archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kurt Yoder <kyo...@gmail.com>
Subject Re: redback/ldap
Date Mon, 04 Apr 2011 19:46:28 GMT
auth01.foo.bar is signed by my own internal CA. I originally got a certificate error, as reported
here:

http://mail.openjdk.java.net/pipermail/discuss/2011-March/001731.html

However I was then able to import my certificate into openJDK's keystore and get past that
error. So I'm pretty sure the LDAP connection is working normally.

As for anonymous binds, yes I can see users and most of their information.

On Apr 4, 2011, at 3:02 PM, Brent Atkinson wrote:

> Kurt,
> 
> Thank you for sending this information along. It makes it much easier to try
> and help you.
> 
> Some questions based on this configuration:
> 
> * auth01.foo.bar - does the host have a signed cert from a trusted CA or is
> it self-signed?
> * if you connect anonymously to auth01.foo.bar, can you find users and see
> some of their basic information?
> 
> Brent
> 
> On Mon, Apr 4, 2011 at 9:50 PM, Kurt Yoder <kyoder@gmail.com> wrote:
> 
>> Thanks for all the replies. Here is my security.properties:
>> 
>> email.from.address=root@foo.bar
>> 
>> user.manager.impl=ldap
>> ldap.bind.authenticator.enabled=true
>> ldap.bind.authenticator=true
>> security.policy.password.expiration.enabled=false
>> 
>> ldap.config.hostname=auth01.foo.bar
>> ldap.config.port=636
>> ldap.config.ssl=true
>> ldap.config.base.dn=ou=people,dc=foo,dc=bar
>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> 
>> 
>> As for the application.xml, I was a bit confused by the documentation; is
>> it out of date? There are two versions of docs that I have been able to
>> find. One says to set various configurations directly in the
>> application.xml, and the other says to set these configurations within
>> security.properties. To be thorough, I will also include my application.xml:
>> 
>> 
>> 
>> 
>> Here's a screenshot of the immutable HTML form where archiva sends me (it's
>> behind an SSL proxy):
>> 
>> 
>> 
>> 
>> 
>> On Apr 2, 2011, at 1:22 AM, Brett Porter wrote:
>> 
>> <snip>
>> 
>>> 
>>> Asking here should be fine too, Archiva needs to offer the functionality
>> regardless, after all :)
>>> 
>>> Kurt, can you post an obfuscated copy of the settings you're using?
>>> 
>>> This works for me with anonymous bind:
>>> 
>>> ===
>>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>> 
>>> # LDAP server config
>>> ldap.config.hostname=***
>>> ldap.config.base.dn=***
>>> ldap.config.port=389
>>> 
>>> # LDAP anonymous bind config
>>> ldap.bind.authenticator.enabled=true
>>> 
>>> # LDAP user mapping : openldap use uid, redback default is cn
>>> ldap.config.mapper.attribute.user.id=uid
>>> ldap.config.mapper.attribute.user.email=mail
>>> ldap.config.mapper.attribute.fullname=givenName
>>> ldap.config.mapper.attribute.password=userPassword
>>> 
>>> # uid of the ldap user
>>> redback.default.admin=root
>>> 
>>> security.policy.password.expiration.enabled=false
>>> ===
>>> 
>>> (+ application.xml as in the docs)
>>> 
>>> Cheers,
>>> Brett
>>> 
>>> --
>>> Brett Porter
>>> brett@apache.org
>>> http://brettporter.wordpress.com/
>>> http://au.linkedin.com/in/brettporter
>>> 
>>> 
>>> 
>>> 
>> 
>> 
>> 


Mime
View raw message