I am attempting to use Active Directory for GeoServer authentication. When I click the 'Test Connection' button on the Admin > Authentication > Providers > LDAP settings page, it says "Connection Successful." However, when I log out of Geoserver, and try to log in with the same credentials, I get an "invalid username/password combination" error.
My LDAP settings are as follows, where ADserver
=my Active Directory server, and domain
=my company domain:
Server URL: ldap://ADserver/dc=domain,dc=com
TLS: [Not checked]
User lookup pattern: [empty]
Filter used to lookup user: (userPrincipalName={0})
Format used for user login name: {0}@domain.com
Use LDAP groups for authorization: [Not checked]
User Group Service: default
And I have selected this Authentication Provider in my Provider Chain.
Why does the Test Connection succeed, but actually logging in fails?
Best Answer
I got a solution working on GeoServer 2.7.2 that was very similar to @xcer however I didnt need to add an extra Group, as adding the users to the
default
User Group Service seemed to be enough for me.In short:
default
listed first, and myad-ldap
authentication provider listed second.I found that this:
default
User Group Provider that can be added and modified manually via the interface.Not sure if this was the intended way to get it working - it would have been a better solution overall if I could just apply permissions via LDAP groups. But after battling with Geoserver for 3 hours solid that was the best that I could manage.