[GeoNode-users] LDAP User inclusion into the corresponding GeoNode Group

Chiara Sammarco chiara.sammarco at geodatalab.it
Tue Nov 5 05:59:10 PST 2019


Dear GeoNode Users,

I'm using SPCGeonode 2.10 (Ubuntu 18.04).

I'm working with the LDAP configuration. Now I'm at the point that users of
different LDAP groups can login into GeoNode and they are given staff or
superuser privileges according to the LDAP group they belong to.

And this guide
<http://docs.geonode.org/en/2.10.x/advanced/contrib/#configuration> is
basically done thanks to:

```
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    'is_staff': [LDAPGROUP1],
    'is_superuser': [LDAPGROUP2],
    'is_active': [LDAPGROUP1, LDAPGROUP2]
}
```

The problem is that the users are not inserted in the corresponding group.
I've also tried to create the groups in geonode with the same name of the
LDAP group, but nothing.

In the guide it's written:

Any groups that the user is a member of in LDAP (under the
> cn=groups,dc=ad,dc=example,dc=org search base and belonging to one of
> (|(cn=abt1)(cn=abt2)(cn=abt3)(cn=abt4)(cn=abt5)(cn=abt6)) groups) will be
> mapped to the corresponding geonode groups, even creating these groups in
> geonode in case they do not exist yet. The geonode user is also made a
> member of these geonode groups.
>

You may also manually generate the geonode groups in advance, before users
> login. In this case, when a user logs in and the mapped LDAP group already
> exists, the user is merely added to the geonode group
>

So I do expect this behavior.

  ```
AUTH_LDAP_GROUP_TYPE = GeonodeNestedGroupOfNamesType()
GEONODE_LDAP_GROUP_NAME_ATTRIBUTE = "cn"
GEONODE_LDAP_GROUP_PROFILE_FILTERSTR ="(|(cn=ldapgroup1)(cn=ldapgroup2))"
GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = "member"
  ```

I've tested also GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = "uniqueMember"

Any ideas of what it can be? or how can I make some code testing for this
part.

In the django-auth-ldap
<https://django-auth-ldap.readthedocs.io/en/latest/users.html#direct-attribute-access>documentation,
it is written about populating a user and it points out group_dns and
group_names attributes. For this part as far as I understand the
GeonodeNestedGroupOfNamesType() is in charge of along with the LDAPBackend
(I've seen that there's a function add_groups_to_user ) ... How to test
this?

Thanks in advance for your help,
Chiara

.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20191105/cd21cc17/attachment.html>


More information about the geonode-users mailing list