was it production?) and it’s working fine, right?
+1 here.
The new GeoServer security subsystem has to settle down and due to my experience, most bug fixes / enhancements deserve to be backported.
···
2013/6/27 Mauro Bartolomeoli <mauro.bartolomeoli@anonymised.com>
Hi everybody,
Forwarding a thread from the users list to the developers list.
Summarizing: I would like to backport GEOS-5805 (improvements to LDAP AuthenticationProvider to allow usage with ActiveDirectory servers) to 2.3.x. I have currently tested it with a local Windows 2012 server and with a customer that is testing the latest master nightly build with their Windows 2008 server with good results (users are authenticated and roles correctly assigned based on Windows group membership, following the tutorial here: http://docs.geoserver.org/latest/en/user/security/tutorials/activedirectory/index.html
So… other opinions?
Mauro
–
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
DI Christian Mueller MSc (GIS), MSc (IT-Security)
OSS Open Source Solutions GmbH
[Mauro]
[Andrea]
[Justin]
All for the backport. The ldap code pre the changes was mauro wasn’t exactly rock solid I think these changes make it much more useful. +1 and great work Mauro.
Yes, sure, and this is already done with GEOS-5805 on master (using the new option bindBeforeGroupSearch), but that enhancement has not been backported to 2.3.x yet (by the way, I was thinking to backport it, after 2.3.3 is out, what do you think about that?).
Sounds reasonable to me, but I’m not too familiar with the LDAP code, we should hear from Justin
too, and ask on the geoserver-devel list just to make sure.
Afaik you have been using the GEOS-5805 results on the stable series already (in a pre-production
environment? or was it production?) and it’s working fine, right?