Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Geoportal LDAP setting in localhost #305

Open
rizkitampan opened this issue Jul 16, 2018 · 5 comments
Open

Geoportal LDAP setting in localhost #305

rizkitampan opened this issue Jul 16, 2018 · 5 comments

Comments

@rizkitampan
Copy link

Hi I am trying to geoportal with tomcat 7. This is my first experience using geoportal-server. If I login in gptadmin it shows me Unable to connect to LDAP. what im trying to do is run geoportal in localhost and im still confused for ldap setting, can somebody teach me how to fix it?, any way i was installed apache directory DS and using mysql for my DB. my question :
How to relate between this LDAP setting in geoportal especially in gpt.xml and geoportal.xml , mysql and apache DS, your help is needed

@zguo
Copy link
Collaborator

zguo commented Jul 17, 2018

the database (e.g. mysql) store metadata resources, ldap (e.g. apache DS) store user information. ldap connection information is in gpt.xml, and database connection info is in geoportal.xml.

you might try configure with simple authentication (without ldap) first to make sure the database and geoportal works, then try to setup ldap.

@rizkitampan
Copy link
Author

the simple authentication setting has been managed successfully, mysql database and the geoportal works, thanks, and then how i know that my gpt.xml is same setting with apache DS and mysql? i still can't how to configure it

@zguo
Copy link
Collaborator

zguo commented Jul 19, 2018

The mySQL connection reference is defined by the following in gpt.xml:

<databaseReference name="gpt" jndiName="jdbc/gpt"/>

for LDAP, in gpt.xml comment out the simple authentication section and uncomment the ldap section will enable LDAP authentication, below is a sample:

        <ldapAdapter>
        <ldapConnectionProperties
            providerURL="ldap://xxxxx:10389"
            initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
            securityAuthentication="simple"
            securityProtocol="">
            <ldapServiceAccount
                securityPrincipal="uid=admin, ou=system"
                securityCredentials="xxxxx"
                encrypted="false"/>
        </ldapConnectionProperties>
    
        <singleSignOn
            active="false"
            credentialLocation="userPrincipal"
            anonymousValue=""
            logoutOutcome=""/>
        
        <selfCareSupport
            supportsLogin="true"
            supportsLogout="true"
            supportsUserRegistration="true"
            supportsUserProfileManagement="true"
            supportsPasswordChange="true"
            supportsPasswordRecovery="true"/>

	  
	    <!-- optional parameters for user role management: 
			An alternate way to prevent users from specific groups is to set "forbidden" attribute to true. 
	        - manage: Used to configure role to be managed on the user role management page.
				If the value is true, the users having the role are managed on the user role management page. Default is true.
			- forbidden: Used to configure role to prevent users with this role from logging in to geoportal
				If the value is true, the users having the role will not be allowed to login.
			- resKey: A resource key to the label displayed for the corresponding role on the user role management page.
	    -->    
        <roles authenticatedUserRequiresRole="true">
            <role
                key="gptRegisteredUser"
                resKey="catalog.role.gptRegisteredUser"
			    manage="true"
			    forbidden="false"
                groupDN="cn=gpt_registeredUsers,ou=groups,ou=system"/>
            <role
                key="gptPublisher"
                inherits="gptRegisteredUser"
                resKey="catalog.role.gptPublisher"
			    manage="true"
			    forbidden="false"
                groupDN="cn=gpt_publishers,ou=groups,ou=system"/>
          <role
                key="gptAdministrator"
                inherits="gptPublisher"
                resKey="catalog.role.gptAdministrator"
			    manage="true"
			    forbidden="false"
                groupDN="cn=gpt_administrators,ou=groups,ou=system"/>
        </roles>
    
        <users
            displayNameAttribute="uid"
            passwordEncryptionAlgorithm="SHA"
            newUserDNPattern="cn={0},ou=users,ou=system"
            usernameSearchPattern="(&amp;(objectclass=person)(uid={0}))"
            searchDIT="ou=users,ou=system">
            <requiredObjectClasses>
                <objectClass name="top"/>
                <objectClass name="person"/>
                <objectClass name="organizationalPerson"/>
                <objectClass name="inetOrgPerson"/>
            </requiredObjectClasses>
            <userAttributeMap>
                <attribute key="username"     ldapName="uid"/>
                <attribute key="password"     ldapName="userPassword"/>
                <attribute key="email"        ldapName="mail"/>
                <attribute key="firstName"    ldapName="givenName"/>
                <attribute key="lastName"     ldapName="sn"/>
                <attribute key="displayName"  ldapName="displayName"/>
                <attribute key="organization" ldapName="o"/>
                <attribute key="affiliation"  ldapName="businessCategory"/>
                <attribute key="street"       ldapName="street"/>
                <attribute key="city"         ldapName="l"/>
                <attribute key="stateOrProv"  ldapName="st"/>
                <attribute key="postalCode"   ldapName="postalCode"/>
                <attribute key="country"      ldapName=""/>
                <attribute key="phone"        ldapName="telephoneNumber"/>
            </userAttributeMap>
        </users>
  
        <groups
            displayNameAttribute="cn"
            dynamicMemberOfGroupsAttribute=""
            dynamicMembersAttribute=""
            memberAttribute="uniquemember"
            memberSearchPattern="(&amp;(objectclass=groupOfUniqueNames)(uniquemember={0}))"
            searchDIT="ou=groups,ou=system">
 
        <!-- 
            <metadataManagementGroup
                name="Region 1"
                groupDN="group_distinguished_name"/>
            <metadataManagementGroup
                name="Region 2"
                groupDN="group_distinguished_name"/>
        -->
        </groups>
    </ldapAdapter>

You will have to set up proper users and groups in Apache DS, the following links has some info relating to this:

https://github.com/Esri/geoportal-server/wiki/Configure-a-Directory-Server-for-the-Geoportal

https://github.com/Esri/geoportal-server/wiki/Connecting-to-a-User-Directory

@rizkitampan
Copy link
Author

rizkitampan commented Jul 29, 2018

thank you, I've setting like you mention above, i can see the change of my menu, there is validation menu, but where i can find the administrative tab, so i can upload and post my metadata resource????

@zguo
Copy link
Collaborator

zguo commented Aug 1, 2018

you might check if the user is in the administrators group in ldap. the administration tab will appear if the user is in the administrator group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants