Hello everyone,
I found a way to make my TDS server and LDAP work well together :
Authenticated user have to have the "restrictedDataUser" role (according
to web.xml of Thredds). It means that I have to create a group
"restrictedDataUser" in my LDAP which contains all my user.
I don't find this solution elegant since restrictedDataUser is not
meaningfull in my ldap tree. But it works.
What do you think ?
Best regards,
Remy
Le 07/09/2016 13:24, Rémy Decoupes a écrit :
Dear Sean, dear all,
I followed tomcat instructions for my version but I still have the
trouble.
After successful authentication, TDS redirects me to this url
[my-ip]:8080/thredds/restrictedAccess/[my_ldap_group], and this page
doesn't exist.
As I'm authenticated, I can access to my restricted data if I go to an
existing page.
"restrictedAcess" and "[my_ldap_group]" of the redirected url seem to
come from my TDS's catalog.xml
Best regards,
Remy
Le 31/08/2016 01:05, Sean Arms a écrit :
Greetings Remy,
Did you ever get a response to your question about LDAP? It's
possible that things changed between the version of tomcat that was
used in the original message and the version of tomcat you are using
now. Have you followed along with the LDAP / tomcat instructions for
your specific version of tomcat as found in the tomcat docs?
Cheers,
Sean
On Mon, Aug 8, 2016 at 7:54 AM, Remy Decoupes
<remy.decoupes@xxxxxxxxxxxxxxx
<mailto:remy.decoupes@xxxxxxxxxxxxxxx>> wrote:
Dear TDS users,
I would like to authenticate my TDS users using a LDAP server but
I encouter a problem :
After a successful authentication, TDS drives me to an non
existing page as I mentioned it on the title. However, if I keep
my web-browser open, I can go back to an existing page and then I
can access to my restricted data.
To set up LDAP authentication for TDS, I mainly followed
instructions from this link :
http://www.unidata.ucar.edu/mailing_lists/archives/thredds/2014/msg00122.html
<http://www.unidata.ucar.edu/mailing_lists/archives/thredds/2014/msg00122.html>
But authentication drives me to an url like
[my_TDS_IP]/thredds/restrictedAccess/[name_of_my_ldap_group]
Here are my settings :
tomcat's server.xml :
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://my_ldap";
userBase="ou=people,dc=example,dc=com"
userSearch="(uid={0})"
userRoleName="memberOf"
roleBase="ou=groups,dc=example,dc=com"
roleName="cn"
roleSearch="(member={0})"
/>
TDS's catalog.xml :
<datasetScan name="restricted access" ID="something"
path="Restricted-Access" location="my-path-to-data"
harvest="true" restrictAccess="my_ldap_group">
Thank you very much for any help
Best regards,
Remy
_______________________________________________
NOTE: All exchanges posted to Unidata maintained email lists are
recorded in the Unidata inquiry tracking system and made publicly
available through the web. Users who post to any of the lists we
maintain are reminded to remove any personal information that they
do not want to be made public.
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit:
http://www.unidata.ucar.edu/mailing_lists/
--
Rémy Decoupes
Administrateur Réseau et Télécom
OSU-Réunion // UMS 3365
Université de la réunion
tel : 0262 93 82 28
http://osur.univ-reunion.fr
http://opar.univ-reunion.fr
--
Rémy Decoupes
Administrateur Réseau et Télécom
OSU-Réunion // UMS 3365
Université de la réunion
tel : 0262 93 82 28
http://osur.univ-reunion.fr
http://opar.univ-reunion.fr
