archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Brentano <chris.brent...@jivesoftware.com>
Subject Re: ldap with Archiva
Date Fri, 08 Aug 2008 17:53:11 GMT
I'm getting somewhere, but I think I may be missing a piece of  
configuration or doing something incorrect.

My $archiva_home/conf/security.properties file looks like this:
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
redback.default.guest=guest
security.policy.password.expiration.enabled=false

ldap.user.store.enabled=true
ldap.config.hostname=dc02.jiveville.com
ldap.config.port=389
ldap.config.base.dn=OU=JiveUsers,DC=jiveville,DC=com
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap 
.config 
.bind.dn=CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com
ldap.config.password=********


And my $archiva_home/conf/application.xml file looks like:
     <component>
        
< 
role 
 > 
org 
.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</ 
role>
       <role-hint>configurable</role-hint>
        
< 
implementation 
 > 
org 
.codehaus 
.plexus 
.redback.common.ldap.connection.ConfigurableLdapConnectionFactory</ 
implementation>
       <description>ldap connection</description>
       <configuration>
         <hostname>dc02.jiveville.com</hostname>
         <port>389</port>
         <baseDn>OU=JiveUsers,DC=jiveville,DC=com</baseDn>
         <contextFactory>com.sun.jndi.ldap.LdapCtxFactory</ 
contextFactory>
         <password>********</password>
          
< 
bindDn 
 >CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com</ 
bindDn>
       </configuration>
     </component>

     <component>
       <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
       <role-hint>ldap</role-hint>
        
<implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper  
</implementation>
       <description></description>
       <configuration>
         <email-attribute>email</email-attribute>
         <full-name-attribute>givenName</full-name-attribute>
         <password-attribute>userPassword</password-attribute>
         <user-id-attribute>cn</user-id-attribute>
         <user-base-dn></user-base-dn>
         <user-object-class>inetOrgPerson</user-object-class>
       </configuration>
     </component>

But what I end up with is:
org.codehaus.plexus.redback.common.ldap.connection.LdapException:  
Could not connect to the server. [Root exception is  
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308
: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data  
525, vece^@]]
         at  
org 
.codehaus 
.plexus 
.redback 
.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:81)
         at  
org 
.codehaus 
.plexus 
.redback 
.common 
.ldap 
.connection 
.ConfigurableLdapConnectionFactory 
.getConnection(ConfigurableLdapConnectionFactory.java:130)
         at  
org 
.codehaus 
.plexus 
.redback.users.ldap.LdapUserManager.newDirContext(LdapUserManager.java: 
338)
         at  
org 
.codehaus 
.plexus 
.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214)
         at  
org 
.codehaus 
.plexus 
.redback 
.users 
.configurable 
.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
         at  
org 
.codehaus 
.plexus 
.redback 
.xwork 
.checks 
.security 
.GuestUserEnvironmentCheck 
.validateEnvironment(GuestUserEnvironmentCheck.java:82)
         at org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks

(SecuritySynchronization.java:151)
         at org.apache.maven.archiva.web.startup.SecuritySynchronization.startup 
(SecuritySynchronization.java:125)
         at org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized 
(ArchivaStartup.java:56)
         at  
org 
.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java: 
539)
         at  
org.mortbay.jetty.servlet.Context.startContext(Context.java:135)
         at  
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java: 
1216)
         at  
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java: 
509)
         at  
org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447)
         at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
         at  
org 
.mortbay 
.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
         at  
org 
.mortbay 
.jetty 
.handler 
.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
         at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
         at  
org 
.mortbay 
.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
         at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
         at  
org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java: 
117)
         at org.mortbay.jetty.Server.doStart(Server.java:222)
         at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
         at  
org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at  
sun 
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 
39)
         at  
sun 
.reflect 
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 
25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at org.mortbay.start.Main.invokeMain(Main.java:194)
         at org.mortbay.start.Main.start(Main.java:509)
         at org.mortbay.start.Main.main(Main.java:119)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at  
sun 
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 
39)
         at  
sun 
.reflect 
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 
25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at  
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java: 
240)
         at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49  
- 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext  
error, data 525, vece^@]
         at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: 
2951)
         at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: 
2753)
         at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
         at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
         at  
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
         at  
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
         at  
com 
.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java: 
136)
         at  
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java: 
66)
         at  
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at  
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.InitialContext.<init>(InitialContext.java:197)
         at  
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java: 
82)
         at  
org 
.codehaus 
.plexus 
.redback 
.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:77)
         ... 36 more

---

Now, I wasn't sure where to put application.xml, so I'm unsure if it  
belongs in a different directory. I couldn't find anything in the  
Archiva docs or on the Wiki saying where to put that file so I took a  
best guess. Also, I am able to connect to the LDAP server using  
JXplorer using the same credentials/settings so I know that they are  
correct. (It looks like AcceptSecurityContext error, data 525 could  
mean "Bad username" according to http://forums.sun.com/thread.jspa?messageID=9941793 
  -- which if I deliberately use an incorrect username with JXplorer I  
get this same error).

Thanks for your help everyone, I sincerely appreciate it!

- Chris


On 6 Aug, 2008, at 4:51 AM, Emmanuel Venisse wrote:

> redback 1.0.1 doesn't work well with LDAP and 1.0.2/1.0.3 doesn't  
> support
> LDAPS
>
> Emmanuel
>
> On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse <emmanuel.venisse@gmail.com
>> wrote:
>
>> Some components must be declared in application.xml.
>> Yesterday I added them in comments in trunk
>> Look at LDAP snippet part in
>> https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
>>
>> Emmanuel
>>
>>
>> On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching  
>> <oching@apache.org>wrote:
>>
>>> ---------- Forwarded message ----------
>>> From: Maria Odea Ching <oching@apache.org>
>>> Date: Wed, Aug 6, 2008 at 11:58 AM
>>> Subject: Re: ldap with Archiva
>>> To: ljiang15@yahoo.com
>>>
>>>
>>> Hi Marina,
>>>
>>> I'll be forwarding this to the archiva users list and we could  
>>> continue
>>> the
>>> discussion there :)
>>> Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1) I think  
>>> you
>>> only
>>> need to configure the security.properties file in order to use  
>>> ldap for
>>> authentication. Here's an example config:
>>>
>>> user.manager.impl=ldap
>>> ldap.bind.authenticator.enabled=true
>>> ldap.config.hostname=localhost
>>> ldap.config.port=10389
>>> ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org
>>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>> ldap.config.bind.dn=uid=admin,ou=system
>>> ldap.config.password=PASSWORD
>>>
>>> I'm not sure with redback 1.0.2 (used by archiva 1.1) though if  
>>> there are
>>> additional configurations needed after the changes in redback's LDAP
>>> module.
>>> Emmanuel might be able to answer that :)
>>>
>>> HTH,
>>> Deng
>>>
>>>
>>> On Wed, Aug 6, 2008 at 4:58 AM, Marina <ljiang15@yahoo.com> wrote:
>>>
>>>> Hi, Maria
>>>>
>>>> I am trying to make ldap authenticated for Archiva. I do not see  
>>>> any of
>>>> examples online showing how to do it.
>>>> I wonder if you can give any example.
>>>>
>>>> Is the archiva.xml the only file to change?
>>>> Or I have  to change other property file?
>>>> Could you send me example of those ldap settings for Archiva?
>>>>
>>>> Great Thanks!
>>>> Marina
>>>>
>>>
>>
>>


Mime
View raw message