archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jochen Hebbrecht" <jochenhebbre...@gmail.com>
Subject Re: Archiva and LDAP
Date Mon, 13 Oct 2008 11:22:30 GMT
Emmanuel,

I want to documentatie the process on the wiki of Archiva, but I'm not
able to configure it well :-(. This is what I configured

---application.xml---
 <component>
      <role>org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</role>
      <role-hint>configurable</role-hint>
      <implementation>org.codehaus.plexus.redback.common.ldap.connection.ConfigurableLdapConnectionFactory</implementation>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
        </requirement>
      </requirements>
    </component>
   <component>
      <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
      <role-hint>ldap</role-hint>
      <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation>
      <configuration>
        <email-attribute>mail</email-attribute>
        <full-name-attribute>givenName</full-name-attribute>
        <password-attribute>userPassword</password-attribute>
        <user-id-attribute>cn</user-id-attribute>
        <user-base-dn>DC=<COMPANYNAME>,DC=be</user-base-dn>
        <user-object-class>inetOrgPerson</user-object-class>
      </configuration>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
        </requirement>
      </requirements>
    </component>

---security.properties---
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=s_archiva
redback.default.guest=guest
security.policy.password.expiration.enabled=false

ldap.config.hostname=<HOSTNAME_COMPANYS_LDAP>
ldap.config.port=389
ldap.config.base.dn=DC=<COMPANY_NAME>,DC=be
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=CN=s_archiva,OU=Service Accounts,OU=Special
Accounts,OU=User Accounts,DC=<COMPANY_NAME>,DC=be
ldap.config.password=<PASSWORD>
ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=givenName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=cn
ldap.config.mapper.attribute.user.base.dn=DC=<COMPANY_NAME>,DC=be
ldap.config.mapper.attribute.user.object.class=inetOrgPerson

When we start Archiva, we receive this stacktrace:

6828 [WrapperSimpleAppMain] INFO org.quartz.impl.StdSchedulerFactory -
Quartz scheduler version: 1.4.5
6828 [WrapperSimpleAppMain] INFO org.quartz.core.QuartzScheduler -
Scheduler defaultScheduler_$_NON_CLUSTERED started.
org.codehaus.plexus.redback.common.ldap.connection.LdapException:
Could not connect to the server. [Root exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
525, vece]]
            at org.codehaus.plexus.redback.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:81)
            at org.codehaus.plexus.redback.common.ldap.connection.ConfigurableLdapConnectionFactory.getConnection(ConfigurableLdapConnectionFactory.java:130)
            at org.codehaus.plexus.redback.users.ldap.LdapUserManager.newDirContext(LdapUserManager.java:338)
            at org.codehaus.plexus.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214)
            at org.codehaus.plexus.redback.users.configurable.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
            at org.codehaus.plexus.redback.xwork.checks.security.GuestUserEnvironmentCheck.validateEnvironment(GuestUserEnvironmentCheck.java:82)
            at org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks(SecuritySynchronization.java:151)
            at org.apache.maven.archiva.web.startup.SecuritySynchronization.startup(SecuritySynchronization.java:125)
            at org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized(ArchivaStartup.java:56)
            at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:539)
            at org.mortbay.jetty.servlet.Context.startContext(Context.java:135)
            at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1216)
            at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:509)
            at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447)
            at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40
            at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
            at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
            at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
            at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
            at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
            at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
            at org.mortbay.jetty.Server.doStart(Server.java:222)
            at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
            at org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at org.mortbay.start.Main.invokeMain(Main.java:194)
            at org.mortbay.start.Main.start(Main.java:509)
            at org.mortbay.start.Main.main(Main.java:119)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            at java.lang.reflect.Method.invoke(Unknown Source)
            at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
            at java.lang.Thread.run(Unknown Source)

Caused by: javax.naming.AuthenticationException: [LDAP: error code 49
- 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece


Error 525 means that the user could not be found. But the bind DN must
be correct, because we tried with an "ldapsearch.exe" tool, to execute
some queries. So the user must exist in AD and must have enough
privileges to execute the queries.


Any idea's where to start looking?



2008/10/6 Emmanuel Venisse <emmanuel.venisse@gmail.com>:
> On Fri, Oct 3, 2008 at 4:06 PM, Arnaud HERITIER <aheritier@gmail.com> wrote:
>
>> On Fri, Oct 3, 2008 at 3:52 PM, Jochen Hebbrecht
>> <jochenhebbrecht@gmail.com>wrote:
>>
>> > Yes, I will Arnaud. I would love to help you. Archiva is a great project.
>> >
>> > I'm waiting for the information of the LDAP server (system
>> > management). Meanwhile, I have 2 questions:
>> >
>> > 1) are the roles definied in Archiva? Or in AD?
>>
>> I think you have to define roles in AD and also guest and admin users. I
>> hope Emmanuel will confirm it.
>
>
> Roles are defined in Archiva, LDAP is used only for authentication.
> Actually, you must link the Archiva guest user to a LDAP user, it is the
> same same for the admin.
> In a future version (probably the next) the 'guest' ldap user won't be need.
>
> Emmanuel
>
>>
>>
>>
>> >
>> > 2) can you specify multiple LDAP hosts?
>>
>> I'm not sure
>>
>>
>> >
>> >
>> > Jochen
>> >
>> >
>> >
>> > 2008/10/3 Arnaud HERITIER <aheritier@gmail.com>:
>> > > If you succeed to use it and want to write a documentation for it ;-)
>> > > Don't hesitate to contribute :
>> > > http://cwiki.apache.org/confluence/display/ARCHIVA/
>> > >
>> > >
>> > > On Thu, Oct 2, 2008 at 2:01 PM, Jochen Hebbrecht
>> > > <jochenhebbrecht@gmail.com>wrote:
>> > >
>> > >> Thnx Deng! This is looking great! I'll try it!
>> > >>
>> > >>
>> > >> 2008/10/2 Maria Odea Ching <oching@apache.org>:
>> > >> > Hi Jochen,
>> > >> >
>> > >> > Yep, Archiva has LDAP support. Currently, there isn't documentation
>> > >> > available on how to configure this, but you can take a look at
the
>> > LDAP
>> > >> > snippet/comments that Emmanuel added here:
>> > >> >
>> > >> >
>> > >>
>> >
>> http://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
>> > >> >
>> > >> >
>> > >> > Thanks,
>> > >> > Deng
>> > >> >
>> > >> > On Thu, Oct 2, 2008 at 5:18 PM, Jochen Hebbrecht
>> > >> > <jochenhebbrecht@gmail.com>wrote:
>> > >> >
>> > >> >> Does Archiva have an LDAP integration support? Or something
else as
>> > >> >> external
>> > >> >> user management?
>> > >> >>
>> > >> >> Jochen
>> > >> >>
>> > >> >
>> > >>
>> > >
>> > >
>> > >
>> > > --
>> > > ..........................................................
>> > > Arnaud HERITIER
>> > > ..........................................................
>> > > OCTO Technology - aheritier AT octo DOT com
>> > > www.octo.com | blog.octo.com
>> > > ..........................................................
>> > > ASF - aheritier AT apache DOT org
>> > > www.apache.org | maven.apache.org
>> > > ...........................................................
>> > >
>> >
>>
>>
>>
>> --
>> ..........................................................
>> Arnaud HERITIER
>> ..........................................................
>> OCTO Technology - aheritier AT octo DOT com
>> www.octo.com | blog.octo.com
>> ..........................................................
>> ASF - aheritier AT apache DOT org
>> www.apache.org | maven.apache.org
>> ...........................................................
>>
>

Mime
View raw message