<div dir="ltr">Hello Chiara,<div>I guess you need to be sure your LDAP structure declares the users belonging to the groups with a property like memberId or something like that.</div><div>Then you must be sure the query filter on Django side correctly retrieves the usernames belonging to each group.</div><div><br></div><div>Remember also to activate the cronjobs to run the management commands periodically in order to keep updated the LDAP and Django structures.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno mar 5 nov 2019 alle ore 15:06 Chiara Sammarco <<a href="mailto:chiara.sammarco@geodatalab.it">chiara.sammarco@geodatalab.it</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Dear GeoNode Users, <div><br></div><div>I'm using SPCGeonode 2.10 (Ubuntu 18.04). <br><br>I'm working with the LDAP configuration. Now I'm at the point that users of different LDAP groups can login into GeoNode and they are given staff or superuser privileges according to the LDAP group they belong to.<br><br>And this <a href="http://docs.geonode.org/en/2.10.x/advanced/contrib/#configuration" target="_blank">guide</a> is basically done thanks to: <br><br>```<br><div style="color:rgb(212,212,212);background-color:rgb(30,30,30);font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback";font-size:14px;line-height:19px;white-space:pre-wrap"><div>AUTH_LDAP_USER_FLAGS_BY_GROUP = {</div><div>    <span style="color:rgb(206,145,120)">'is_staff'</span>: [LDAPGROUP1],</div><div>    <span style="color:rgb(206,145,120)">'is_superuser'</span>: [LDAPGROUP2],</div><div>    <span style="color:rgb(206,145,120)">'is_active'</span>: [LDAPGROUP1, LDAPGROUP2]</div><div>}</div></div>``` <br><br>The problem is that the users are not inserted in the corresponding group. I've also tried to create the groups in geonode with the same name of the LDAP group, but nothing.<br><br>In the guide it's written:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)">Any groups that the user is a member of in LDAP (under the </span><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(231,76,60);overflow-x:auto"><span style="box-sizing:border-box">cn=groups,dc=ad,dc=example,dc=org</span></code><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"> search base and belonging to one of </span><code style="box-sizing:border-box;font-family:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",Courier,monospace;font-size:12px;white-space:nowrap;max-width:100%;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;border:1px solid rgb(225,228,229);padding:2px 5px;color:rgb(231,76,60);overflow-x:auto"><span style="box-sizing:border-box">(|(cn=abt1)(cn=abt2)(cn=abt3)(cn=abt4)(cn=abt5)(cn=abt6))</span></code><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)"> groups) will be mapped to the corresponding geonode groups, even creating these groups in geonode in case they do not exist yet. The geonode user is also made a member of these geonode groups.</span>    <br></blockquote></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,"Helvetica Neue",Arial,sans-serif;font-size:16px;background-color:rgb(252,252,252)">You may also manually generate the geonode groups in advance, before users login. In this case, when a user logs in and the mapped LDAP group already exists, the user is merely added to the geonode group</span>  <br></blockquote><div><br>So I do expect this behavior. </div><div><br>  ```   <br><div style="color:rgb(212,212,212);background-color:rgb(30,30,30);font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback";font-size:14px;line-height:19px;white-space:pre-wrap"><div>AUTH_LDAP_GROUP_TYPE = GeonodeNestedGroupOfNamesType()</div><div><div style="line-height:19px"><div>GEONODE_LDAP_GROUP_NAME_ATTRIBUTE = <span style="color:rgb(206,145,120)">"cn"</span></div><div>GEONODE_LDAP_GROUP_PROFILE_FILTERSTR =<span style="color:rgb(206,145,120)">"(|(cn=ldapgroup1)(cn=ldapgroup2))"</span></div><div>GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = <span style="color:rgb(206,145,120)">"member"</span></div></div></div></div>  ```   <br></div><div><br></div><div>I've tested also GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = "uniqueMember"</div><div><br>Any ideas of what it can be? or how can I make some code testing for this part. <br><br>In the <a href="https://django-auth-ldap.readthedocs.io/en/latest/users.html#direct-attribute-access" target="_blank">django-auth-ldap </a>documentation, it is written about populating a user and it points out group_dns and group_names attributes. For this part as far as I understand the GeonodeNestedGroupOfNamesType() is in charge of along with the LDAPBackend (I've seen that there's a function <span style="color:rgb(220,220,170);background-color:rgb(30,30,30);font-family:"Droid Sans Mono",monospace,monospace,"Droid Sans Fallback";font-size:14px;white-space:pre-wrap">add_groups_to_user</span> ) ... How to test this?<br><br>Thanks in advance for your help,</div><div>Chiara<br><br></div><div><table cellspacing="0" cellpadding="0" border="0" style="color:rgb(136,136,136)"><tbody><tr><td valign="top" style="padding:8px 0px 0px"><span style="color:rgb(138,138,138);font-family:Roboto,sans-serif;font-size:8pt">.<br></span></td></tr></tbody></table></div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div></div></div></div></div></div></div>
_______________________________________________<br>
geonode-users mailing list<br>
<a href="mailto:geonode-users@lists.osgeo.org" target="_blank">geonode-users@lists.osgeo.org</a><br>
<a href="https://lists.osgeo.org/mailman/listinfo/geonode-users" rel="noreferrer" target="_blank">https://lists.osgeo.org/mailman/listinfo/geonode-users</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><span><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-family:Arial;font-size:11pt;white-space:pre-wrap">==</span><br></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">GeoServer Professional Services from the experts! Visit <a href="http://goo.gl/it488V" target="_blank">http://goo.gl/it488V</a> for more information.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">==</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Ing. Alessio Fabiani</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">@alfa7691</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Founder/Technical Lead</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">GeoSolutions S.A.S.</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Via di Montramito 3/A - </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">55054  Massarosa (LU) - </span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Italy</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">phone: +39 0584 962313</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">fax:     +39 0584 1660272</span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">mob:   +39 331 6233686</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><a href="http://www.geo-solutions.it" target="_blank">http://www.geo-solutions.it</a></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><a href="http://twitter.com/geosolutions_it" target="_blank">http://twitter.com/geosolutions_it</a></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(34,34,34);background-color:rgb(255,255,255);font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">-------------------------------------------------------</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.</span><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:italic;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p></span></div></div></div></div></div></div></div></div></div></div></div></div></div></div>