After enabling it you will probably have to deal with certificates and that sort of stuff.
···
2015-02-24 5:06 GMT+01:00 <Pavel.Golodoniuc@anonymised.com>:
Hi Mauro,
I have tried many different configurations but they all failed with same or very similar exceptions. I have attached a screenshot of one of the latest attempts that I’m made to JIRA issue https://jira.codehaus.org/browse/GEOS-6894. Here’s a direct link https://jira.codehaus.org/secure/attachment/67287/2015-02-24_120152.png
I tried to follow many examples that I could find on the web, including geoserver docs and others like http://geoserver.geo-solutions.it/edu/en/security/ldap_authentication.html
Thank you.
Cheers,
Pavel
From: maurobartolomeoli@anonymised.com [mailto:maurobartolomeoli@anonymised.com] On Behalf Of Mauro Bartolomeoli
Sent: Friday, 20 February 2015 3:56 PM
To: Golodoniuc, Pavel (Mineral Resources, Kensington)
Cc: GeoServer Mailing List List; Justin Deoliveira
Subject: Re: LDAP authentication fails with “invalid DN”
Hi Pavel,
can you please share the configuration details for the LDAP authentication provider? A screenshot showing all the parameters you entered is fine.
Thanks
Mauro
2015-02-20 5:19 GMT+01:00 Pavel.Golodoniuc@anonymised.com:
Hi,
I’m trying to set up a layer-based LDAP authentication in GeoServer in order to leverage existing infrastructure for user and group management. I’ve read http://docs.geoserver.org/latest/en/user/security/tutorials/ldap/index.html and tried many configuration options but still couldn’t get it to work. Numerous posts in blogs and forums reporting similar issues with LDAP authentication didn’t help much. I have seen a similar issue reported earlier https://jira.codehaus.org/browse/GEOS-5999 and there was one more that I can’t find anymore…
I consistently get [LDAP: error code 34 - invalid DN] error and the following gets logged in slapd syslog:
Jan 29 10:52:05 cgsrv4 slapd[3326]: conn=8628 op=0 do_bind: invalid dn ((uid=Username))
If I try to fully qualify the user lookup pattern (uid={0},ou=Users,dc=arrc,dc=csiro,dc=au) as some forum posts suggest I get the following with nothing logged in slapd logs (it looks like it doesn’t even get there):
29 Jan 10:54:01 WARN [web.security] - Cannot authenticate Username
javax.naming.AuthenticationException: Cannot authenticate Username
I have logged the issue in JIRA https://jira.codehaus.org/browse/GEOS-6894 with logs and stacktraces attached. I hope this extra bit of information will help identify the issue.
Any help of suggestions where do I need to look at will be highly appreciated.
Or maybe there’re other ways to set up layer based authentication. Any experiences?
CC’d the coders of this module so they’ll hopefully where I’ve got it wrong.
Thanks for your help!
Pavel
–
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
–
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
==
GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.
Dott. Mauro Bartolomeoli
@mauro_bart
Senior Software Engineer
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
AVVERTENZE AI SENSI DEL D.Lgs. 196/2003
Le informazioni contenute in questo messaggio di posta elettronica e/o nel/i file/s allegato/i sono da considerarsi strettamente riservate. Il loro utilizzo è consentito esclusivamente al destinatario del messaggio, per le finalità indicate nel messaggio stesso. Qualora riceviate questo messaggio senza esserne il destinatario, Vi preghiamo cortesemente di darcene notizia via e-mail e di procedere alla distruzione del messaggio stesso, cancellandolo dal Vostro sistema. Conservare il messaggio stesso, divulgarlo anche in parte, distribuirlo ad altri soggetti, copiarlo, od utilizzarlo per finalità diverse, costituisce comportamento contrario ai principi dettati dal D.Lgs. 196/2003.
The information in this message and/or attachments, is intended solely for the attention and use of the named addressee(s) and may be confidential or proprietary in nature or covered by the provisions of privacy act (Legislative Decree June, 30 2003, no.196 - Italy’s New Data Protection Code).Any use not in accord with its purpose, any disclosure, reproduction, copying, distribution, or either dissemination, either whole or partial, is strictly forbidden except previous formal approval of the named addressee(s). If you are not the intended recipient, please contact immediately the sender by telephone, fax or e-mail and delete the information in this message that has been received in error. The sender does not give any warranty or accept liability as the content, accuracy or completeness of sent messages and accepts no responsibility for changes made after they were sent or for other risks which arise as a result of e-mail transmission, viruses, etc.
