[GeoNode-users] Authentication, Authorisation against LDAP

Simone Dalmasso simone.dalmasso at gmail.com
Thu Mar 2 06:34:57 PST 2017 

To answer your question, GeoNode isn't borne with LDAP support and you can
add it because Django can support it.
GeoNode does a nice job in managing authorisation at an object level, which
is not a django feature, this requires local users but Geonode open source
and anyone can contribute to it, I'm pretty sure that authorisation agains
LDAP would be a nice feature to have and contributions are more than
welcome.

2017-03-02 15:29 GMT+01:00 Simone Dalmasso <simone.dalmasso at gmail.com>:

> I guess that in your case where you have django groups from ldap, you
> could try create a GroupProfile on top of them. Geonode uses the
> GroupProfile in the permissions editor and each GroupProfile has one django
> Group in it.. You have to create the GroupProfile via python though as the
> admin doesn't let you choose a group to associate to it.
>
>
> 2017-03-02 15:11 GMT+01:00 Christian Braun <christian.braun at list.lu>:
>
>> Thanks for your quick and honest answer.
>> What is then the point of GeoNode if I can not authenticate and authorise
>> against a LDAP server to serve, in my case, several hundred users?
>>
>> Thanks,
>> Christian
>>
>>
>> Christian Braun, MSc.
>> Research Associate for Geocomputation
>> eScience Unit
>> Environmental Research and Innovation (ERIN) Department
>> Luxembourg Institute of Science and Technology (LIST)
>>
>> 41, rue du Brill
>> L-4422 Belvaux
>> Tel: +352 42 59 91 - 6608
>> Fax : +352 275 885
>> E-mail : christian.braun at list.lu
>>
>> -----Simone Dalmasso <simone.dalmasso at gmail.com> wrote: -----To:
>> Christian Braun <christian.braun at list.lu>
>> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>> Date: 02.03.2017 15:04
>> Cc: "geonode-users at lists.osgeo.org" <geonode-users at lists.osgeo.org>
>> Subject: Re: [GeoNode-users] Authentication, Authorisation against LDAP
>>
>> Hi Christian,I'm afraid this doesn't work as you expect, the
>> authentication can work but the authorisation no because it's relying on
>> local users. You would have to extend geonode to support that.
>> 2017-03-02 13:50 GMT+01:00 Christian Braun <christian.braun at list.lu>:
>> Dear list,
>>
>>
>>
>> I do have a fresh Geonode 2.4.1 installation from the Ubuntu stable
>> repository running.
>>
>> I also tried to replicate with a checkout from Git with latest 2.5
>> version. Same behaviour.
>>
>>
>>
>> I want to authenticate against our local corporate LDAP/Active Directory.
>> This is working fine so far, I can login with my corporate credentials.
>> User flags, like "superuser", "is_staff" and "is_active" are being
>> replicated accordingly if I set AUTH_LDAP_USER_FLAGS_BY_GROUP. LDAP groups
>> of the user are also replicated in the admin interface.
>>
>>
>>
>> But, how do I get group membership of authenticated users to work with
>> Geonode group permissions and authorisation? Groups nor users are being
>> replicated in the Geonode UI and I can not assign any rules, e.g. access to
>> layers...
>>
>> This doesn't work as well with locally created users [1].
>>
>>
>>
>> Do I miss any steps of configuration to make this work? I think these
>> things should work out-of-the-box, right?
>>
>>
>>
>>
>>
>> Many thanks in advance,
>>
>> Christian
>>
>>
>>
>>
>>
>> [1] http://docs.geonode.org/en/master/reference/security.html#
>> permissions-and-geonode-objects
>>
>>
>>
>>
>>
>>
>>
>> Christian Braun, MSc.
>>
>> Research Associate for Geocomputation
>>
>> eScience Unit
>>
>> Environmental Research and Innovation (ERIN) Department
>>
>> Luxembourg Institute of Science and Technology (LIST)
>>
>>
>>
>> 41, rue du Brill
>>
>> L-4422 Belvaux
>>
>> Tel: +352 42 59 91 - 6608
>>
>> Fax : +352 275 885
>>
>> E-mail : christian.braun at list.lu
>>
>> _______________________________________________
>>
>> geonode-users mailing list
>>
>> geonode-users at lists.osgeo.org
>>
>> https://lists.osgeo.org/mailman/listinfo/geonode-users
>>
>>
>>
>>
>> --
>> Simone
>>
>
>
>
> --
> Simone
>



-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170302/7dc44786/attachment-0001.html>

More information about the geonode-users mailing list