Enterprise Linux GIS



Enterprise Linux (EL) and derivatives (that is, Red Hat Enterprise Linux, CentOS and Scientific Linux) is a popular and robust platform for servers and computing-heavy workstations, and is therefore a good fit for GIS specific requirements.

The goal of the Enterprise Linux GIS (ELGIS) effort is to ensure that the latest stable versions of the main free GIS software run on the Enterprise Linux platform.

The mailing list el@lists.osgeo.org is used for communication (archive). Subscribers to the mailing-list are basically the community around ELGIS and are meant to be consulted for important choices (like which packages to support).

Open issues are listed here. Please have a look at this list before asking the mailing-list for support on a particular problem.

There is also a low-traffic Twitter account, mainly used for announcements.

= Useful RPM repositories for GIS software =


 * ELGIS repositories try to ensure that the latest stable versions of the major FLOSS GIS software are available for Enterprise Linux. They maintain versions of packages which cannot be maintained in EPEL, or that EPEL does not want to keep at the latest stable version. This is where our packaging effort currently takes place, and can be seen as a kind of backport repository.

ELGIS requires EPEL to be configured as an additional repository.


 * EPEL is an official Fedora project which repackages many Fedora packages which are not part of the standard EL distribution. It contains quite a few GIS packages and base libraries. Note that one of the rules of the packages maintained in EPEL is that they should never require to change the base EL distribution. Moreover they rather follow Enterprise Linux policy of not using the latest version of the software but rather to stick with a given version in order to ensure stability and predictability.


 * PGRPMS provides the latest versions of PostgreSQL (e.g. the 9.x versions not available in Enterprise Linux) as well as an up to date PostGIS. This is an option if you just want to run PostGIS and needs recent PostgreSQL features as well.

PGRPMS is NOT compatible with ELGIS, don't enable both or you will break your environment.

= RHEL / CentOS / Scientific Linux 6 =

'''Note (2012-12-01): the version of geos in EPEL is newer than the one in ELGIS stable, which causes problems, notably with GRASS. Disable geos from the EPEL repo file, or use ELGIS Testing. This will be solved soon when ELGIS Testing is moved to Stable. ''' (see http://lists.osgeo.org/pipermail/el/2012-November/001060.html)

How to enable the ELGIS6 repository
sudo rpm -Uvh http://elgis.argeo.org/repos/6/elgis-release-6-6_0.noarch.rpm
 * (RHEL users: enable the 'optional' repository as it is required by EPEL)
 * enable the EPEL repository (see https://fedoraproject.org/wiki/EPEL/FAQ#howtouse)
 * execute

As of November 28th 2011, ELGIS Stable contains only the 64 bits binaries. For 32 bits, you will have to enable ELGIS Testing.

Packages matrix
ELGIS 6 packages are built with the latest version of CentOS 6.

Note: there are currently only x86_64 packages in ELGIS Testing

Formats supported by GDAL
As of gdal-1.9.2-4

$ gdalinfo --formats Supported Formats: VRT (rw+v): Virtual Raster GTiff (rw+v): GeoTIFF NITF (rw+v): National Imagery Transmission Format RPFTOC (rov): Raster Product Format TOC format ECRGTOC (rov): ECRG TOC format HFA (rw+v): Erdas Imagine Images (.img) SAR_CEOS (rov): CEOS SAR Image CEOS (rov): CEOS Image JAXAPALSAR (rov): JAXA PALSAR Product Reader (Level 1.1/1.5) GFF (rov): Ground-based SAR Applications Testbed File Format (.gff) ELAS (rw+v): ELAS AIG (rov): Arc/Info Binary Grid AAIGrid (rwv): Arc/Info ASCII Grid GRASSASCIIGrid (rov): GRASS ASCII Grid SDTS (rov): SDTS Raster DTED (rwv): DTED Elevation Raster PNG (rwv): Portable Network Graphics GTA (rwv): Generic Tagged Arrays (.gta) JPEG (rwv): JPEG JFIF MEM (rw+): In Memory Raster JDEM (rov): Japanese DEM (.mem) GIF (rwv): Graphics Interchange Format (.gif) BIGGIF (rov): Graphics Interchange Format (.gif) ESAT (ro): Envisat Image Format FITS (rw+): Flexible Image Transport System XPM (rwv): X11 PixMap Format BMP (rw+v): MS Windows Device Independent Bitmap DIMAP (rov): SPOT DIMAP AirSAR (ro): AirSAR Polarimetric Image RS2 (ro): RadarSat 2 XML Product PCIDSK (rw+v): PCIDSK Database File PCRaster (rw): PCRaster Raster File ILWIS (rw+v): ILWIS Raster Map SGI (rw+): SGI Image File Format 1.0 SRTMHGT (rwv): SRTMHGT File Format Leveller (rw+): Leveller heightfield Terragen (rw+): Terragen heightfield GMT (rw): GMT NetCDF Grid Format netCDF (rw+): Network Common Data Format HDF4 (ro): Hierarchical Data Format Release 4 HDF4Image (rw+): HDF4 Dataset ISIS3 (rov): USGS Astrogeology ISIS cube (Version 3) ISIS2 (rw+v): USGS Astrogeology ISIS cube (Version 2) PDS (rov): NASA Planetary Data System TIL (rov): EarthWatch .TIL ERS (rw+v): ERMapper .ers Labelled JPEG2000 (rwv): JPEG-2000 part 1 (ISO/IEC 15444-1) L1B (rov): NOAA Polar Orbiter Level 1b Data Set FIT (rwv): FIT Image GRIB (rov): GRIdded Binary (.grb) RMF (rw+v): Raster Matrix Format WCS (rov): OGC Web Coverage Service WMS (rwv): OGC Web Map Service MSGN (ro): EUMETSAT Archive native (.nat) RST (rw+v): Idrisi Raster A.1 INGR (rw+v): Intergraph Raster GSAG (rwv): Golden Software ASCII Grid (.grd) GSBG (rw+v): Golden Software Binary Grid (.grd) GS7BG (rov): Golden Software 7 Binary Grid (.grd) COSAR (ro): COSAR Annotated Binary Matrix (TerraSAR-X) TSX (rov): TerraSAR-X Product COASP (ro): DRDC COASP SAR Processor Raster R (rwv): R Object Data Store PNM (rw+v): Portable Pixmap Format (netpbm) DOQ1 (rov): USGS DOQ (Old Style) DOQ2 (rov): USGS DOQ (New Style) ENVI (rw+v): ENVI .hdr Labelled EHdr (rw+v): ESRI .hdr Labelled GenBin (rov): Generic Binary (.hdr Labelled) PAux (rw+): PCI .aux Labelled MFF (rw+): Vexcel MFF Raster MFF2 (rw+): Vexcel MFF2 (HKV) Raster FujiBAS (ro): Fuji BAS Scanner Image GSC (rov): GSC Geogrid FAST (rov): EOSAT FAST Format BT (rw+v): VTP .bt (Binary Terrain) 1.3 Format LAN (rw+v): Erdas .LAN/.GIS CPG (ro): Convair PolGASP IDA (rw+): Image Data and Analysis NDF (rov): NLAPS Data Format EIR (rov): Erdas Imagine Raw DIPEx (rov): DIPEx LCP (rov): FARSITE v.4 Landscape File (.lcp) GTX (rw+v): NOAA Vertical Datum .GTX LOSLAS (rov): NADCON .los/.las Datum Grid Shift NTv2 (rw+v): NTv2 Datum Grid Shift ACE2 (rov): ACE2 SNODAS (rov): Snow Data Assimilation System RIK (ro): Swedish Grid RIK (.rik) USGSDEM (rwv): USGS Optional ASCII DEM (and CDED) GXF (ro): GeoSoft Grid Exchange Format DODS (ro): DAP 3.x servers HTTP (ro): HTTP Fetching Wrapper BAG (ro): Bathymetry Attributed Grid HDF5 (ro): Hierarchical Data Format Release 5 HDF5Image (ro): HDF5 Dataset NWT_GRD (rov): Northwood Numeric Grid Format .grd/.tab NWT_GRC (rov): Northwood Classified Grid Format .grc/.tab ADRG (rw+v): ARC Digitized Raster Graphics SRP (rov): Standard Raster Product (ASRP/USRP) BLX (rw): Magellan topo (.blx) Rasterlite (rw): Rasterlite PostGISRaster (ro): PostGIS Raster driver SAGA (rw+v): SAGA GIS Binary Grid (.sdat) KMLSUPEROVERLAY (rwv): Kml Super Overlay XYZ (rwv): ASCII Gridded XYZ HF2 (rwv): HF2/HFZ heightfield raster PDF (rov): Geospatial PDF JPEGLS (rwv): JPEGLS OZI (rov): OziExplorer Image File CTG (rov): USGS LULC Composite Theme Grid E00GRID (rov): Arc/Info Export E00 GRID ZMap (rwv): ZMap Plus Grid NGSGEOID (rov): NOAA NGS Geoid Height Grids

= RHEL / CentOS / Scientific Linux 5 =

Detailed package lists for ELGIS are available here: http://elgis.argeo.org

How to enable the ELGIS5 repository
sudo rpm -Uvh http://elgis.argeo.org/repos/5/elgis-release-5-5_0.noarch.rpm
 * enable the EPEL repository (see https://fedoraproject.org/wiki/EPEL/FAQ#howtouse)
 * execute

If you want to install QGIS, edit the /etc/yum.repos.d/elgis.repo file and enable the 'elgis-plus' repository. WARNING: elgis-plus updates the base distribution (qt4, sqlite) and may thus void your RHEL support

Packages matrix
ELGIS 5 packages are built with the latest version of CentOS 5.

Formats supported by GDAL
As of gdal-1.8.0-4:

LIBZ support:             external LIBLZMA support:          no  GRASS support:             no  CFITSIO support:           external PCRaster support:         internal NetCDF support:           yes LIBPNG support:           external LIBTIFF support:          external (BigTIFF=no) LIBGEOTIFF support:       external LIBJPEG support:          external 8/12 bit JPEG TIFF:       no  LIBGIF support:            external OGDI support:             yes HDF4 support:             yes HDF5 support:             yes Kakadu support:           no  JasPer support:            yes (GeoJP2=no) OpenJPEG support:         no  ECW support:               no  MrSID support:             no  MrSID/MG4 Lidar support:   no  MSG support:               no  GRIB support:              yes EPSILON support:          no  cURL support (wms/wcs/...):yes PostgreSQL support:       yes MySQL support:            yes Ingres support:           no  Xerces-C support:          yes NAS support:              yes Expat support:            yes Google libkml support:    no   ODBC support:              yes PGeo support:             yes PCIDSK support:           internal OCI support:              no  GEORASTER support:         no  SDE support:               no  Rasdaman support:          no  DODS support:              yes SQLite support:           yes SpatiaLite support:       yes DWGdirect support         no  INFORMIX DataBlade support:no GEOS support:             yes VFK support:              yes Poppler support:          no  OpenCL support:            no

./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --includedir=/usr/include/gdal/ --datadir=/usr/share/gdal/ --with-threads=yes --with-dods-root=/usr/lib64 --with-ogdi --with-cfitsio=/usr --with-geotiff=external --with-tiff=external --with-libtiff=external --with-libz --with-netcdf --with-hdf4 --with-hdf5 --with-geos --with-jasper --with-png --with-gif --with-jpeg --with-odbc --with-sqlite --with-mysql --with-curl --with-python --with-perl --with-pcraster --with-ruby --with-java --with-xerces --with-xerces-lib=-lxerces-c --with-xerces-inc=/usr/include --with-jpeg12=no --enable-shared --with-gdal-ver=1.8.0 --with-spatialite=yes

= If you want to contribute packages to the ELGIS repo =


 * Especially for new packages, please try to build them in mock first (the one from CentOS, not from EPEL!), so that all build dependencies are in the spec file. You can find some mock config files here. Don't hesitate to ask on the mailing-list if you need support for your first mock builds: this is much easier than it seems, and very clean


 * For existing packages, please always start from the spec files maintained in subversion, so that previous changes are integrated: https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis/ /SPECS/*.spec (or https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis-plus/ ...)

Then send you spec file to the mailing-list or give download access to an SRPM.

= Note about Fedora, ELGIS and EPEL =


 * in general, Fedora packages are the upstream source for Enterprise Linux packages (be they in the EPEL or ELGIS repos)
 * ELGIS depends on EPEL, complements it and sometimes overrides it
 * ELGIS mission is to provide the latest stable version of the main Free GIS packages, whereas EPEL has a policy of keeping versions stable across an upstream release lifecycle
 * packages that cannot be in EPEL (typically because they require to update the base platform) can be maintained in the ELGIS Plus repo (it is expected that there will be very few of them at the beginning of the EL6 life cycle)
 * our goal is not primarily to provide packages but also to serve as a knowledge base for FLOSS GIS software usage on Enterprise Linux. Therefore EL specific questions related to GIS packages from EPEL are welcome on the ELGIS list, and information about them will be documented in the other resources provided by the OSGeo foundation (wiki, trac, etc.)

= How To =

How to hack and locally build the ELGIS packages
ELGIS6 packages are now maintained in Git repositories which are forks from Fedora/EPEL Git repositories: http://elgis.argeo.org/gitweb/

In order to build a package (here: geos): git clone -b elgis6 git://elgis.argeo.org/geos.git mock --scm-enable -r elgis-6-testing-x86_64 --scm-option package=geos -v
 * Use the mock file below
 * Clone the repository you are interested in to a local directory (here: ~/dev/git/elgis.argeo.org)
 * Download the sources to a local directory (here: ~/dev/git/elgis.argeo.org/sources)
 * Run mock:

Mock Config File
To be put in : /etc/mock/elgis-6-testing-x86_64.cfg

config_opts['scm'] = False config_opts['scm_opts']['method'] = 'git' config_opts['scm_opts']['git_get'] = 'git clone -b elgis6 /home/mbaudier/dev/git/elgis.argeo.org/SCM_PKG SCM_PKG' config_opts['scm_opts']['spec'] = 'SCM_PKG.spec' config_opts['scm_opts']['ext_src_dir'] = '/home/mbaudier/dev/git/elgis.argeo.org/sources' config_opts['scm_opts']['git_timestamps'] = True config_opts['root'] = 'elgis-6-testing-x86_64' config_opts['target_arch'] = 'x86_64' config_opts['legal_host_arches'] = ('x86_64',) config_opts['chroot_setup_cmd'] = 'groupinstall buildsys-build' config_opts['dist'] = 'el6' # only useful for --resultdir variable subst config_opts['yum.conf'] = """ [main] cachedir=/var/cache/yum debuglevel=1 reposdir=/dev/null logfile=/var/log/yum.log retries=20 obsoletes=1 gpgcheck=0 assumeyes=1 syslog_ident=mock syslog_device= [base] name=BaseOS enabled=1 mirrorlist=http://mirrorlist.centos.org/?release=6&arch=x86_64&repo=os gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 failovermethod=priority [updates] name=updates enabled=0 mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 failovermethod=priority [epel] name=epel baseurl=http://localrepo/yumrepos/epel/6/x86_64 failovermethod=priority [elgis] name=ELGIS 6 baseurl=http://elgis.argeo.org/repos/6/elgis/x86_64/ [elgis-testing] name=ELGIS 6 Testing baseurl=http://elgis.argeo.org/repos/testing/6/elgis/x86_64/ [elgis-staging] name=ELGIS 6 Staging baseurl=file:///srv/rpmfactory/elgis-staging/6/x86_64/ gpgcheck=0 """
 * 1) SCM
 * 1) config_opts['scm_opts']['git_get'] = 'git clone -b elgis6 git://elgis.argeo.org/SCM_PKG.git SCM_PKG'
 * 1) BUILD
 * 1) repos
 * 1) mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-6&arch=x86_64

How to hack and locally build the ELGIS packages (old)
For the time being, the ELGIS packages (that is, those not maintained by EPEL) are versioned by and distributed through argeo.org.

You can see the currently versioned packages here:


 * Testing
 * ELGIS : https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis
 * ELGIS Plus: https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis-plus
 * Stable
 * ELGIS: https://projects.argeo.org/elgis/svn/factory/branches/5-stable/rpmbuild/elgis
 * ELGIS Plus: https://projects.argeo.org/elgis/svn/factory/branches/5-stable/rpmbuild/elgis-plus

Note: simply accept the self-signed certificate

You can checkout all the packages: svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild rpms

Or one by one, for example: svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis/gdal gdal

Each package directory follows the directory structure expected by rpmbuild (see how to set an rpmbuild environment).

We version only the spec files (under /SPECS/ .spec) and the patches or some light sources (under /SOURCES). The source packages of the underlying libraries needs to be downloaded in the SOURCES directory.

Please send patches to the spec files to the el@lists.osgeo.org mailing-list.

In order to actually build, you can then configure %_topdir in your ~/.rpmmacros file to point to where you checked out a package, for example:

%_topdir %(echo $HOME)/dev/rpmbuild %rhel 5 %packager Mathieu Baudier  %dist .el5.elgis

A more persistent alternative is to have the two following files in each package directory:

include: /usr/lib/rpm/rpmrc macrofiles: /usr/lib/rpm/macros:/usr/lib/rpm/ia32e-linux/macros:/usr/lib/rpm/redhat/macros:/etc/rpm/macros.*:/etc/rpm/macros:/etc/rpm/ia32e-linux/macros:~/.rpmmacros: /rpmmacros (note the ': /rpmmacros' appended at the end of the macrofiles line)
 * /rpmrc

%_topdir %rhel 5 %packager Mathieu Baudier  %dist .el5.argeo
 * /rpmmacros

And then call rpmbuild as follow cd rpmbuild --rcfile=rpmrc -ba SPECS/ .spec

These two files are registered in svn:ignore and can typically be automatically generated by scripts or a build framework.

How to deploy GeoServer 2.1 (standard packages not using the ELGIS repository)
This how-to goes through the various steps required to have GeoServer 2.1 running as a Java web application inside the standard Tomcat 5 container. It has been tested with CentOS 5.6 x86_64.

Basic install (with base OpenJdk)
sudo yum install java-1.6.0-openjdk-devel tomcat5 sudo yum install tomcat-native cd ~/Downloads wget http://sourceforge.net/projects/geoserver/files/GeoServer/2.1.1/geoserver-2.1.1-war.zip/download?use_mirror=ignum sudo /sbin/service tomcat5 stop sudo tar -czf /srv/backups/geoserver/geoserver-data-110624.tar.gz /var/lib/geoserver/data sudo mv /var/lib/tomcat5/webapps/geoserver* /srv/backups/geoserver/2.0.2/ cd /var/lib/tomcat5/webapps/ sudo unzip ~/Downloads/geoserver-2.1.1-war.zip geoserver.war sudo mkdir -p /var/lib/geoserver cd /var/lib/geoserver sudo jar -xvf /var/lib/tomcat5/webapps/geoserver.war data sudo chown -R tomcat.tomcat /var/lib/geoserver JAVA_OPTS="-showversion -server -Xmx512m -Xms64m -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:MaxPermSize=128m -XX:+UseParallelGC" JAVA_OPTS="$JAVA_OPTS -DGEOSERVER_DATA_DIR=/var/lib/geoserver/data" ...    GEOSERVER_DATA_DIR /var/lib/geoserver/data  ...  ProxyPass ajp://localhost:8009/geoserver/ # Uncomment to forbid non ssl access #RequireSSL  setsebool -P httpd_can_network_connect=1 sudo /sbin/service tomcat5 start tail -500f /var/log/tomcat5/catalina.out sudo /sbin/service httpd restart
 * Install the required packages
 * (optional) Install tomcat-native frop EPEL
 * Download GeoServer
 * (optional) Backup previous deployment
 * 1) Stop Tomcat
 * 1) Backup previous data dir
 * 1) Backup up previous install
 * Unpack to Tomcat webapps
 * (new installs only) Create a separate data directory
 * Update /etc/tomcat/tomcat5.conf to add the recommended Java settings and to point to the data directory. You can increase/decrease the maximum memory allocated to Java with the -Xmx flag (-Xms is the initial allocation):
 * 1) Geoserver recommended
 * 2) http://docs.geoserver.org/stable/en/user/production/container.html
 * (optional ?) Update web.xml to take the data directory (seems to work with only the system property specified)
 * Add an AJP proxy in the Apache configuration (e.g. in /etc/httpd/conf.d/geoserver.conf)
 * (optional) If using SELinux, allow the proxying by setting the appropriate boolean
 * Start Tomcat
 * (optional) You can tail Tomcat logs to make sure that it is starting properly
 * Restart Apache
 * Visit http://yourhost.org/geoserver/
 * Log in as admin (default password is 'geoserver')

Update GeoServer to a new minor release
cd /var/lib/tomcat5/webapps sudo unzip ~/Downloads/geoserver-2.1.3-war.zip geoserver.war sudo mv geoserver geoserver-2.1.1 sudo -u tomcat mkdir geoserver cd geoserver sudo -u tomcat jar -xvf ../geoserver.war sudo -u tomcat cp -v ../geoserver-2.1.1/WEB-INF/{applicationSecurityContext.xml,web.xml} WEB-INF/ sudo -u tomcat cp -v ../geoserver-2.1.1/WEB-INF/lib/spring-ldap-1.3.1.RELEASE-all.jar WEB-INF/lib sudo /sbin/service tomcat5 start
 * 1) (optional) Spring LDAP

There may be some stacktraces when restarting: "IOException while loading persisted sessions: java.io.InvalidClassException". Don't worry about them, just refresh your browser windows.

With Sun/Oracle JRE and JAI native (recommended by GeoServer)
GeoServer documentation recommends to use a Sun/Oracle JRE with the JAI and JAI-ImageIO native extensions. There was an obvious performaince gain inthe tile generation by doing so

... JAVA_HOME=/opt/jdk1.6.0_21 ... cd /opt/jdk1.6.0_21 sudo sh ~/Downloads/jai-1_1_3-lib-linux-amd64-jdk.bin sed s/+215/-n+215/ jai_imageio-1_1-lib-linux-amd64-jdk.bin > jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin sudo sh ~/Downloads/jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin sudo /sbin/service tomcat5 restart
 * Download in install Sun/Oracle JDK in /opt (a JRE should be enough)
 * Hack the /usr/bin/dtomcat5 script to add an explicit reference to Sun/Oracle JDK at the beginning (did not find any better way neither through /etc/tomcat5/tomcat5.conf nor /etc/init.d/tomcat5 nor the alternatives system, ideas welcome...)
 * Go into the Sun JDK directory:
 * Download and install JAI from http://download.java.net/media/jai/builds/release/1_1_3
 * Download JAI-ImageIO from http://download.java.net/media/jai-imageio/builds/release/1.1
 * Note: On x86_64 the archive of JAI-ImageIO to download as of 1.1 is corrupted, fix it with the command below and run the fixed archive (thanks to http://jgrasstechtips.blogspot.com/2009/07/jai-tail-cannot-open-215-for-reading-no.html for the tip)
 * Install JAI-ImageIO
 * Restart Tomcat
 * Visit your GeoServer status page in order to make sure that native JAI is taken into account

LDAP Authentication
This will allow you to have you user referential in LDAP (tested with base CentOS 5 openldap-servers). Your users need to be inetOrgPerson under ou=People,dc=my_org,dc=org Your GeoServer administrators need to belong to the cn=administrator,ou=Roles,dc=my_org,dc=org role: dn: cn=administrator,ou=Roles,dc=my_org,dc=org objectClass: top objectClass: groupOfNames cn: administrator member: uid=mbaudier,ou=People,dc=my_org,dc=org Other roles can be defined similarly under ou=Roles,dc=argeo,dc=org, and should be added mnaually when defining rules in GeoServer. You can of course adapt the following configuration with your specific LDAP settings.

Caveats:
 * the list of users won't be properly displayed in GeoServer.
 * as usual with autentication via HTTP make sure that users are using SSL (https://) when they authenticate, otherwise their credentials will be sent in clear. If you want to mix public with private data and stay compatible with client which don't support HTTPS, this is not necessarily easy.

Procedure: cd /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib sudo wget http://search.maven.org/remotecontent?filepath=org/springframework/ldap/spring-ldap/1.3.1.RELEASE/spring-ldap-1.3.1.RELEASE-all.jar -O spring-ldap-1.3.1.RELEASE-all.jar  
 * Download spring-ldap and copy it to the WEB-INF/lib directory of GeoServer:
 * Extract applicationContextSecurity.xml from the main-jar (in /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib/)
 * Copy it to /var/lib/tomcat5/webapps/geoserver/WEB-INF/
 * Add the following at the beginning of the applicationContextSecurity.xml file (after the tag)

  ou=People   (uid={0}) </constructor-arg> <constructor-arg index="2"> </constructor-arg> <property name="searchSubtree"> false <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">  <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg ref="contextSource"/> <property name="userSearch"> </constructor-arg>  <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">  </constructor-arg>  ou=Roles </constructor-arg> <property name="groupRoleAttribute"> cn 				<property name="rolePrefix"> ROLE_ <property name="convertToUpperCase"> true </constructor-arg>

<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> ... ... <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
 * Modify the following section

... ...     contextConfigLocation</param-name> classpath*:/applicationContext.xml WEB-INF/applicationSecurityContext.xml</param-value> </context-param> ... sudo /sbin/service tomcat5 restart
 * Modify /var/lib/tomcat5/webapps/geoserver/WEB-INF/web.xml to use WEB-INF/applicationSecurityContext.xml instead of classpath*:/applicationSecurityContext.xml
 * Restart Tomcat

= Historical Reference =
 * September 2011 - Introduction of ELGIS 6: http://lists.osgeo.org/pipermail/el/2011-September/000670.html
 * December 2010 - Collaboration with Fedora and EPEL: http://lists.osgeo.org/pipermail/el/2010-December/000338.html
 * August 2010 - Announcement of the ELGIS repositories: http://lists.osgeo.org/pipermail/el/2010-August/000018.html
 * May/June 2010 - Original mails suggesting to coordinate EL GIS through OSGeo and describing the rationale and the approach
 * On the Live GIS CD mailing-list: http://lists.osgeo.org/pipermail/live-demo/2010-May/001724.html
 * On the Discuss mailing list: http://lists.osgeo.org/pipermail/discuss/2010-June/007231.html

Note: the ELGIS logo is freely reusable as described