[GeoNode-users] LDAP User inclusion into the corresponding GeoNode Group

Alessio Fabiani alessio.fabiani at geo-solutions.it
Wed Nov 6 00:52:15 PST 2019


Hello Chiara,
I guess you need to be sure your LDAP structure declares the users
belonging to the groups with a property like memberId or something like
that.
Then you must be sure the query filter on Django side correctly retrieves
the usernames belonging to each group.

Remember also to activate the cronjobs to run the management commands
periodically in order to keep updated the LDAP and Django structures.

Il giorno mar 5 nov 2019 alle ore 15:06 Chiara Sammarco <
chiara.sammarco at geodatalab.it> ha scritto:

> Dear GeoNode Users,
>
> I'm using SPCGeonode 2.10 (Ubuntu 18.04).
>
> I'm working with the LDAP configuration. Now I'm at the point that users
> of different LDAP groups can login into GeoNode and they are given staff or
> superuser privileges according to the LDAP group they belong to.
>
> And this guide
> <http://docs.geonode.org/en/2.10.x/advanced/contrib/#configuration> is
> basically done thanks to:
>
> ```
> AUTH_LDAP_USER_FLAGS_BY_GROUP = {
>     'is_staff': [LDAPGROUP1],
>     'is_superuser': [LDAPGROUP2],
>     'is_active': [LDAPGROUP1, LDAPGROUP2]
> }
> ```
>
> The problem is that the users are not inserted in the corresponding group.
> I've also tried to create the groups in geonode with the same name of the
> LDAP group, but nothing.
>
> In the guide it's written:
>
> Any groups that the user is a member of in LDAP (under the
>> cn=groups,dc=ad,dc=example,dc=org search base and belonging to one of
>> (|(cn=abt1)(cn=abt2)(cn=abt3)(cn=abt4)(cn=abt5)(cn=abt6)) groups) will
>> be mapped to the corresponding geonode groups, even creating these groups
>> in geonode in case they do not exist yet. The geonode user is also made a
>> member of these geonode groups.
>>
>
> You may also manually generate the geonode groups in advance, before users
>> login. In this case, when a user logs in and the mapped LDAP group already
>> exists, the user is merely added to the geonode group
>>
>
> So I do expect this behavior.
>
>   ```
> AUTH_LDAP_GROUP_TYPE = GeonodeNestedGroupOfNamesType()
> GEONODE_LDAP_GROUP_NAME_ATTRIBUTE = "cn"
> GEONODE_LDAP_GROUP_PROFILE_FILTERSTR ="(|(cn=ldapgroup1)(cn=ldapgroup2))"
> GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = "member"
>   ```
>
> I've tested also GEONODE_LDAP_GROUP_PROFILE_MEMBER_ATTR = "uniqueMember"
>
> Any ideas of what it can be? or how can I make some code testing for this
> part.
>
> In the django-auth-ldap
> <https://django-auth-ldap.readthedocs.io/en/latest/users.html#direct-attribute-access>documentation,
> it is written about populating a user and it points out group_dns and
> group_names attributes. For this part as far as I understand the
> GeonodeNestedGroupOfNamesType() is in charge of along with the LDAPBackend
> (I've seen that there's a function add_groups_to_user ) ... How to test
> this?
>
> Thanks in advance for your help,
> Chiara
>
> .
>
> _______________________________________________
> geonode-users mailing list
> geonode-users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geonode-users
>


-- 

==

GeoServer Professional Services from the experts! Visit http://goo.gl/it488V
for more information.
==
Ing. Alessio Fabiani

@alfa7691
Founder/Technical Lead


GeoSolutions S.A.S.
Via di Montramito 3/A - 55054  Massarosa (LU) - Italy
phone: +39 0584 962313
fax:     +39 0584 1660272
mob:   +39 331 6233686


http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.


This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20191106/610a51d9/attachment.html>


More information about the geonode-users mailing list