Difference between revisions of "Enterprise Linux GIS"

From OSGeo
Jump to navigation Jump to search
(Remove osm2pgsql from EL6)
Line 52: Line 52:
 
|-
 
|-
 
| geos  
 
| geos  
| 3.3.0  
+
| 3.3.1  
| 3.3.1
+
|
 
| elgis
 
| elgis
 
|-
 
|-
Line 92: Line 92:
 
|-
 
|-
 
| osm2pgrouting  
 
| osm2pgrouting  
 +
| 0.2
 
|  
 
|  
| 0.2
 
 
| elgis
 
| elgis
|
+
| only for x86_64 currently
 
|-
 
|-
 
| pgrouting  
 
| pgrouting  
 +
| 1.05
 
|  
 
|  
| 1.05
 
 
| elgis  
 
| elgis  
 
|  
 
|  
Line 115: Line 115:
 
|-
 
|-
 
| qgis  
 
| qgis  
| 1.7.1
 
 
| 1.7.3
 
| 1.7.3
 +
|
 
| elgis  
 
| elgis  
 
|
 
|
 
|-
 
|-
 
| tinyows  
 
| tinyows  
|
 
 
| 0.9.0
 
| 0.9.0
 +
|
 
| elgis  
 
| elgis  
 
|
 
|

Revision as of 07:01, 28 November 2012

ELGIS-logo-nuovo2-111003.png

September 18th 2012: The Enterprise Linux GIS repository is down due to an outage in the hosting infrastructure. It may take up to a few days to restore. We will post regular updates on Twitter https://twitter.com/EnterpriseLxGIS

Enterprise Linux (EL) and derivatives (that is, Red Hat Enterprise Linux, CentOS and Scientific Linux) is a popular and robust platform for servers and computing-heavy workstations, and is therefore a good fit for GIS specific requirements.

The goal of the Enterprise Linux GIS (ELGIS) effort is to ensure that the latest stable versions of the main free GIS software run on the Enterprise Linux platform.

The mailing list el@lists.osgeo.org is used for communication (archive). Subscribers to the mailing-list are basically the community around ELGIS and are meant to be consulted for important choices (like which packages to support).

Open issues are listed here. Please have a look at this list before asking the mailing-list for support on a particular problem.

There is also a low-traffic Twitter account, mainly used for announcements.

Useful RPM repositories for GIS software

  • ELGIS repositories try to ensure that the latest stable versions of the major FLOSS GIS software are available for Enterprise Linux. They maintain versions of packages which cannot be maintained in EPEL, or that EPEL does not want to keep at the latest stable version. This is where our packaging effort currently takes place, and can be seen as a kind of backport repository.

ELGIS requires EPEL to be configured as an additional repository.

  • EPEL is an official Fedora project which repackages many Fedora packages which are not part of the standard EL distribution. It contains quite a few GIS packages and base libraries. Note that one of the rules of the packages maintained in EPEL is that they should never require to change the base EL distribution. Moreover they rather follow Enterprise Linux policy of not using the latest version of the software but rather to stick with a given version in order to ensure stability and predictability.
  • PGRPMS provides the latest versions of PostgreSQL (e.g. the 9.x versions not available in Enterprise Linux) as well as an up to date PostGIS. This is an option if you just want to run PostGIS and needs recent PostgreSQL features as well.

PGRPMS is NOT compatible with ELGIS, don't enable both or you will break your environment.

RHEL / CentOS / Scientific Linux 6

How to enable the ELGIS6 repository

sudo rpm -Uvh http://elgis.argeo.org/repos/6/elgis-release-6-6_0.noarch.rpm

As of November 28th 2011, ELGIS Stable contains only the 64 bits binaries. For 32 bits, you will have to enable ELGIS Testing.

Packages matrix

ELGIS 6 packages are built with the latest version of Scientific Linux 6.

Package Version (stable) Version (testing) Repository Comment
gdal 1.8.1 elgis
geos 3.3.1 elgis
gpsbabel 1.4.2 elgis
grass 6.4.1 elgis no NVIZ / digitizer in -wxpython UI (not yet completed in upstream, use -tcltk UI; scheduled for 6.4.2)
libspatialite 2.4.0 RC4 epel
mapserver5 5.6.7 elgis
mapserver 6.0.1 elgis
mod_geocache 0.3.1 elgis
osm2pgrouting 0.2 elgis only for x86_64 currently
pgrouting 1.05 elgis
postgis 1.5.3 elgis new postgis-client package in testing
proj 4.7.0 elgis
qgis 1.7.3 elgis
tinyows 0.9.0 elgis

Formats supported by GDAL

As of gdal-1.8.1-1

$ gdalinfo --formats
Supported Formats:
  VRT (rw+v): Virtual Raster
  GTiff (rw+v): GeoTIFF
  NITF (rw+v): National Imagery Transmission Format
  RPFTOC (rov): Raster Product Format TOC format
  HFA (rw+v): Erdas Imagine Images (.img)
  SAR_CEOS (rov): CEOS SAR Image
  CEOS (rov): CEOS Image
  JAXAPALSAR (ro): JAXA PALSAR Product Reader (Level 1.1/1.5)
  GFF (rov): Ground-based SAR Applications Testbed File Format (.gff)
  ELAS (rw+): ELAS
  AIG (rov): Arc/Info Binary Grid
  AAIGrid (rwv): Arc/Info ASCII Grid
  SDTS (rov): SDTS Raster
  OGDI (ro): OGDI Bridge
  DTED (rwv): DTED Elevation Raster
  PNG (rwv): Portable Network Graphics
  JPEG (rwv): JPEG JFIF
  MEM (rw+): In Memory Raster
  JDEM (ro): Japanese DEM (.mem)
  GIF (rwv): Graphics Interchange Format (.gif)
  BIGGIF (rov): Graphics Interchange Format (.gif)
  ESAT (ro): Envisat Image Format
  FITS (rw+): Flexible Image Transport System
  BSB (rov): Maptech BSB Nautical Charts
  XPM (rwv): X11 PixMap Format
  BMP (rw+v): MS Windows Device Independent Bitmap
  DIMAP (rov): SPOT DIMAP
  AirSAR (ro): AirSAR Polarimetric Image
  RS2 (ro): RadarSat 2 XML Product
  PCIDSK (rw+v): PCIDSK Database File
  PCRaster (rw): PCRaster Raster File
  ILWIS (rw+v): ILWIS Raster Map
  SGI (rw+): SGI Image File Format 1.0
  SRTMHGT (rwv): SRTMHGT File Format
  Leveller (rw+): Leveller heightfield
  Terragen (rw+): Terragen heightfield
  GMT (rw): GMT NetCDF Grid Format
  netCDF (rw): Network Common Data Format
  HDF4 (ro): Hierarchical Data Format Release 4
  HDF4Image (rw+): HDF4 Dataset
  ISIS3 (rov): USGS Astrogeology ISIS cube (Version 3)
  ISIS2 (rov): USGS Astrogeology ISIS cube (Version 2)
  PDS (rov): NASA Planetary Data System
  TIL (ro): EarthWatch .TIL
  ERS (rw+): ERMapper .ers Labelled
  JPEG2000 (rwv): JPEG-2000 part 1 (ISO/IEC 15444-1)
  L1B (ro): NOAA Polar Orbiter Level 1b Data Set
  FIT (rwv): FIT Image
  GRIB (rov): GRIdded Binary (.grb)
  RMF (rw+): Raster Matrix Format
  WCS (ro): OGC Web Coverage Service
  WMS (ro): OGC Web Map Service
  MSGN (ro): EUMETSAT Archive native (.nat)
  RST (rw+): Idrisi Raster A.1
  INGR (rw+v): Intergraph Raster
  GSAG (rw): Golden Software ASCII Grid (.grd)
  GSBG (rw+): Golden Software Binary Grid (.grd)
  GS7BG (ro): Golden Software 7 Binary Grid (.grd)
  COSAR (ro): COSAR Annotated Binary Matrix (TerraSAR-X)
  TSX (ro): TerraSAR-X Product
  COASP (ro): DRDC COASP SAR Processor Raster
  R (rwv): R Object Data Store
  PNM (rw+): Portable Pixmap Format (netpbm)
  DOQ1 (ro): USGS DOQ (Old Style)
  DOQ2 (ro): USGS DOQ (New Style)
  ENVI (rw+v): ENVI .hdr Labelled
  EHdr (rw+v): ESRI .hdr Labelled
  GenBin (ro): Generic Binary (.hdr Labelled)
  PAux (rw+): PCI .aux Labelled
  MFF (rw+): Vexcel MFF Raster
  MFF2 (rw+): Vexcel MFF2 (HKV) Raster
  FujiBAS (ro): Fuji BAS Scanner Image
  GSC (ro): GSC Geogrid
  FAST (ro): EOSAT FAST Format
  BT (rw+): VTP .bt (Binary Terrain) 1.3 Format
  LAN (rov): Erdas .LAN/.GIS
  CPG (ro): Convair PolGASP
  IDA (rw+): Image Data and Analysis
  NDF (ro): NLAPS Data Format
  EIR (rov): Erdas Imagine Raw
  DIPEx (ro): DIPEx
  LCP (rov): FARSITE v.4 Landscape File (.lcp)
  GTX (rw+v): NOAA Vertical Datum .GTX
  LOSLAS (rov): NADCON .los/.las Datum Grid Shift
  NTv2 (rw+v): NTv2 Datum Grid Shift
  RIK (ro): Swedish Grid RIK (.rik)
  USGSDEM (rw): USGS Optional ASCII DEM (and CDED)
  GXF (ro): GeoSoft Grid Exchange Format
  DODS (ro): DAP 3.x servers
  HTTP (ro): HTTP Fetching Wrapper
  BAG (ro): Bathymetry Attributed Grid
  HDF5 (ro): Hierarchical Data Format Release 5
  HDF5Image (ro): HDF5 Dataset
  NWT_GRD (ro): Northwood Numeric Grid Format .grd/.tab
  NWT_GRC (ro): Northwood Classified Grid Format .grc/.tab
  ADRG (rw+v): ARC Digitized Raster Graphics
  SRP (rov): Standard Raster Product (ASRP/USRP)
  BLX (rw): Magellan topo (.blx)
  Rasterlite (rw): Rasterlite
  PostGISRaster (ro): PostGIS Raster driver
  SAGA (rw+v): SAGA GIS Binary Grid (.sdat)
  KMLSUPEROVERLAY (rwv): Kml Super Overlay
  XYZ (rwv): ASCII Gridded XYZ
  HF2 (rwv): HF2/HFZ heightfield raster
  OZI (rov): OZI

RHEL / CentOS / Scientific Linux 5

Detailed package lists for ELGIS are available here: http://elgis.argeo.org

How to enable the ELGIS5 repository

sudo rpm -Uvh http://elgis.argeo.org/repos/5/elgis-release-5-5_0.noarch.rpm

If you want to install QGIS, edit the /etc/yum.repos.d/elgis.repo file and enable the 'elgis-plus' repository. WARNING: elgis-plus updates the base distribution (qt4, sqlite) and may thus void your RHEL support

Packages matrix

ELGIS 5 packages are built with the latest version of CentOS 5.

Package Version (stable) Version (testing) Repository Comment
gdal 1.8.0 elgis built against postgresql84
geos 3.2.2 elgis
gpsbabel 1.3.3 epel
grass 6.4.1 elgis no NVIZ / digitizer in -wxpython UI (not yet completed in upstream, use -tcltk UI; scheduled for 6.4.2)
libspatialite 2.4.0 RC4 elgis built with --disable-geocallbacks option in order to support base sqlite

KNOWN ISSUE: actually required to enable the recent sqlite version in elgis-plus in order to have libspatialite support (e.g. in GDAL)

mapnik 0.7.1 elgis-plus requires to update the boost library
mapserver 5.6.7 elgis xml map files, php-mapserver-proj, transparent PNG, FriBidi, main executable in /usr/libexec
mapserver6 6.0.1 elgis main executable in /usr/libexec
mod_geocache 0.3.1 elgis
osm2pgrouting 0.2 elgis built against postgresql84
osm2pgsql 0.1.20100821svn elgis built against postgresql84
pgrouting 1.05 elgis built against postgresql84, with TSP support
postgis 1.5.3 elgis built against postgresql84
proj 4.7.0 elgis
qgis 1.6.0 elgis-plus based on EPEL's python26, requires to update qt4
tinyows 0.9.0 elgis

Formats supported by GDAL

As of gdal-1.8.0-4:

 LIBZ support:              external
 LIBLZMA support:           no
 GRASS support:             no
 CFITSIO support:           external
 PCRaster support:          internal
 NetCDF support:            yes
 LIBPNG support:            external
 LIBTIFF support:           external (BigTIFF=no)
 LIBGEOTIFF support:        external
 LIBJPEG support:           external
 8/12 bit JPEG TIFF:        no
 LIBGIF support:            external
 OGDI support:              yes
 HDF4 support:              yes
 HDF5 support:              yes
 Kakadu support:            no
 JasPer support:            yes (GeoJP2=no)
 OpenJPEG support:          no
 ECW support:               no
 MrSID support:             no
 MrSID/MG4 Lidar support:   no
 MSG support:               no
 GRIB support:              yes
 EPSILON support:           no
 cURL support (wms/wcs/...):yes
 PostgreSQL support:        yes
 MySQL support:             yes
 Ingres support:            no
 Xerces-C support:          yes
 NAS support:               yes
 Expat support:             yes
 Google libkml support:     no 
 ODBC support:              yes
 PGeo support:              yes 
 PCIDSK support:            internal
 OCI support:               no
 GEORASTER support:         no
 SDE support:               no
 Rasdaman support:          no
 DODS support:              yes
 SQLite support:            yes
 SpatiaLite support:        yes
 DWGdirect support          no
 INFORMIX DataBlade support:no
 GEOS support:              yes
 VFK support:               yes
 Poppler support:           no
 OpenCL support:            no

./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --includedir=/usr/include/gdal/ --datadir=/usr/share/gdal/ --with-threads=yes --with-dods-root=/usr/lib64 --with-ogdi --with-cfitsio=/usr --with-geotiff=external --with-tiff=external --with-libtiff=external --with-libz --with-netcdf --with-hdf4 --with-hdf5 --with-geos --with-jasper --with-png --with-gif --with-jpeg --with-odbc --with-sqlite --with-mysql --with-curl --with-python --with-perl --with-pcraster --with-ruby --with-java --with-xerces --with-xerces-lib=-lxerces-c --with-xerces-inc=/usr/include --with-jpeg12=no --enable-shared --with-gdal-ver=1.8.0 --with-spatialite=yes

If you want to contribute packages to the ELGIS repo

  • Especially for new packages, please try to build them in mock first (the one from CentOS, not from EPEL!), so that all build dependencies are in the spec file. You can find some mock config files here. Don't hesitate to ask on the mailing-list if you need support for your first mock builds: this is much easier than it seems, and very clean

Then send you spec file to the mailing-list or give download access to an SRPM.

Note about Fedora, ELGIS and EPEL

  • in general, Fedora packages are the upstream source for Enterprise Linux packages (be they in the EPEL or ELGIS repos)
  • ELGIS depends on EPEL, complements it and sometimes overrides it
  • ELGIS mission is to provide the latest stable version of the main Free GIS packages, whereas EPEL has a policy of keeping versions stable across an upstream release lifecycle
  • packages that cannot be in EPEL (typically because they require to update the base platform) can be maintained in the ELGIS Plus repo (it is expected that there will be very few of them at the beginning of the EL6 life cycle)
  • our goal is not primarily to provide packages but also to serve as a knowledge base for FLOSS GIS software usage on Enterprise Linux. Therefore EL specific questions related to GIS packages from EPEL are welcome on the ELGIS list, and information about them will be documented in the other resources provided by the OSGeo foundation (wiki, trac, etc.)

How To

How to hack and locally build the ELGIS packages

For the time being, the ELGIS packages (that is, those not maintained by EPEL) are versioned by and distributed through argeo.org.

You can see the currently versioned packages here:

Note: simply accept the self-signed certificate

You can checkout all the packages:

svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild rpms

Or one by one, for example:

svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis/gdal gdal

Each package directory follows the directory structure expected by rpmbuild (see how to set an rpmbuild environment).

We version only the spec files (under <package name>/SPECS/<package name>.spec) and the patches or some light sources (under <package name>/SOURCES). The source packages of the underlying libraries needs to be downloaded in the SOURCES directory.

Please send patches to the spec files to the el@lists.osgeo.org mailing-list.

In order to actually build, you can then configure %_topdir in your ~/.rpmmacros file to point to where you checked out a package, for example:

%_topdir %(echo $HOME)/dev/rpmbuild
%rhel 5
%packager Mathieu Baudier <mbaudier@argeo.org>
%dist .el5.elgis

A more persistent alternative is to have the two following files in each package directory:

  • <package directory>/rpmrc
include: /usr/lib/rpm/rpmrc
macrofiles: /usr/lib/rpm/macros:/usr/lib/rpm/ia32e-linux/macros:/usr/lib/rpm/redhat/macros:/etc/rpm/macros.*:/etc/rpm/macros:/etc/rpm/ia32e-linux/macros:~/.rpmmacros:<package directory>/rpmmacros

(note the ':<package directory>/rpmmacros' appended at the end of the macrofiles line)

  • <package directory>/rpmmacros
%_topdir <package directory>
%rhel 5
%packager Mathieu Baudier <mbaudier@argeo.org>
%dist .el5.argeo

And then call rpmbuild as follow

cd <package directory>
rpmbuild --rcfile=rpmrc -ba SPECS/<package name>.spec

These two files are registered in svn:ignore and can typically be automatically generated by scripts or a build framework.

How to deploy GeoServer 2.1 (standard packages not using the ELGIS repository)

This how-to goes through the various steps required to have GeoServer 2.1 running as a Java web application inside the standard Tomcat 5 container. It has been tested with CentOS 5.6 x86_64.

Basic install (with base OpenJdk)

  • Install the required packages
sudo yum install java-1.6.0-openjdk-devel tomcat5
  • (optional) Install tomcat-native frop EPEL
sudo yum install tomcat-native
  • Download GeoServer
cd ~/Downloads
wget http://sourceforge.net/projects/geoserver/files/GeoServer/2.1.1/geoserver-2.1.1-war.zip/download?use_mirror=ignum
  • (optional) Backup previous deployment
# Stop Tomcat
sudo /sbin/service tomcat5 stop
# Backup previous data dir
sudo tar -czf /srv/backups/geoserver/geoserver-data-110624.tar.gz /var/lib/geoserver/data
# Backup up previous install
sudo mv /var/lib/tomcat5/webapps/geoserver* /srv/backups/geoserver/2.0.2/
  • Unpack to Tomcat webapps
cd /var/lib/tomcat5/webapps/
sudo unzip ~/Downloads/geoserver-2.1.1-war.zip geoserver.war
  • (new installs only) Create a separate data directory
sudo mkdir -p /var/lib/geoserver
cd /var/lib/geoserver
sudo jar -xvf /var/lib/tomcat5/webapps/geoserver.war data
sudo chown -R tomcat.tomcat /var/lib/geoserver
  • Update /etc/tomcat/tomcat5.conf to add the recommended Java settings and to point to the data directory. You can increase/decrease the maximum memory allocated to Java with the -Xmx flag (-Xms is the initial allocation):
# Geoserver recommended
# http://docs.geoserver.org/stable/en/user/production/container.html
JAVA_OPTS="-showversion -server -Xmx512m -Xms64m -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:MaxPermSize=128m -XX:+UseParallelGC"
JAVA_OPTS="$JAVA_OPTS -DGEOSERVER_DATA_DIR=/var/lib/geoserver/data"
  • (optional ?) Update web.xml to take the data directory (seems to work with only the system property specified)
...
    <context-param>
       <param-name>GEOSERVER_DATA_DIR</param-name>
        <param-value>/var/lib/geoserver/data</param-value>
    </context-param> 
...
  • Add an AJP proxy in the Apache configuration (e.g. in /etc/httpd/conf.d/geoserver.conf)
<Location /geoserver/>
	ProxyPass  ajp://localhost:8009/geoserver/
	# Uncomment to forbid non ssl access
	#RequireSSL
</Location>
  • (optional) If using SELinux, allow the proxying by setting the appropriate boolean
setsebool -P httpd_can_network_connect=1
  • Start Tomcat
sudo /sbin/service tomcat5 start
  • (optional) You can tail Tomcat logs to make sure that it is starting properly
tail -500f /var/log/tomcat5/catalina.out
  • Restart Apache
sudo /sbin/service httpd restart

Update GeoServer to a new minor release

cd /var/lib/tomcat5/webapps
sudo unzip ~/Downloads/geoserver-2.1.3-war.zip geoserver.war
sudo mv geoserver geoserver-2.1.1
sudo -u tomcat mkdir geoserver
cd geoserver
sudo -u tomcat jar -xvf ../geoserver.war
sudo -u tomcat cp -v ../geoserver-2.1.1/WEB-INF/{applicationSecurityContext.xml,web.xml} WEB-INF/
# (optional) Spring LDAP
sudo -u tomcat cp -v ../geoserver-2.1.1/WEB-INF/lib/spring-ldap-1.3.1.RELEASE-all.jar WEB-INF/lib
sudo /sbin/service tomcat5 start

There may be some stacktraces when restarting: "IOException while loading persisted sessions: java.io.InvalidClassException". Don't worry about them, just refresh your browser windows.

With Sun/Oracle JRE and JAI native (recommended by GeoServer)

GeoServer documentation recommends to use a Sun/Oracle JRE with the JAI and JAI-ImageIO native extensions. There was an obvious performaince gain inthe tile generation by doing so

  • Download in install Sun/Oracle JDK in /opt (a JRE should be enough)
  • Hack the /usr/bin/dtomcat5 script to add an explicit reference to Sun/Oracle JDK at the beginning (did not find any better way neither through /etc/tomcat5/tomcat5.conf nor /etc/init.d/tomcat5 nor the alternatives system, ideas welcome...)
...
JAVA_HOME=/opt/jdk1.6.0_21
...
  • Go into the Sun JDK directory:
cd /opt/jdk1.6.0_21
sudo sh ~/Downloads/jai-1_1_3-lib-linux-amd64-jdk.bin
sed s/+215/-n+215/ jai_imageio-1_1-lib-linux-amd64-jdk.bin > jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin
  • Install JAI-ImageIO
sudo sh ~/Downloads/jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin
  • Restart Tomcat
sudo /sbin/service tomcat5 restart
  • Visit your GeoServer status page in order to make sure that native JAI is taken into account

LDAP Authentication

This will allow you to have you user referential in LDAP (tested with base CentOS 5 openldap-servers). Your users need to be inetOrgPerson under ou=People,dc=my_org,dc=org Your GeoServer administrators need to belong to the cn=administrator,ou=Roles,dc=my_org,dc=org role:

dn: cn=administrator,ou=Roles,dc=my_org,dc=org
objectClass: top
objectClass: groupOfNames
cn: administrator
member: uid=mbaudier,ou=People,dc=my_org,dc=org

Other roles can be defined similarly under ou=Roles,dc=argeo,dc=org, and should be added mnaually when defining rules in GeoServer. You can of course adapt the following configuration with your specific LDAP settings.

Caveats:

  • the list of users won't be properly displayed in GeoServer.
  • as usual with autentication via HTTP make sure that users are using SSL (https://) when they authenticate, otherwise their credentials will be sent in clear. If you want to mix public with private data and stay compatible with client which don't support HTTPS, this is not necessarily easy.

Procedure:

  • Download spring-ldap and copy it to the WEB-INF/lib directory of GeoServer:
cd /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib
sudo wget http://search.maven.org/remotecontent?filepath=org/springframework/ldap/spring-ldap/1.3.1.RELEASE/spring-ldap-1.3.1.RELEASE-all.jar -O spring-ldap-1.3.1.RELEASE-all.jar
  • Extract applicationContextSecurity.xml from the main-jar (in /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib/)
  • Copy it to /var/lib/tomcat5/webapps/geoserver/WEB-INF/
  • Add the following at the beginning of the applicationContextSecurity.xml file (after the <beans> tag)
 <beans>
	<!-- CUSTOM : LDAP config -->
	<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
		<constructor-arg value="ldap://my_ldap_server:389/dc=my_org,dc=org" />
		<!--<property name="managerDn" value="mydomain\myuser" /> <property name="managerPassword" 
			value="mypasswd" /> -->
	</bean>

	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
		<constructor-arg index="0">
			<value>ou=People</value>
		</constructor-arg>
		<constructor-arg index="1">
			<value>(uid={0})</value>
		</constructor-arg>
		<constructor-arg index="2">
			<ref local="contextSource" />
		</constructor-arg>
		<property name="searchSubtree">
			<value>false</value>
		</property>
	</bean>
	<bean id="ldapAuthenticationProvider"
		class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
		<constructor-arg>
			<bean
				class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
				<constructor-arg ref="contextSource"/>
				<property name="userSearch">
					<ref local="userSearch" />
				</property>
			</bean>
		</constructor-arg>
		<constructor-arg>
			<bean
				class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
				<constructor-arg>
					<ref local="contextSource" />
				</constructor-arg>
				<constructor-arg>
					<value>ou=Roles</value>
				</constructor-arg>
				<property name="groupRoleAttribute">
					<value>cn</value>
				</property>
				<property name="rolePrefix">
					<value>ROLE_</value>
				</property>
				<property name="convertToUpperCase">
					<value>true</value>
				</property>
			</bean>
		</constructor-arg>
	</bean>

	<!-- END OF CUSTOM LDAP CONFIGURATION -->

  <bean id="filterChainProxy"
    class="org.springframework.security.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
    ...
  • Modify the following section
 ...
  <bean id="authenticationManager"
    class="org.springframework.security.providers.ProviderManager">
    <property name="providers">
      <list>
		<ref local="ldapAuthenticationProvider" />
<!--         <ref local="daoAuthenticationProvider" /> -->
 ...
  • Modify /var/lib/tomcat5/webapps/geoserver/WEB-INF/web.xml to use WEB-INF/applicationSecurityContext.xml instead of classpath*:/applicationSecurityContext.xml
 ...
     <context-param>
         <param-name>contextConfigLocation</param-name>
         <param-value>classpath*:/applicationContext.xml WEB-INF/applicationSecurityContext.xml</param-value>
     </context-param>
 ...
  • Restart Tomcat
sudo /sbin/service tomcat5 restart

Historical Reference

Note: the ELGIS logo is freely reusable as described here