archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Jacobs <Chris.Jac...@apollogrp.edu>
Subject RE: LDAP authentication
Date Mon, 07 May 2012 19:17:08 GMT
Excellent news. It appears then I'll be waiting for 1.4 to be released. :)

I know most projects hate this question but is there a guesstimate when that will happen?

Thanks,
- chris

-----Original Message-----
From: mark magallanes [mailto:markjohnmagallanes@gmail.com]
Sent: Friday, May 04, 2012 12:45 PM
To: users@archiva.apache.org
Subject: Re: LDAP authentication

hi i was able to set up archiva with ldap using 1.4-M2 and adding the
securities.properties file I posted it on this issue
https://jira.codehaus.org/browse/MRM-1627

so far I am not having any problem with the set-up hope it helps.

Regards
Mark


On Sat, May 5, 2012 at 1:29 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edu>wrote:

> I saw that too, and the linked-to puppet template was quite helpful as
> well, but I'm still in the same position.
>
> Even after the silly process similar the 4th google result, when I login
> as the admin, I'm taken to the password reset screen which I can still
> ignore.
>
> I'm beginning to think I may not be successful in the the requirements I
> have for replacing our 'wild-west' archia instance:
> 1) Configured/managed via puppet
> 2) Authenticate via LDAP (ssl - which is working)
> 3) Access site via SSL (should be trivial)
>
> When I can not configure the Archiva instance once, and have it work, then
> I'm unable to satist step 1.
>
> Currently I have to do things by hand, using different versions of configs
> to get things to mostly work.
>
> - chris
>
> Chris Jacobs
> Systems Administrator, Technology Services Group
>
> Apollo Group  |  Apollo Marketing & Product Development  |  Aptimus, Inc.
> 1501 4th Ave  |  Suite 2500  |  Seattle, WA 98101
> direct 206.839.8245  |  cell 206.601.3256  |  Fax 206.644.0628
> email: chris.jacobs@apollogrp.edu
>
> ----- Original Message -----
> From: Not Zippy <notzippy@gmail.com>
> To: users@archiva.apache.org <users@archiva.apache.org>
> Sent: Fri May 04 10:22:36 2012
> Subject: Re: LDAP authentication
>
> I havent tried this but stack overflow has a solution
>
> http://stackoverflow.com/questions/8101294/unable-to-get-apache-archiva-working-with-ldap
>
> On Fri, May 4, 2012 at 10:14 AM, Chris Jacobs <Chris.Jacobs@apollogrp.edu
> >wrote:
>
> > I am a little disappointed; does no one use Archiva in an environment
> > where central authentication and disaster recovery is regarded as
> important?
> >
> > Or perhaps this is the wrong mailing list?
> >
> > Or perhaps I'm looking at the wrong documents?
> >
> > security.properties file itself offers no hints.
> > The comments/hints in application.xml seemed to help, but it doesn't give
> > everything that's needed (apparently).
> >
> > A google search for: archiva ldap
> > 1) http://archiva.apache.org/redback/integration/ldap.html is out of
> date
> > with the files being shipped with Archiva.
> > 2)
> >
> https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.htmlismissing
the actual useful bits on the page, but talks about them a lot.
> > 3) An LDAP thread from Oct 2008 on this mailing list talks about a lack
> of
> > documentation, with a broken link to an example default config (which I
> > managed to trace to the new repo but that didn't help)
> > 4) A bug report where steps similar to mine are reported but was closed
> > without addressing the actual issue with the only comment being "admin
> > account was locked" - but with LDAP enabled there doesn't appear to be an
> > unlock option.
> > etc.
> >
> > I'm at a loss here; I'm a system administrator - not a dev.
> >
> > Anyone feel like giving me some hints?
> >
> > - chris
> >
> > -----Original Message-----
> > From: Chris Jacobs [mailto:Chris.Jacobs@apollogrp.edu]
> > Sent: Thursday, May 03, 2012 4:54 PM
> > To: users@archiva.apache.org
> > Subject: RE: LDAP authentication
> >
> > I have managed some success by adding the lines to security.properties:
> >
> > redback.default.admin=archiva-admin (a real ldap account)
> > redback.default.guest=archiva-guest (a real ldap account)
> >
> > However, if I start with that config form the start, I am unable to login
> > as the archiva-admin account (even if I set it to other names which don't
> > exist in LDAP).
> >
> > I've found I can work around it by:
> > Install clean
> > Add ONLY the redback.default.admin line above Start Archiva Open page,
> > complete admin form.
> > On the following ridiculous page, it requests that I now CHANGE the
> > password.  Pffft.
> > Stop Archiva
> > Put in place the security.properties and application.xml files as below
> > into place - with the addition of the two redback lines above, and then
> > start archiva.
> >
> > And things work.
> >
> > Problem: This kind of setup procedure is untenable from a repeatable
> > system build (disaster recovery is important yo) persepective.
> >
> > I suspect that my configs are off somewhere where I'm unable to login as
> > the archiva-admin LDAP account - if I'm able to resolve this issue
> without
> > having to play config file musical chairs, I'll be golden.
> >
> > Thoughts?
> >
> > Thanks,
> > - chris
> >
> > -----Original Message-----
> > From: Chris Jacobs [mailto:Chris.Jacobs@apollogrp.edu]
> > Sent: Thursday, May 03, 2012 11:27 AM
> > To: users@archiva.apache.org
> > Subject: LDAP authentication
> >
> > Hello,
> >
> > The documentation I've seen for configuring authentication via LDAP is
> > sparse, inconsistent, and out of date (Redback), so before I even go into
> > the details of my problem I'll grant that I may have missed something
> > important.
> >
> > I'm using the current/latest stable release of Archiva's Standalone,
> 1.3.5.
> >
> > Here are the changes I've made from the default configuration (I haven't
> > even tried to bring the config and DBs from our existing 1.2.2 Archiva
> > instance).
> >
> > Diff against source of
> >
> archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties:
> > (cleaned of actual DNS and DN path)
> > ----------------------------------------------
> > 28,41d27
> > <
> > < ldap.config.hostname=ldap-vip.example.net
> > < ldap.config.port=389
> > < ldap.config.base.dn=ou=people,dc=example,dc=net
> > < ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > <
> > < ldap.config.mapper.attribute.email=mail
> > < ldap.config.mapper.attribute.fullname=cn
> > < ldap.config.mapper.attribute.password=userPassword
> > < ldap.config.mapper.attribute.user.id=uid
> > < ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net
> > < ldap.config.mapper.attribute.user.object.class=inetOrgPerson
> > <
> > < ldap.bind.authenticator.enabled=true
> > ----------------------------------------------
> >
> > Diff against source of
> > archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml:
> > (cleaned of actual DNS and DN path)
> > ----------------------------------------------
> > 257c257
> > <     <component>
> > ---
> > >     <!-- component>
> > 266c266
> > <     </component>
> > ---
> > >     </component-->
> > 291c291
> > <     <component>
> > ---
> > >     <!-- component>
> > 296,297c296,297
> > <         <email-attribute>mail</email-attribute>
> > <         <full-name-attribute>cn</full-name-attribute>
> > ---
> > >         <email-attribute>email</email-attribute>
> > >         <full-name-attribute>givenName</full-name-attribute>
> > 300c300
> > <         <user-base-dn>ou=people,dc=example,dc=net</user-base-dn>
> > ---
> > >         <user-base-dn>o=com</user-base-dn>
> > 308c308
> > <     </component>
> > ---
> > >     </component-->
> > ----------------------------------------------
> >
> > I can authenticate as admin just fine, when I authenticate as an LDAP
> > user, I see in the logs:
> > ----------------------------------------------
> > ==> wrapper.20120503.log <==
> > INFO   | jvm 1    | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN:
> >  /archiva/security/login.action
> > INFO   | jvm 1    | 2012/05/03 16:34:48 | java.lang.NullPointerException
> > INFO   | jvm 1    | 2012/05/03 16:34:48 |       at
> >
> org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
> > INFO   | jvm 1    | 2012/05/03 16:34:48 |       at
> >
> org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
> > (continues, snipped)
> > ----------------------------------------------
> > ==> archiva.log <==
> > 2012-05-03 16:34:47,940 [btpool0-3] WARN
> >
>  org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator
> >  - Login for user csjacobs failed. user not found.
> > 2012-05-03 16:34:47,942 [btpool0-3] INFO
> >  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> > Searching for users with filter:
> > '(&(objectClass=inetOrgPerson)(uid=csjacobs))' from base dn:
> > ou=people,dc=unix,dc=aptimus,dc=net
> > 2012-05-03 16:34:47,978 [btpool0-3] INFO
> >  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> > Found user?: true
> > 2012-05-03 16:34:47,980 [btpool0-3] INFO
> >  org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator  -
> > Attempting Authenication: +
> uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net
> > ----------------------------------------------
> >
> > And in my browser:
> > ----------------------------------------------
> > HTTP ERROR 500
> >
> > Problem accessing /archiva/security/login.action. Reason:
> >
> >    INTERNAL_SERVER_ERROR
> > Caused by:
> >
> > java.lang.NullPointerException
> >        at
> >
> org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
> >        at
> >
> org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
> > (continues, snipped)
> > ----------------------------------------------
> >
> > And most disturbingly, further attempts to to open any page in archiva
> > results in a similar error, even when I attempt to go to the logout url
> > directly, but that's due to the account I've attempted to login as. When
> I
> > open archiva in another browser, I can open archiva without difficulty.
> >
> > Any information, assistance, etc, would be greatly appreciated.
> >
> > Thanks,
> > - chris
> >
> > Chris Jacobs
> > Systems Administrator, Technology Services Group
> >
> > Apollo Group  |  Apollo Marketing & Product Development  |  Aptimus, Inc.
> > 1501 4th Ave  |  Suite 2500  |  Seattle, WA 98101 direct 206.839.8245  |
> >  cell 206.601.3256  |  Fax 206.644.0628
> > email: chris.jacobs@apollogrp.edu
> >
> >
> > This message is private and confidential. If you have received it in
> > error, please notify the sender and remove it from your system.
> >
> >
> >
> >
> > This message is private and confidential. If you have received it in
> > error, please notify the sender and remove it from your system.
> >
> >
> >
> >
> > This message is private and confidential. If you have received it in
> > error, please notify the sender and remove it from your system.
> >
> >
> >
>
> This message is private and confidential. If you have received it in
> error, please notify the sender and remove it from your system.
>
>
>

This message is private and confidential. If you have received it in error, please notify
the sender and remove it from your system.



Mime
View raw message