<div dir="ltr">Dear Chiara,<div>typically the issue is mostly related to misconfiguration. You'll need to be sure the following parameters have been correctly configured and the filters actually return the entities you are looking for</div><div><br></div><div><font face="monospace">LDAP_SERVER_URL=ldap://<the_ldap_server><br>LDAP_BIND_DN=uid=ldapinfo,cn=users,dc=ad,dc=example,dc=org<br>LDAP_BIND_PASSWORD=<something_secret><br>LDAP_USER_SEARCH_DN=dc=ad,dc=example,dc=org<br>LDAP_USER_SEARCH_FILTERSTR=(&(uid=%(user)s)(objectClass=person))<br>LDAP_GROUP_SEARCH_DN=cn=groups,dc=ad,dc=example,dc=org<br>LDAP_GROUP_SEARCH_FILTERSTR=(|(cn=abt1)(cn=abt2)(cn=abt3)(cn=abt4)(cn=abt5)(cn=abt6))<br>LDAP_GROUP_PROFILE_MEMBER_ATTR=uniqueMember</font><br></div><div><br></div><div>Unfortunately, there's no standard configuration here. This really depends on your LDAP structure.</div><div><br></div><div>It is worth trying the filters first from the Django shell, as an instance:</div><div><br></div><div><font face="monospace">import ldap<br>conn = ldap.initialize("ldap://

<the_ldap_server>

")<br>conn.simple_bind_s("<LDAP_BIND_USER_FULL_DN>", "<LDAP_BIND_PASSWORD>")</font></div><div><font face="monospace"><br></font></div><div><font face="monospace"># Search users<br>conn.search_s("ou=something,dc=ad,dc=example,dc=org", ldap.SCOPE_SUBTREE, "(&(uid=*)(objectClass=person))")</font></div><div><font face="monospace"><br></font></div><div><font face="monospace"># Search groups<br>conn.search_s("cn=groups,dc=ad,

dc=example,dc=org", ldap.SCOPE_SUBTREE, "(|(cn=group1_name)(cn=group2_name)(cn=

group2_name

)(cn=group3_name)(cn=group4_name)(cn=group5_name))")</font><br></div><div><br></div><div>Once you are sure your filters return what you need (users and groups) you can put those into the settings.</div><div><br></div><div>If everything works as expected, at first login, if the user does not exist, GeoNode will try to authenticate against your LDAP server. If successful, it will get user info from LDAP and will create the internal user accordingly.</div><div><br></div><div>In order to keep Groups and Users synchronized with LDAP, you will need to create some cron jobs running every X minutes, checking for changes on the LDAP tree.</div><div><br></div><div>Regards,</div><div>Alessio.</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno mar 29 ott 2019 alle ore 14:49 Chiara Sammarco <<a href="mailto:chiara.sammarco@geodatalab.it">chiara.sammarco@geodatalab.it</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Everyone, <br>I'm having some troubles in configuring AUTH LDAP in geonode 2.10 (Ubuntu 18.04). Actually, I'm using SPCGeoNode, so I'm dealing with docker containers.<div>I've read and used this guide to setup my configuration: <a href="http://docs.geonode.org/en/2.10.x/advanced/contrib/" target="_blank">http://docs.geonode.org/en/2.10.x/advanced/contrib/</a><br>but it's not working yet. It does not give any error, but it says that the credentials are not valid. <br><br>About this guide, there's a paragraph in the end called "Keep Users and Group Synchronized" -> I couldn't what is written there. Can someone be more specific? how to synchronize users and groups in the dockerized version of geonode? I tried to work that code inside the docker container, but couldn't understand it totally how it should be.<br><br>Anyway, as far as I've understood, if the configuration is correct, once an LDAP user tries to log in for the first time, a new user in geonode should get created ...  For being more complete: I've also created the groups in geonode and giving all the rights in the list in the Admin Panel... but nothing...</div><div><br>I've checked the connection to my LDAP server using ldap-search and it works ... so or Iìm missing something else or something is wrong with the configuration?<br><br>Can someone explain how to set up LDAP configuration parameters, given  a sample LDAP user schema?<br><br>Another more important question is: how can I do troubleshooting of LDAP configuration with the SPCGeonode? I tried to make "docker logs <container>" but I haven't found anything for guessing where is the problem.<br><br>Thanks in advance for your help. <br>Any suggestion is more than welcome :)<br> </div><div>Chiara<br clear="all"><div><br></div></div></div>
_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-size:11pt;white-space:pre-wrap">==</span><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">GeoServer Professional Services from the experts! Visit <a href="http://goo.gl/it488V" target="_blank">http://goo.gl/it488V</a> for more information.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">==</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Ing. Alessio Fabiani</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">@alfa7691</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Founder/Technical Lead</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">GeoSolutions S.A.S.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Via di Montramito 3/A - </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">55054  Massarosa (LU) - </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Italy</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">phone: +39 0584 962313</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">fax:     +39 0584 1660272</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">mob:   +39 331 6233686</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><a href="http://www.geo-solutions.it" target="_blank">http://www.geo-solutions.it</a></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><a href="http://twitter.com/geosolutions_it" target="_blank">http://twitter.com/geosolutions_it</a></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">-------------------------------------------------------</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div>