Open rizkitampan opened 6 years ago
the database (e.g. mysql) store metadata resources, ldap (e.g. apache DS) store user information. ldap connection information is in gpt.xml, and database connection info is in geoportal.xml.
you might try configure with simple authentication (without ldap) first to make sure the database and geoportal works, then try to setup ldap.
the simple authentication setting has been managed successfully, mysql database and the geoportal works, thanks, and then how i know that my gpt.xml is same setting with apache DS and mysql? i still can't how to configure it
The mySQL connection reference is defined by the following in gpt.xml:
<databaseReference name="gpt" jndiName="jdbc/gpt"/>
for LDAP, in gpt.xml comment out the simple authentication section and uncomment the ldap section will enable LDAP authentication, below is a sample:
<ldapAdapter>
<ldapConnectionProperties
providerURL="ldap://xxxxx:10389"
initialContextFactoryName="com.sun.jndi.ldap.LdapCtxFactory"
securityAuthentication="simple"
securityProtocol="">
<ldapServiceAccount
securityPrincipal="uid=admin, ou=system"
securityCredentials="xxxxx"
encrypted="false"/>
</ldapConnectionProperties>
<singleSignOn
active="false"
credentialLocation="userPrincipal"
anonymousValue=""
logoutOutcome=""/>
<selfCareSupport
supportsLogin="true"
supportsLogout="true"
supportsUserRegistration="true"
supportsUserProfileManagement="true"
supportsPasswordChange="true"
supportsPasswordRecovery="true"/>
<!-- optional parameters for user role management:
An alternate way to prevent users from specific groups is to set "forbidden" attribute to true.
- manage: Used to configure role to be managed on the user role management page.
If the value is true, the users having the role are managed on the user role management page. Default is true.
- forbidden: Used to configure role to prevent users with this role from logging in to geoportal
If the value is true, the users having the role will not be allowed to login.
- resKey: A resource key to the label displayed for the corresponding role on the user role management page.
-->
<roles authenticatedUserRequiresRole="true">
<role
key="gptRegisteredUser"
resKey="catalog.role.gptRegisteredUser"
manage="true"
forbidden="false"
groupDN="cn=gpt_registeredUsers,ou=groups,ou=system"/>
<role
key="gptPublisher"
inherits="gptRegisteredUser"
resKey="catalog.role.gptPublisher"
manage="true"
forbidden="false"
groupDN="cn=gpt_publishers,ou=groups,ou=system"/>
<role
key="gptAdministrator"
inherits="gptPublisher"
resKey="catalog.role.gptAdministrator"
manage="true"
forbidden="false"
groupDN="cn=gpt_administrators,ou=groups,ou=system"/>
</roles>
<users
displayNameAttribute="uid"
passwordEncryptionAlgorithm="SHA"
newUserDNPattern="cn={0},ou=users,ou=system"
usernameSearchPattern="(&(objectclass=person)(uid={0}))"
searchDIT="ou=users,ou=system">
<requiredObjectClasses>
<objectClass name="top"/>
<objectClass name="person"/>
<objectClass name="organizationalPerson"/>
<objectClass name="inetOrgPerson"/>
</requiredObjectClasses>
<userAttributeMap>
<attribute key="username" ldapName="uid"/>
<attribute key="password" ldapName="userPassword"/>
<attribute key="email" ldapName="mail"/>
<attribute key="firstName" ldapName="givenName"/>
<attribute key="lastName" ldapName="sn"/>
<attribute key="displayName" ldapName="displayName"/>
<attribute key="organization" ldapName="o"/>
<attribute key="affiliation" ldapName="businessCategory"/>
<attribute key="street" ldapName="street"/>
<attribute key="city" ldapName="l"/>
<attribute key="stateOrProv" ldapName="st"/>
<attribute key="postalCode" ldapName="postalCode"/>
<attribute key="country" ldapName=""/>
<attribute key="phone" ldapName="telephoneNumber"/>
</userAttributeMap>
</users>
<groups
displayNameAttribute="cn"
dynamicMemberOfGroupsAttribute=""
dynamicMembersAttribute=""
memberAttribute="uniquemember"
memberSearchPattern="(&(objectclass=groupOfUniqueNames)(uniquemember={0}))"
searchDIT="ou=groups,ou=system">
<!--
<metadataManagementGroup
name="Region 1"
groupDN="group_distinguished_name"/>
<metadataManagementGroup
name="Region 2"
groupDN="group_distinguished_name"/>
-->
</groups>
</ldapAdapter>
You will have to set up proper users and groups in Apache DS, the following links has some info relating to this:
https://github.com/Esri/geoportal-server/wiki/Configure-a-Directory-Server-for-the-Geoportal
https://github.com/Esri/geoportal-server/wiki/Connecting-to-a-User-Directory
thank you, I've setting like you mention above, i can see the change of my menu, there is validation menu, but where i can find the administrative tab, so i can upload and post my metadata resource????
you might check if the user is in the administrators group in ldap. the administration tab will appear if the user is in the administrator group.
Hi I am trying to geoportal with tomcat 7. This is my first experience using geoportal-server. If I login in gptadmin it shows me Unable to connect to LDAP. what im trying to do is run geoportal in localhost and im still confused for ldap setting, can somebody teach me how to fix it?, any way i was installed apache directory DS and using mysql for my DB. my question : How to relate between this LDAP setting in geoportal especially in gpt.xml and geoportal.xml , mysql and apache DS, your help is needed