archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Venisse <emmanuel.veni...@gmail.com>
Subject Re: 1.2.0 and ldap and SSL
Date Mon, 30 Mar 2009 09:05:10 GMT
On Mon, Mar 30, 2009 at 7:20 AM, Julien Graglia <jgraglia@netceler.com>wrote:

> Le vendredi 27 mars 2009 à 10:34 +0100, Emmanuel Venisse a écrit :
> > Hi,
> > Thanks for your test.
> > You have two things to modify in your security.properties.
> >
> > 1- Add security.policy.password.expiration.enabled=false
> > 2- Remove  ldap.user.store.enabled=true because it isn't use by Redback,
> > I'll remove it in config-defaults.properties
> >
> > With these modifications, all should be ok.
> Yes everything is working fine!
>
>
> > Do you use a truststore like dscribed in [1] or only the conf described
> in
> > your mail?
> Yes I'am a using a trustore and a self signed certificate.


So you use some truststore properties to start your app server? Can you add
it too in the documentation?


>
> > Can you provide a patch for the LDAP documentation page?
> Yes I can, which page?


http://svn.codehaus.org/redback/redback-site/trunk/src/site/apt/integration/ldap.apt
I'll patch the Continuum page when Continuum will use latest Redback

I don't think Archiva have a LDAP page.

Thanks for your help.


>
> >
> > [1] http://directory.apache.org/apacheds/1.0/33-how-to-enable-ssl.html
> >
> > Emmanuel
> >
> > On Fri, Mar 27, 2009 at 9:18 AM, Julien Graglia <jgraglia@netceler.com
> >wrote:
> >
> > > I have installed redback 1.3-SNAPSHOT rev 823 in archiva  and configure
> > > ldap + ssl + user mapping (openldap user uid not cn attributes) and it
> > > works
> > >
> > > logs saying that the admin user exists, no need to create one :
> > >
> > > 09-03-27 09:06:41,238 [btpool0-4] INFO
> > > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController  -
> > > Searching for user: jgr
> > > 2009-03-27 09:06:41,240 [btpool0-4] INFO
> > > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController  -
> > > Searching for users with filter:
> > > '(&(objectClass=inetOrgPerson)(uid=jgr))' from base dn:
> > > dc=netceler,dc=com
> > > 2009-03-27 09:06:41,288 [btpool0-4] INFO
> > >
> org.codehaus.plexus.redback.struts2.interceptor.ForceAdminUserInterceptor
> > >  - Admin user found. No need to configure admin user.
> > >
> > >
> > >
> > > But when in really log in archiva, i got an NPE :
> > >
> > > java.lang.NullPointerException
> > >        at java.util.Calendar.setTime(Calendar.java:1075)
> > >        at
> > >
> org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor.intercept(PolicyEnforcementInterceptor.java:141)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > >        at
> > >
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > >        at
> > >
> org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor.intercept(SecureActionInterceptor.java:173)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > >        at
> > >
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > >        at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > >        at
> > >
> com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor.intercept(ParameterFilterInterceptor.java:143)
> > >
> > > I could send you logs (i have put redback in "trace" log4j debug level)
> > > if you want..
> > >
> > >
> > > PS : here is my ldap config :
> > >
> > >        #LDAP
> > >        user.manager.impl=ldap
> > >         ldap.user.store.enabled=true
> > >        ldap.bind.authenticator.enabled=true
> > >         ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > >
> > >         # LDAP server config
> > >        ldap.config.hostname=scarab-server
> > >        ldap.config.port=636
> > >        ldap.config.ssl=true
> > >        ldap.config.base.dn=dc=netceler,dc=com
> > >        # LDAP bind config
> > >        ldap.config.bind.dn=XXXXXXXXXXXXXXXXXXX,dc=netceler,dc=com
> > >        ldap.config.password=XXXXXXXXXXX
> > >        # LDAP user mapping : openldap use uid, redbak default is cn
> > >        ldap.config.mapper.attribute.user.id=uid
> > >        # uid of the ldap user that I use as the archiva administrator
> > >        redback.default.admin=jgr
> > >
> > >
> > > Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> > > > I added something to support it in Redback, but not tested it.You can
> > > look
> > > > at the issue [1]
> > > >
> > > > Can you test it?
> > > >
> > > > [1] http://jira.codehaus.org/browse/REDBACK-215
> > > >
> > > > Emmanuel
> > > >
> > > > On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> > > > emmanuel.venisse@gmail.com> wrote:
> > > >
> > > > > It isn't there yet.
> > > > > If you really need it, maybe you can write a patch for Redback.
> > > > >
> > > > > Emmanuel
> > > > >
> > > > >
> > > > > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <
> > > jgraglia@netceler.com>wrote:
> > > > >
> > > > >> Hi,
> > > > >>
> > > > >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0...
> and I
> > > > >> want to switch to an ldap authentication (I'am bored of copying
> user
> > > > >> databases...)
> > > > >>
> > > > >> I'have found many threads about ldap and archiva :
> > > security.properties,
> > > > >> redback ldap config page (1)... but I have not found how to
> connect to
> > > a
> > > > >> ldaps directory?
> > > > >> I have defined the ldap.config.port (636) but i did not found
how
> to
> > > > >> says to use ssl
> > > > >>
> > > > >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > > >> > >
> > > > >> > >  I'm not sure ldap docs on redback site are up-to-date
> > > > >> > >>
> > > > >> > >> Chris, do you use LDAP or LDAPS?
> > > > >> > >> LDAPS isn't supported for the moment
> > > > >> > >>
> > > > >> > >> Emmanuel
> > > > >> >
> > > > >> >
> > > > >> It seems to me that redback still can't handle SSL for ldap...
Did
> I
> > > > >> have to wait for another archiva/redback release? or stick with
my
> > > user
> > > > >> database (I don't want to store the users in a sql db, they are
> > > already
> > > > >> in ldap...)
> > > > >>
> > > > >> 1 : http://redback.codehaus.org/configuration.html  and
> > > > >> http://redback.codehaus.org/integration/ldap.html
> > > > >>
> > > > >>
> > > > >> Thx,
> > > > >>
> > > > >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a
écrit :
> > > > >> > I think you might be missing this property?
> > > > >> > user.manager.impl=ldap
> > > > >> >
> > > > >> > Thanks,
> > > > >> > Deng
> > > > >> >
> > > > >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> > > > >> > chris.brentano@jivesoftware.com> wrote:
> > > > >> >
> > > > >> > > Thanks everyone for your assistance!
> > > > >> > >
> > > > >> > > Just LDAP, no SSL at the moment.
> > > > >> > >
> > > > >> > > I configured my conf/security.properties file like
so:
> > > > >> > >
> > > > >> > > ldap.user.store.enabled=true
> > > > >> > > ldap.bind.authenticator.enabled=true
> > > > >> > > ldap.config.hostname=dc02.jiveville.com
> > > > >> > > ldap.config.port=389
> > > > >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > > > >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > > > >> > > ldap
> > > > >> > > .config
> > > > >> > > .bind
> > > > >> > >
> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > > > >> > > ldap.config.password=********
> > > > >> > >
> > > > >> > > But cannot log in with any LDAP accounts. But I do
have a
> couple
> > > > >> questions:
> > > > >> > >
> > > > >> > > - Is there any way to test that Archiva is able to
> successfully
> > > talk
> > > > >> to the
> > > > >> > > LDAP server?
> > > > >> > > - Are there any options above that I may be missing
or which
> are
> > > > >> incorrect?
> > > > >> > > - When LDAP authentication is working, do all accounts
that
> fall
> > > under
> > > > >> the
> > > > >> > > base dn OU have access? If so, what level?
> > > > >> > > - Do I need to do anything in User Administrator to
grant
> specific
> > > > >> LDAP
> > > > >> > > accounts access privileges?
> > > > >> > >
> > > > >> > > Thanks again!
> > > > >> > >
> > > > >> > > - Chris
> > > > >> > >
> > > > >> > >
> > > > >> > >
> > > > >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > > >> > >
> > > > >> > >  I'm not sure ldap docs on redback site are up-to-date
> > > > >> > >>
> > > > >> > >> Chris, do you use LDAP or LDAPS?
> > > > >> > >> LDAPS isn't supported for the moment
> > > > >> > >>
> > > > >> > >> Emmanuel
> > > > >> > >>
> > > > >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching
<
> > > oching@apache.org>
> > > > >> > >> wrote:
> > > > >> > >>
> > > > >> > >>  Hi Chris,
> > > > >> > >>>
> > > > >> > >>> You just need to put the LDAP config in your
> security.properties
> > > > >> file,
> > > > >> > >>> you
> > > > >> > >>> no longer need to edit the application.xml
as specified
> here:
> > > > >> > >>> http://redback.codehaus.org/integration/ldap.html
(just
> copy &
> > > > >> paste the
> > > > >> > >>> config specifed in the security.properties
section)
> > > > >> > >>>
> > > > >> > >>> And you might also need to add the LDAP specific
> configuration
> > > > >> specified
> > > > >> > >>> in
> > > > >> > >>> the LDAP Settings section in this document:
> > > > >> > >>> http://redback.codehaus.org/configuration.html
> > > > >> > >>>
> > > > >> > >>> HTH,
> > > > >> > >>> Deng
> > > > >> > >>>
> > > > >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano
<
> > > > >> > >>> chris.brentano@jivesoftware.com> wrote:
> > > > >> > >>>
> > > > >> > >>>  Hi all,
> > > > >> > >>>>
> > > > >> > >>>> I'd like to configure Archiva to do LDAP
authentication to
> > > Active
> > > > >> > >>>> Directory. It appears that Redback has
LDAP support, and
> I've
> > > seen
> > > > >> some
> > > > >> > >>>> various bits here and there about configuring
the
> > > > >> security.properties or
> > > > >> > >>>> application.xml file to utilize LDAP, but
I can't find a
> > > concise
> > > > >> guide.
> > > > >> > >>>>
> > > > >> > >>> Can
> > > > >> > >>>
> > > > >> > >>>> anyone provide some basic instructions
and are there any
> > > gotchas I
> > > > >> > >>>> should
> > > > >> > >>>>
> > > > >> > >>> be
> > > > >> > >>>
> > > > >> > >>>> aware of? Thanks!
> > > > >> > >>>>
> > > > >> > >>>> - Chris
> > > > >> > >>>>
> > > > >> > >>>>
> > > > >> > >>>
> > > > >> > >
> > > > >> --
> > > > >> Julien Graglia
> > > > >> NetCeler
> > > > >>
> > > > >>
> > > > >
> > > --
> > > Julien Graglia - jgraglia@netceler.com
> > > NetCeler
> > > Les Peyrons 05400 Veynes
> > > Tel : +33 4 92 57 12 12        Fax : +33 4 92 57 12 62
> > >
> > >
> --
> Julien Graglia - jgraglia@netceler.com
> NetCeler
> Les Peyrons 05400 Veynes
> Tel : +33 4 92 57 12 12        Fax : +33 4 92 57 12 62
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message