-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP groups and roles concepts are mixed #265
Comments
#265 LDAP groups and roles concepts are mixed
@etj, I tested the fix on the client live environment and unwanted groups are still being imported. I built geostore with the help @taba90 and I believe we are using the version with your fix, now included in the @nmco, since the customer is using MapStore just now and there is a work around in place I don't want to mess with their LDAP configuration, I am happy to remove the unnecessary filter on roles in the configuration and collect some logs tomorrow morning, this is to have a better understanding of the situation. I would need some time from one of your resources to investigate this issue further. |
Had a second look at the maven repository. @randomorder setup a Jenkins pipeline building to |
In the existing code, roles and groups are just merged together.
The only difference is that they have separate filters, and groups can be searched hierarchycally.
Also, mapping is performed using the same mapping bean.
This current implementation leads to:
A quick fix to this may be:
In this way we can use a proper mapping for roles that discards any role found in LDAP but not useful for privilege settings inside geostore; and the mapped roles will not be saved as geostore groups.
Since this issue was found in a quite old version (1.7), we want that any fixes applied should be backward compatible, i.e. if the jars are updated but the configuration is not, it should works exactly as before.
The text was updated successfully, but these errors were encountered: