Return-Path: 
 <dev-return-3455-apmail-archiva-dev-archive=archiva.apache.org@archiva.apache.org>
X-Original-To: apmail-archiva-dev-archive@www.apache.org
Delivered-To: apmail-archiva-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 72EAFEFCC
	for <apmail-archiva-dev-archive@www.apache.org>;
 Mon,  3 Dec 2012 10:52:15 +0000 (UTC)
Received: (qmail 7247 invoked by uid 500); 3 Dec 2012 10:52:15 -0000
Delivered-To: apmail-archiva-dev-archive@archiva.apache.org
Received: (qmail 6256 invoked by uid 500); 3 Dec 2012 10:52:02 -0000
Mailing-List: contact dev-help@archiva.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@archiva.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@archiva.apache.org>
List-Post: <mailto:dev@archiva.apache.org>
List-Id: <dev.archiva.apache.org>
Reply-To: dev@archiva.apache.org
Delivered-To: mailing list dev@archiva.apache.org
Received: (qmail 6088 invoked by uid 99); 3 Dec 2012 10:51:58 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2012 10:51:58 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sascha.vogt@gmail.com
 designates 209.85.215.42 as permitted sender)
Received: from [209.85.215.42] (HELO mail-la0-f42.google.com) (209.85.215.42)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Dec 2012 10:51:49 +0000
Received: by mail-la0-f42.google.com with SMTP id s15so1792317lag.15
        for <dev@archiva.apache.org>; Mon, 03 Dec 2012 02:51:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=Z0CgZOVZufusiEQ2r3Io3P0foRqAjC8EWcRadHrgO20=;
        b=dPnGPTuglF14L9kijHhYbJ5dWZxJBaeOCfkgIc/lOceBI+ruJNBRy82+ZbGXFud4T+
         dITejKn4Ka1zAvV+1WynwqJSgpQni8wzLJR475Xtn7ztLiIaWJVTiP69ZV79w62XvR9G
         rQEkMN9HS7S5qgrmi52cTkqk5EkumeLcBNcNahqtzkeNnSmKKsRVcPCRQA3nTE5fNTWm
         U+nEmgoSZE9VFSh4e7VX3LhmT2oUH2KPdSK3+ifiOO+ymD9hMqmw6khBUgMyvcKLFdvQ
         uwh0jBuKupr3HV9B9h6cgTmqEcC6OvcmNyBAK6wyJq8pgg0a7JdkHqVqt8M0k44LZ1kp
         aaKw==
Received: by 10.152.110.234 with SMTP id id10mr9053153lab.15.1354531889009;
        Mon, 03 Dec 2012 02:51:29 -0800 (PST)
Received: from [0.0.0.0] (static.88-198-121-125.clients.your-server.de.
 [88.198.121.125])
        by mx.google.com with ESMTPS id oj5sm5058777lab.8.2012.12.03.02.51.26
        (version=SSLv3 cipher=OTHER);
        Mon, 03 Dec 2012 02:51:27 -0800 (PST)
Message-ID: <50BC842D.9070505@gmail.com>
Date: Mon, 03 Dec 2012 11:51:25 +0100
From: Sascha Vogt <sascha.vogt@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: dev@archiva.apache.org
Subject: Re: UserManager Impl choice via UI and ldap configuration
References: 
 <CAPoyBqR2CJwOiT+Z9Y6vd=M8qMhBpC7Cmpa=h5W4PidnYUE6qQ@mail.gmail.com>
 <5EDDCDB7-07D8-4107-8F2D-05DCF5502925@apache.org>
 <CAPoyBqRXnKHDTMNhhsAYF0Of3v7c8v_Js+6KUN8bqP-eQ6RoAg@mail.gmail.com>
In-Reply-To: 
 <CAPoyBqRXnKHDTMNhhsAYF0Of3v7c8v_Js+6KUN8bqP-eQ6RoAg@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Hi Olivier,

I'm not sure if this falls into the same parts you're working on, but
any chance that JDO could be the "fallback" auth, if LDAP doesn't work?
The main use-case here is to have some "technical" users which are not
in LDAP (e.g. a Jenkins) and one "last-resort" admin, to log in, if you
mess up your LDAP ;)

Otherwise: Very much looking forward to this.

Greetings
-Sascha-


Am 25.11.2012 08:57, schrieb Olivier Lamy:
> 2012/11/25 Brett Porter <brett@apache.org>:
>>
>> On 25/11/2012, at 4:54 AM, Olivier Lamy <olamy@apache.org> wrote:
>>
>>> Hi Folks,
>>> I have recently changed some stuff to be able to dynamically change
>>> userManager impl used tru the UI (jdo or ldap) (see [1]). (and it
>>> works :-) ).
>>
>> Cool!
>>
>>>
>>> Note this means user.manager.impl property from security.properties is
>>> not used anymore.
>>> I wonder if this property if here must win ?
>>
>> If you're storing it in a different configuration file, I think you should read the old config and populate the new (which wins after that) for easier upgrades.
>>
>>>
>>> Furthermore, I'd like to improve a bit ldap configuration and add
>>> screens to configure dynamically (ldap server host/port, basedn
>>> etc...) (maybe ldap mapper too).
>>> In fact all content detailled here [2] must be configurable with the UI.
>>>
>>> Makes sense ?
>>> BTW more generally I wonder if we must continue read configuration
>>> from security.properties ? (too ease my hack I would say no :-) )
>>
>> As above - please retain it, or at least migrate it to the new location; and make sure everything can be configured somewhere without the UI. I use that to lay down a fully functional Archiva without having to configure it by hand:
>> https://github.com/maestrodev/puppet-archiva/blob/master/templates/security.properties.erb
>>
> 
> Yup make sense for such use case !
> I will do that (if security.properties exists migrate that to new model)
> 
> 
>> Cheers,
>> Brett