archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harris, Christopher P" <chris_har...@baxter.com>
Subject LDAP Issues
Date Thu, 13 Sep 2012 22:09:04 GMT
Hi,

I've set up archiva-webapp-js-1.4-M3-SNAPSHOT.war to utilize security.properties.  I followed
http://archiva.apache.org/redback/integration/ldap.html.  Yes, I know it's out of date.  So,
I went and downloaded the stand-alone version of Archiva v1.4-M3.  I found applicationContext.xml
and noticed the commented-out beans and instructions left for modifying security.properties.

I enabled the beans and modified security.properties accordingly:

user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
redback.default.guest=guest
security.policy.password.expiration.enabled=false

ldap.config.hostname=
ldap.config.port=
ldap.config.base.dn=
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=
ldap.config.password=
#ldap.config.authentication.method=

ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=givenName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=sAMAccountName
ldap.config.mapper.attribute.user.base.dn=
ldap.config.mapper.attribute.user.object.class=inetOrgPerson
ldap.config.mapper.attribute.user.filter=(attributeName=value)

user.manager.impl=cached

ldap.bind.authenticator.enabled=true

Initially, I couldn't even start Archiva once I enabled LDAP.  Through trial and error using
Apache Directory Studio, I was able to successfully configure LDAP.  Now, Archiva can start
again since it can communicate via LDAP to our AD server.

There are some problems though:

1.)    The initial user Archiva/Redback tries to log in as (myself) but cannot be found. 
I see the logs return a variable "foundUser" with a value of false.  I know I have the right
dn.

2.)    Archiva cannot find any users via LDAP subtree searching.  I'm not sure if I have to
create the user in Archiva first (I assume that I do).

3.)    Thinking that I need to create an Archiva user for myself so that problems #1 and #2
can be resolved, I tried to log in as admin.  The only problem is that Archiva would not let
me log in as admin any more.  I see in archiva.log that LDAP is querying AD for admin.  Of
course, admin cannot be found.  I thought "redback.default.admin=admin" would allow me to
log in as admin as I did before I enabled LDAP.

Note that my Active Directory account is not an admin account.  I can't see any AD values
named "userPassword".  I may need to be admin to even see that field.  I figured that it would
be visible but contain encrypted values.  ldap.config.mapper.attribute.password=userPassword
is what I'm basing this on.  I plan on implementing an admin account, but haven't been given
that information yet.

Any suggestions?


-    Chris Harris
The information transmitted is intended only for the person(s)or entity to which it is addressed
and may contain confidential and/or legally privileged material. Delivery of this message
to any person other than the intended recipient(s) is not intended in any way to waive privilege
or confidentiality. Any review, retransmission, dissemination or other use of , or taking
of any action in reliance upon, this information by entities other than the intended recipient
is prohibited. If you receive this in error, please contact the sender and delete the material
from any computer.

For Translation:

http://www.baxter.com/email_disclaimer

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message