archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Jacobs <Chris.Jac...@apollogrp.edu>
Subject Re: LDAP authentication
Date Fri, 04 May 2012 17:29:33 GMT
I saw that too, and the linked-to puppet template was quite helpful as well, but I'm still
in the same position.

Even after the silly process similar the 4th google result, when I login as the admin, I'm
taken to the password reset screen which I can still ignore.

I'm beginning to think I may not be successful in the the requirements I have for replacing
our 'wild-west' archia instance:
1) Configured/managed via puppet
2) Authenticate via LDAP (ssl - which is working)
3) Access site via SSL (should be trivial)

When I can not configure the Archiva instance once, and have it work, then I'm unable to satist
step 1.

Currently I have to do things by hand, using different versions of configs to get things to
mostly work.

- chris

Chris Jacobs
Systems Administrator, Technology Services Group

Apollo Group  |  Apollo Marketing & Product Development  |  Aptimus, Inc.
1501 4th Ave  |  Suite 2500  |  Seattle, WA 98101
direct 206.839.8245  |  cell 206.601.3256  |  Fax 206.644.0628
email: chris.jacobs@apollogrp.edu

----- Original Message -----
From: Not Zippy <notzippy@gmail.com>
To: users@archiva.apache.org <users@archiva.apache.org>
Sent: Fri May 04 10:22:36 2012
Subject: Re: LDAP authentication

I havent tried this but stack overflow has a solution
http://stackoverflow.com/questions/8101294/unable-to-get-apache-archiva-working-with-ldap

On Fri, May 4, 2012 at 10:14 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edu>wrote:

> I am a little disappointed; does no one use Archiva in an environment
> where central authentication and disaster recovery is regarded as important?
>
> Or perhaps this is the wrong mailing list?
>
> Or perhaps I'm looking at the wrong documents?
>
> security.properties file itself offers no hints.
> The comments/hints in application.xml seemed to help, but it doesn't give
> everything that's needed (apparently).
>
> A google search for: archiva ldap
> 1) http://archiva.apache.org/redback/integration/ldap.html is out of date
> with the files being shipped with Archiva.
> 2)
> https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.htmlis missing
the actual useful bits on the page, but talks about them a lot.
> 3) An LDAP thread from Oct 2008 on this mailing list talks about a lack of
> documentation, with a broken link to an example default config (which I
> managed to trace to the new repo but that didn't help)
> 4) A bug report where steps similar to mine are reported but was closed
> without addressing the actual issue with the only comment being "admin
> account was locked" - but with LDAP enabled there doesn't appear to be an
> unlock option.
> etc.
>
> I'm at a loss here; I'm a system administrator - not a dev.
>
> Anyone feel like giving me some hints?
>
> - chris
>
> -----Original Message-----
> From: Chris Jacobs [mailto:Chris.Jacobs@apollogrp.edu]
> Sent: Thursday, May 03, 2012 4:54 PM
> To: users@archiva.apache.org
> Subject: RE: LDAP authentication
>
> I have managed some success by adding the lines to security.properties:
>
> redback.default.admin=archiva-admin (a real ldap account)
> redback.default.guest=archiva-guest (a real ldap account)
>
> However, if I start with that config form the start, I am unable to login
> as the archiva-admin account (even if I set it to other names which don't
> exist in LDAP).
>
> I've found I can work around it by:
> Install clean
> Add ONLY the redback.default.admin line above Start Archiva Open page,
> complete admin form.
> On the following ridiculous page, it requests that I now CHANGE the
> password.  Pffft.
> Stop Archiva
> Put in place the security.properties and application.xml files as below
> into place - with the addition of the two redback lines above, and then
> start archiva.
>
> And things work.
>
> Problem: This kind of setup procedure is untenable from a repeatable
> system build (disaster recovery is important yo) persepective.
>
> I suspect that my configs are off somewhere where I'm unable to login as
> the archiva-admin LDAP account - if I'm able to resolve this issue without
> having to play config file musical chairs, I'll be golden.
>
> Thoughts?
>
> Thanks,
> - chris
>
> -----Original Message-----
> From: Chris Jacobs [mailto:Chris.Jacobs@apollogrp.edu]
> Sent: Thursday, May 03, 2012 11:27 AM
> To: users@archiva.apache.org
> Subject: LDAP authentication
>
> Hello,
>
> The documentation I've seen for configuring authentication via LDAP is
> sparse, inconsistent, and out of date (Redback), so before I even go into
> the details of my problem I'll grant that I may have missed something
> important.
>
> I'm using the current/latest stable release of Archiva's Standalone, 1.3.5.
>
> Here are the changes I've made from the default configuration (I haven't
> even tried to bring the config and DBs from our existing 1.2.2 Archiva
> instance).
>
> Diff against source of
> archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties:
> (cleaned of actual DNS and DN path)
> ----------------------------------------------
> 28,41d27
> <
> < ldap.config.hostname=ldap-vip.example.net
> < ldap.config.port=389
> < ldap.config.base.dn=ou=people,dc=example,dc=net
> < ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> <
> < ldap.config.mapper.attribute.email=mail
> < ldap.config.mapper.attribute.fullname=cn
> < ldap.config.mapper.attribute.password=userPassword
> < ldap.config.mapper.attribute.user.id=uid
> < ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net
> < ldap.config.mapper.attribute.user.object.class=inetOrgPerson
> <
> < ldap.bind.authenticator.enabled=true
> ----------------------------------------------
>
> Diff against source of
> archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml:
> (cleaned of actual DNS and DN path)
> ----------------------------------------------
> 257c257
> <     <component>
> ---
> >     <!-- component>
> 266c266
> <     </component>
> ---
> >     </component-->
> 291c291
> <     <component>
> ---
> >     <!-- component>
> 296,297c296,297
> <         <email-attribute>mail</email-attribute>
> <         <full-name-attribute>cn</full-name-attribute>
> ---
> >         <email-attribute>email</email-attribute>
> >         <full-name-attribute>givenName</full-name-attribute>
> 300c300
> <         <user-base-dn>ou=people,dc=example,dc=net</user-base-dn>
> ---
> >         <user-base-dn>o=com</user-base-dn>
> 308c308
> <     </component>
> ---
> >     </component-->
> ----------------------------------------------
>
> I can authenticate as admin just fine, when I authenticate as an LDAP
> user, I see in the logs:
> ----------------------------------------------
> ==> wrapper.20120503.log <==
> INFO   | jvm 1    | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN:
>  /archiva/security/login.action
> INFO   | jvm 1    | 2012/05/03 16:34:48 | java.lang.NullPointerException
> INFO   | jvm 1    | 2012/05/03 16:34:48 |       at
> org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
> INFO   | jvm 1    | 2012/05/03 16:34:48 |       at
> org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
> (continues, snipped)
> ----------------------------------------------
> ==> archiva.log <==
> 2012-05-03 16:34:47,940 [btpool0-3] WARN
>  org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator
>  - Login for user csjacobs failed. user not found.
> 2012-05-03 16:34:47,942 [btpool0-3] INFO
>  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> Searching for users with filter:
> '(&(objectClass=inetOrgPerson)(uid=csjacobs))' from base dn:
> ou=people,dc=unix,dc=aptimus,dc=net
> 2012-05-03 16:34:47,978 [btpool0-3] INFO
>  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> Found user?: true
> 2012-05-03 16:34:47,980 [btpool0-3] INFO
>  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> Attempting Authenication: + uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net
> ----------------------------------------------
>
> And in my browser:
> ----------------------------------------------
> HTTP ERROR 500
>
> Problem accessing /archiva/security/login.action. Reason:
>
>    INTERNAL_SERVER_ERROR
> Caused by:
>
> java.lang.NullPointerException
>        at
> org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
>        at
> org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
> (continues, snipped)
> ----------------------------------------------
>
> And most disturbingly, further attempts to to open any page in archiva
> results in a similar error, even when I attempt to go to the logout url
> directly, but that's due to the account I've attempted to login as. When I
> open archiva in another browser, I can open archiva without difficulty.
>
> Any information, assistance, etc, would be greatly appreciated.
>
> Thanks,
> - chris
>
> Chris Jacobs
> Systems Administrator, Technology Services Group
>
> Apollo Group  |  Apollo Marketing & Product Development  |  Aptimus, Inc.
> 1501 4th Ave  |  Suite 2500  |  Seattle, WA 98101 direct 206.839.8245  |
>  cell 206.601.3256  |  Fax 206.644.0628
> email: chris.jacobs@apollogrp.edu
>
>
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
>
>
>
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
>
>
>
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
>
>

This message is private and confidential. If you have received it in error, please notify
the sender and remove it from your system.



Mime
View raw message