[GeoNode-users] Authentication, Authorisation against LDAP

Simone Dalmasso simone.dalmasso at gmail.com
Tue Mar 14 05:12:02 PDT 2017 

somehting like:

>>> from geonode.groups.models import Group, GroupProfile
>>> the_group = Group.objects.filter(name="groupname")[0]
>>> GroupProfile.objects.create(group=the_group, title="the_title",
slug="the_slug", access="public/public-invite/private",
description="description")

2017-03-14 10:39 GMT+01:00 Christian Braun <christian.braun at list.lu>:

> Simone, thanks for your valuable input.
> Could you please help me with a shell command to achieve this?
>
> Best,
> Christian
>
> Christian Braun, MSc.
> Research Associate for Geocomputation
> eScience Unit
> Environmental Research and Innovation (ERIN) Department
> Luxembourg Institute of Science and Technology (LIST)
>
> 41, rue du Brill
> L-4422 Belvaux
> Tel: +352 42 59 91 - 6608
> Fax : +352 275 885
> E-mail : christian.braun at list.lu
>
> -----Simone Dalmasso <simone.dalmasso at gmail.com> wrote: -----To:
> Christian Braun <christian.braun at list.lu>
> From: Simone Dalmasso <simone.dalmasso at gmail.com>
> Date: 02.03.2017 15:29
> Cc: "geonode-users at lists.osgeo.org" <geonode-users at lists.osgeo.org>
> Subject: Re: [GeoNode-users] Authentication, Authorisation against LDAP
>
> I guess that in your case where you have django groups from ldap, you
> could try create a GroupProfile on top of them. Geonode uses the
> GroupProfile in the permissions editor and each GroupProfile has one django
> Group in it.. You have to create the GroupProfile via python though as the
> admin doesn't let you choose a group to associate to it.
>
> 2017-03-02 15:11 GMT+01:00 Christian Braun <christian.braun at list.lu>:
> Thanks for your quick and honest answer.
>
> What is then the point of GeoNode if I can not authenticate and authorise
> against a LDAP server to serve, in my case, several hundred users?
>
>
>
> Thanks,
>
> Christian
>
>
>
>
>
> Christian Braun, MSc.
>
> Research Associate for Geocomputation
>
> eScience Unit
>
> Environmental Research and Innovation (ERIN) Department
>
> Luxembourg Institute of Science and Technology (LIST)
>
>
>
> 41, rue du Brill
>
> L-4422 Belvaux
>
> Tel: +352 42 59 91 - 6608
>
> Fax : +352 275 885
>
> E-mail : christian.braun at list.lu
>
>
>
> -----Simone Dalmasso <simone.dalmasso at gmail.com> wrote: -----To:
> Christian Braun <christian.braun at list.lu>
>
> From: Simone Dalmasso <simone.dalmasso at gmail.com>
>
> Date: 02.03.2017 15:04
>
> Cc: "geonode-users at lists.osgeo.org" <geonode-users at lists.osgeo.org>
>
> Subject: Re: [GeoNode-users] Authentication, Authorisation against LDAP
>
>
>
> Hi Christian,I'm afraid this doesn't work as you expect, the
> authentication can work but the authorisation no because it's relying on
> local users. You would have to extend geonode to support that.
>
> 2017-03-02 13:50 GMT+01:00 Christian Braun <christian.braun at list.lu>:
>
> Dear list,
>
>
>
>
>
>
>
> I do have a fresh Geonode 2.4.1 installation from the Ubuntu stable
> repository running.
>
>
>
> I also tried to replicate with a checkout from Git with latest 2.5
> version. Same behaviour.
>
>
>
>
>
>
>
> I want to authenticate against our local corporate LDAP/Active Directory.
> This is working fine so far, I can login with my corporate credentials.
> User flags, like "superuser", "is_staff" and "is_active" are being
> replicated accordingly if I set AUTH_LDAP_USER_FLAGS_BY_GROUP. LDAP groups
> of the user are also replicated in the admin interface.
>
>
>
>
>
>
>
> But, how do I get group membership of authenticated users to work with
> Geonode group permissions and authorisation? Groups nor users are being
> replicated in the Geonode UI and I can not assign any rules, e.g. access to
> layers...
>
>
>
> This doesn't work as well with locally created users [1].
>
>
>
>
>
>
>
> Do I miss any steps of configuration to make this work? I think these
> things should work out-of-the-box, right?
>
>
>
>
>
>
>
>
>
>
>
> Many thanks in advance,
>
>
>
> Christian
>
>
>
>
>
>
>
>
>
>
>
> [1] http://docs.geonode.org/en/master/reference/security.
> html#permissions-and-geonode-objects
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Christian Braun, MSc.
>
>
>
> Research Associate for Geocomputation
>
>
>
> eScience Unit
>
>
>
> Environmental Research and Innovation (ERIN) Department
>
>
>
> Luxembourg Institute of Science and Technology (LIST)
>
>
>
>
>
>
>
> 41, rue du Brill
>
>
>
> L-4422 Belvaux
>
>
>
> Tel: +352 42 59 91 - 6608
>
>
>
> Fax : +352 275 885
>
>
>
> E-mail : christian.braun at list.lu
>
>
>
> _______________________________________________
>
>
>
> geonode-users mailing list
>
>
>
> geonode-users at lists.osgeo.org
>
>
>
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>
>
>
>
>
>
>
>
>
> --
>
> Simone
>
>
>
>
> --
> Simone
>



-- 
Simone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20170314/076186a5/attachment.html>

More information about the geonode-users mailing list