archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Suppress Authentication Headers
Date Wed, 29 Jul 2009 17:15:48 GMT
Hi folks,
of both lists.

I'm reverse-proxying Apache Archiva, where I have trouble getting
authorization right.
By default Archiva users have no Roles assigned, which makes them in my
setup inferior to even the guest user.

As there appears to be no way to give newly created or imported users a
sane default role, only one-by-one, clickedy-click, I have defaulted to
solving this problem on a terrain where I feel safe and comfortable:
In httpd.

I only want to protect a specific part of the tree, and I can do that
just fine with:


        <Location /archiva/repository/internal/com/es>
                AuthType Basic
                AuthBasicProvider ldap
                AuthName "Restricted access for deployment>
                AuthLDAPURL ldap://adam01.es.local:389/DC=es,DC=at?cn?
                AuthLDAPBindDN srvbind
                AuthLDAPBindPassword somepw

                <Limit PUT PROPPATCH MKCOL COPY MOVE>
                        Require ldap-group CN=MemberOf=java_devs
                </Limit>

                ProxyPassReverse /
        </Location>


This is enough to seed out the Java Devs, and make sure only they can deploy
to our repositores.
But unfortunately, the Auth-Headers are transported to the backend, which
can authenticate the users just fine, but with their default role being
"nothing", it won't authorize them.

So my question is: How do I suppress the proxying of the auth headers?
Or for the archiva list: How do I asign a sane default role for all [new] users?

That's all folks!

Bye,
Igor


Mime
View raw message