[Geoserver-users] ldap security issues in 2.16/17

Fri, 29 May 2020 05:52:13 -0700 

Hi List,

We have/had a working setup to secure layers based on LDAP/AD groups.
All works fine in 2.13.1 java8 (Windows machines, all java from
adoptopenjdk)

Then we got a new server (Windows0) and installed 2.16 (also tried 2.17)
and jdk11 and with identical setup I NEVER receive my 'groups'...

I'm aware of caches etc etc, so have restarted both
tomcat/browser/etcetc 1000 times. I keep seeing:

DEBUG [org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] -
Roles from search: []

This logline looks 100% the same between the two versions:

[org.geoserver.security.ldap.BindingLdapAuthoritiesPopulator] -
Searching for roles for user 'n3704', DN = 'CN=Duivenvoorde\,
Richard,OU=Users,OU=Xendesktop,OU=XXXX,dc=nieuwegein,dc=nl', with filter
(member={0}) in search base 'OU=Security Groups,OU=Groups,OU=XXXX'

Except that 2.13 returns my groups :-(

I even installed a fresh 2.13.1 with java8 on that machine, got a fresh
data_dir from the war, and put succesfully ldap security on sf.roads
layer...

But then going back to 2.16 (even reusing the succesfull data-dir) fails
again.

This is very hard to debug (I cannot see what is logged at the Active
Directory end, as that is corporate stuff there).

Anybody a clue? Only thing that changes is java (and I cannot test that
because 2.13 does not work with java11, and 2.16 not with java8 (mmm
THAT I did test).

Anybody has a recent succesfull LDAP setup?

Or hints on how to debug this (all Windows there, and not able to setup
a full debug setup there).

Any help appreciated

Regards,

Richard Duivenvoorde


_______________________________________________
Geoserver-users mailing list

Please make sure you read the following two resources before posting to this 
list:
- Earning your support instead of buying it, but Ian Turton: 
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines: 
http://geoserver.org/comm/userlist-guidelines.html

If you want to request a feature or an improvement, also see this: 
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer


Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to