archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Lamy <ol...@apache.org>
Subject Re: LDAP Issues
Date Fri, 14 Sep 2012 20:44:58 GMT
2012/9/14 Harris, Christopher P <chris_harris@baxter.com>:
> Sure thing.  I agree.  You guys seem pretty strapped for time and resources.  You definitely
need help.  If you guys release something, I'll help test it on Windauz and AD.  Even though
I've spent waaaaay more time (weeks and many late nights til 1am) than I should have getting
Archiva to work and learning what makes it tick, I still think that you guys are doing a great
job.  As I've mentioned in the past, I was getting steered towards Artifactory, which is nice
and ridiculously easy to set up, but I don't like how you have to pay for plug-ins.  I saw
the potential in Archiva and took stock in that.  1.4 seems like a huge leap after 1.3.  Keep
up the good work.  Archiva will get there.
>
Yup and plugins mechanism is one of my dreams (having some extension
points to be able to implement your own features).
Have a look at the successful projects (Maven Jenkins) this IMHO why
they are used a lot.

> Shiro, eh?  I stumbled across that project recently when looking for alternatives to
JEE5/6 security and Spring Security (just to see what else is out besides those 800-lb. gorillas
in the Java EE security world).  I've heard good things about it.  Not that this correlates
to quality, but I had never heard of Redback until digging into Archiva.

hehe

And Thanks for your early testing time !
We really appreciate !

>  - Chris Harris
>
> -----Original Message-----
> From: Olivier Lamy [mailto:olamy@apache.org]
> Sent: Friday, September 14, 2012 11:31 AM
> To: users@archiva.apache.org
> Subject: Re: LDAP Issues
>
> Hi,
> It's fair to relate your frustation as I have to agree this ldap part
> need more love :-).
> We probably need more help and test.
>
> Of of my dream is to remove this redback part to not have to maintain
> that (using shiro will ease) but that need some work... (maybe on
> layer on the top of redback and delegate to shiro)
>
> I can probably try to have a look but later as currently I'm focused
> on releasing 1.4-M3 with the new UI.
> But I will test on open source LDAP (I cannot test on AD server so
> here we will need help for testing).
>
> 2012/9/14 Chris Jacobs <Chris.Jacobs@apollogrp.edu>:
>> Weak LDAP support is my primary frustration with Archiva currently - I was quite
saddened to see your report on 1.4.x: I tried to configure LDAP in 1.3.x, had pretty much
the same experience you're having now, and got my hopes up after reading that some improvements
for LDAP were coming in 1.4.
>>
>> It boggles my mind that a large feature - authentication - would get so little work
towards integrating with external, rfc spec authentication systems. Shoving this 'problem'
off to Redback (documentation and decent integration from Archiva, what's that?) seems like
a serious cop-out - just make it another, even more anemic (it's a fact, not a pointing out
of failure), project's problem.
>>
>> I'm not adding anything here really; hoping to stoke some fires.
>>
>> - chris
>>
>> -----Original Message-----
>> From: Harris, Christopher P [mailto:chris_harris@baxter.com]
>> Sent: Friday, September 14, 2012 9:12 AM
>> To: users@archiva.apache.org
>> Subject: RE: LDAP Issues
>>
>> Hi, Eric.
>>
>> I actually encountered that error Andy's describing in MRM-998.  I encountered it
when the initial login/config that allows Archiva to locate and log in fails.  That's what
was preventing Archiva from even starting up.  Once I got past that error, I got to the point
where I am now.
>>
>> I get a 404 error for that 2nd link that you sent me.
>>
>>  - Chris Harris
>>
>> -----Original Message-----
>> From: Eric Barboni [mailto:Eric.Barboni@irit.fr]
>> Sent: Friday, September 14, 2012 3:41 AM
>> To: users@archiva.apache.org
>> Subject: RE: LDAP Issues
>>
>> Hi, sorry I never tried archiva and ldap
>>
>> Maybe this is related to http://jira.codehaus.org/browse/MRM-998
>> There are some old but different information here also
>> https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.ht
>> ml
>>
>>
>> Regards
>> Eric
>>
>> -----Message d'origine-----
>> De : Harris, Christopher P [mailto:chris_harris@baxter.com]
>> Envoyé : vendredi 14 septembre 2012 00:09
>> À : users@archiva.apache.org
>> Objet : LDAP Issues
>>
>> Hi,
>>
>> I've set up archiva-webapp-js-1.4-M3-SNAPSHOT.war to utilize
>> security.properties.  I followed
>> http://archiva.apache.org/redback/integration/ldap.html.  Yes, I know it's
>> out of date.  So, I went and downloaded the stand-alone version of Archiva
>> v1.4-M3.  I found applicationContext.xml and noticed the commented-out beans
>> and instructions left for modifying security.properties.
>>
>> I enabled the beans and modified security.properties accordingly:
>>
>> user.manager.impl=ldap
>> ldap.bind.authenticator.enabled=true
>> redback.default.admin=admin
>> redback.default.guest=guest
>> security.policy.password.expiration.enabled=false
>>
>> ldap.config.hostname=
>> ldap.config.port=
>> ldap.config.base.dn=
>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> ldap.config.bind.dn=
>> ldap.config.password=
>> #ldap.config.authentication.method=
>>
>> ldap.config.mapper.attribute.email=mail
>> ldap.config.mapper.attribute.fullname=givenName
>> ldap.config.mapper.attribute.password=userPassword
>> ldap.config.mapper.attribute.user.id=sAMAccountName
>> ldap.config.mapper.attribute.user.base.dn=
>> ldap.config.mapper.attribute.user.object.class=inetOrgPerson
>> ldap.config.mapper.attribute.user.filter=(attributeName=value)
>>
>> user.manager.impl=cached
>>
>> ldap.bind.authenticator.enabled=true
>>
>> Initially, I couldn't even start Archiva once I enabled LDAP.  Through trial
>> and error using Apache Directory Studio, I was able to successfully
>> configure LDAP.  Now, Archiva can start again since it can communicate via
>> LDAP to our AD server.
>>
>> There are some problems though:
>>
>> 1.)    The initial user Archiva/Redback tries to log in as (myself) but
>> cannot be found.  I see the logs return a variable "foundUser" with a value
>> of false.  I know I have the right dn.
>>
>> 2.)    Archiva cannot find any users via LDAP subtree searching.  I'm not
>> sure if I have to create the user in Archiva first (I assume that I do).
>>
>> 3.)    Thinking that I need to create an Archiva user for myself so that
>> problems #1 and #2 can be resolved, I tried to log in as admin.  The only
>> problem is that Archiva would not let me log in as admin any more.  I see in
>> archiva.log that LDAP is querying AD for admin.  Of course, admin cannot be
>> found.  I thought "redback.default.admin=admin" would allow me to log in as
>> admin as I did before I enabled LDAP.
>>
>> Note that my Active Directory account is not an admin account.  I can't see
>> any AD values named "userPassword".  I may need to be admin to even see that
>> field.  I figured that it would be visible but contain encrypted values.
>> ldap.config.mapper.attribute.password=userPassword is what I'm basing this
>> on.  I plan on implementing an admin account, but haven't been given that
>> information yet.
>>
>> Any suggestions?
>>
>>
>> -    Chris Harris
>> The information transmitted is intended only for the person(s)or entity to
>> which it is addressed and may contain confidential and/or legally privileged
>> material. Delivery of this message to any person other than the intended
>> recipient(s) is not intended in any way to waive privilege or
>> confidentiality. Any review, retransmission, dissemination or other use of ,
>> or taking of any action in reliance upon, this information by entities other
>> than the intended recipient is prohibited. If you receive this in error,
>> please contact the sender and delete the material from any computer.
>>
>> For Translation:
>>
>> http://www.baxter.com/email_disclaimer
>>
>> The information transmitted is intended only for the person(s)or entity to which
it is addressed and may contain confidential and/or legally privileged material. Delivery
of this message to any person other than the intended recipient(s) is not intended in any
way to waive privilege or confidentiality. Any review, retransmission, dissemination or other
use of , or taking of any action in reliance upon, this information by entities other than
the intended recipient is prohibited. If you receive this in error, please contact the sender
and delete the material from any computer.
>>
>> For Translation:
>>
>> http://www.baxter.com/email_disclaimer
>>
>>
>>
>> This message is private and confidential. If you have received it in error, please
notify the sender and remove it from your system.
>>
>>
>
>
>
> --
> Olivier Lamy
> Talend: http://coders.talend.com
> http://twitter.com/olamy | http://linkedin.com/in/olamy
> The information transmitted is intended only for the person(s)or entity to which it is
addressed and may contain confidential and/or legally privileged material. Delivery of this
message to any person other than the intended recipient(s) is not intended in any way to waive
privilege or confidentiality. Any review, retransmission, dissemination or other use of ,
or taking of any action in reliance upon, this information by entities other than the intended
recipient is prohibited. If you receive this in error, please contact the sender and delete
the material from any computer.
>
> For Translation:
>
> http://www.baxter.com/email_disclaimer
>



-- 
Olivier Lamy
Talend: http://coders.talend.com
http://twitter.com/olamy | http://linkedin.com/in/olamy

Mime
View raw message