GSoC Week-3 Report

I dedicated the week 3 for testing other methods than pinging the database directly from the geoserver to avoid http calls. These methods include JDBC and LDAP.

LDAP:

The LDAP authentication provider allows for authentication against a Lightweight Directory Access Protocol (LDAP) server. The provider takes the username/password from the incoming request and attempts to connect to the LDAP server with those credentials.

Here’s how the config.xml of the LDAP authentication looks like:

<ldap>
<id>-2b2c6868:14677b14eb0:-7fff</id>
<name>acme-ldap</name>
<className>org.geoserver.security.ldap.LDAPAuthenticationProvider</className>
<serverURL>ldap://localhost:10389/dc=acme,dc=org</serverURL>
<groupSearchBase>ou=groups</groupSearchBase>
<groupSearchFilter>member={0}</groupSearchFilter>
<useTLS>false</useTLS>
<userDnPattern>uid={0},ou=people</userDnPattern>
</ldap>

This LDAP server offers two types of Role assigments:

  • Convert the user’s LDAP groups into roles
  • Employ a user/group service

I took a sample database from the official documentation of geoserver to test the first option and for the second option i.e Using a user/group service there is a default user group service available on geoserver which is XML based and I employed that to test it. Then I further went on to employ a JDBC:

JDBC

The JDBC user/group service persists the user/group database via JDBC, managing the user information in multiple tables.

There are clear steps given here:http://docs.geoserver.org/latest/en/user/webadmin/security/ugr.html#add-new-jdbc-user-group-service

Now am currently exploring Geoshield which is another option  for the same purpose and I’ve got a meeting with all the core developers at GeoNode on Monday where we’ll be deciding on which option to opt for depending on the feasibility.

So this week has been quite constructive with me exploring and successfully testing LDAP and JDBC independently now once its decided which service to use I’ll start with integrating it with GeoNode.

Thanks for reading, suggestions and comments are most welcome 🙂

Leave a comment