Mailing-List: contact users-help@archiva.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@archiva.apache.org
MIME-Version: 1.0
In-Reply-To: 
 <9BD825F3554FD04AAB3B8BCBA96F192F01471713@026-SN2MPN1-023.026d.mgd.msft.net>
References: 
 <9BD825F3554FD04AAB3B8BCBA96F192F01470E2F@026-SN2MPN1-023.026d.mgd.msft.net>
 <006101cd9254$9cd16850$d67438f0$@irit.fr>
 <9BD825F3554FD04AAB3B8BCBA96F192F0147164B@026-SN2MPN1-023.026d.mgd.msft.net>
 <6C447584419BFE4E83D46E88F8131486A1E5DBD1B6@EXCH07-05.apollogrp.edu>
 <CAPoyBqSN3nACLwAT8BS8Bum93rKVr44W3tzVRtDEDMdEAxsNTA@mail.gmail.com>
 <9BD825F3554FD04AAB3B8BCBA96F192F01471713@026-SN2MPN1-023.026d.mgd.msft.net>
From: Olivier Lamy <olamy@apache.org>
Date: Fri, 14 Sep 2012 22:44:58 +0200
Message-ID: 
 <CAPoyBqSMYmQP9E_=Kr9m2SBzHEoBcVD=fE3A-sGB_4SZ5_W5ZQ@mail.gmail.com>
Subject: Re: LDAP Issues
To: users@archiva.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

2012/9/14 Harris, Christopher P <chris_harris@baxter.com>:
> Sure thing.  I agree.  You guys seem pretty strapped for time and resourc=
es.  You definitely need help.  If you guys release something, I'll help te=
st it on Windauz and AD.  Even though I've spent waaaaay more time (weeks a=
nd many late nights til 1am) than I should have getting Archiva to work and=
 learning what makes it tick, I still think that you guys are doing a great=
 job.  As I've mentioned in the past, I was getting steered towards Artifac=
tory, which is nice and ridiculously easy to set up, but I don't like how y=
ou have to pay for plug-ins.  I saw the potential in Archiva and took stock=
 in that.  1.4 seems like a huge leap after 1.3.  Keep up the good work.  A=
rchiva will get there.
>
Yup and plugins mechanism is one of my dreams (having some extension
points to be able to implement your own features).
Have a look at the successful projects (Maven Jenkins) this IMHO why
they are used a lot.

> Shiro, eh?  I stumbled across that project recently when looking for alte=
rnatives to JEE5/6 security and Spring Security (just to see what else is o=
ut besides those 800-lb. gorillas in the Java EE security world).  I've hea=
rd good things about it.  Not that this correlates to quality, but I had ne=
ver heard of Redback until digging into Archiva.

hehe

And Thanks for your early testing time !
We really appreciate !

>  - Chris Harris
>
> -----Original Message-----
> From: Olivier Lamy [mailto:olamy@apache.org]
> Sent: Friday, September 14, 2012 11:31 AM
> To: users@archiva.apache.org
> Subject: Re: LDAP Issues
>
> Hi,
> It's fair to relate your frustation as I have to agree this ldap part
> need more love :-).
> We probably need more help and test.
>
> Of of my dream is to remove this redback part to not have to maintain
> that (using shiro will ease) but that need some work... (maybe on
> layer on the top of redback and delegate to shiro)
>
> I can probably try to have a look but later as currently I'm focused
> on releasing 1.4-M3 with the new UI.
> But I will test on open source LDAP (I cannot test on AD server so
> here we will need help for testing).
>
> 2012/9/14 Chris Jacobs <Chris.Jacobs@apollogrp.edu>:
>> Weak LDAP support is my primary frustration with Archiva currently - I w=
as quite saddened to see your report on 1.4.x: I tried to configure LDAP in=
 1.3.x, had pretty much the same experience you're having now, and got my h=
opes up after reading that some improvements for LDAP were coming in 1.4.
>>
>> It boggles my mind that a large feature - authentication - would get so =
little work towards integrating with external, rfc spec authentication syst=
ems. Shoving this 'problem' off to Redback (documentation and decent integr=
ation from Archiva, what's that?) seems like a serious cop-out - just make =
it another, even more anemic (it's a fact, not a pointing out of failure), =
project's problem.
>>
>> I'm not adding anything here really; hoping to stoke some fires.
>>
>> - chris
>>
>> -----Original Message-----
>> From: Harris, Christopher P [mailto:chris_harris@baxter.com]
>> Sent: Friday, September 14, 2012 9:12 AM
>> To: users@archiva.apache.org
>> Subject: RE: LDAP Issues
>>
>> Hi, Eric.
>>
>> I actually encountered that error Andy's describing in MRM-998.  I encou=
ntered it when the initial login/config that allows Archiva to locate and l=
og in fails.  That's what was preventing Archiva from even starting up.  On=
ce I got past that error, I got to the point where I am now.
>>
>> I get a 404 error for that 2nd link that you sent me.
>>
>>  - Chris Harris
>>
>> -----Original Message-----
>> From: Eric Barboni [mailto:Eric.Barboni@irit.fr]
>> Sent: Friday, September 14, 2012 3:41 AM
>> To: users@archiva.apache.org
>> Subject: RE: LDAP Issues
>>
>> Hi, sorry I never tried archiva and ldap
>>
>> Maybe this is related to http://jira.codehaus.org/browse/MRM-998
>> There are some old but different information here also
>> https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-lda=
p.ht
>> ml
>>
>>
>> Regards
>> Eric
>>
>> -----Message d'origine-----
>> De : Harris, Christopher P [mailto:chris_harris@baxter.com]
>> Envoy=E9 : vendredi 14 septembre 2012 00:09
>> =C0 : users@archiva.apache.org
>> Objet : LDAP Issues
>>
>> Hi,
>>
>> I've set up archiva-webapp-js-1.4-M3-SNAPSHOT.war to utilize
>> security.properties.  I followed
>> http://archiva.apache.org/redback/integration/ldap.html.  Yes, I know it=
's
>> out of date.  So, I went and downloaded the stand-alone version of Archi=
va
>> v1.4-M3.  I found applicationContext.xml and noticed the commented-out b=
eans
>> and instructions left for modifying security.properties.
>>
>> I enabled the beans and modified security.properties accordingly:
>>
>> user.manager.impl=3Dldap
>> ldap.bind.authenticator.enabled=3Dtrue
>> redback.default.admin=3Dadmin
>> redback.default.guest=3Dguest
>> security.policy.password.expiration.enabled=3Dfalse
>>
>> ldap.config.hostname=3D
>> ldap.config.port=3D
>> ldap.config.base.dn=3D
>> ldap.config.context.factory=3Dcom.sun.jndi.ldap.LdapCtxFactory
>> ldap.config.bind.dn=3D
>> ldap.config.password=3D
>> #ldap.config.authentication.method=3D
>>
>> ldap.config.mapper.attribute.email=3Dmail
>> ldap.config.mapper.attribute.fullname=3DgivenName
>> ldap.config.mapper.attribute.password=3DuserPassword
>> ldap.config.mapper.attribute.user.id=3DsAMAccountName
>> ldap.config.mapper.attribute.user.base.dn=3D
>> ldap.config.mapper.attribute.user.object.class=3DinetOrgPerson
>> ldap.config.mapper.attribute.user.filter=3D(attributeName=3Dvalue)
>>
>> user.manager.impl=3Dcached
>>
>> ldap.bind.authenticator.enabled=3Dtrue
>>
>> Initially, I couldn't even start Archiva once I enabled LDAP.  Through t=
rial
>> and error using Apache Directory Studio, I was able to successfully
>> configure LDAP.  Now, Archiva can start again since it can communicate v=
ia
>> LDAP to our AD server.
>>
>> There are some problems though:
>>
>> 1.)    The initial user Archiva/Redback tries to log in as (myself) but
>> cannot be found.  I see the logs return a variable "foundUser" with a va=
lue
>> of false.  I know I have the right dn.
>>
>> 2.)    Archiva cannot find any users via LDAP subtree searching.  I'm no=
t
>> sure if I have to create the user in Archiva first (I assume that I do).
>>
>> 3.)    Thinking that I need to create an Archiva user for myself so that
>> problems #1 and #2 can be resolved, I tried to log in as admin.  The onl=
y
>> problem is that Archiva would not let me log in as admin any more.  I se=
e in
>> archiva.log that LDAP is querying AD for admin.  Of course, admin cannot=
 be
>> found.  I thought "redback.default.admin=3Dadmin" would allow me to log =
in as
>> admin as I did before I enabled LDAP.
>>
>> Note that my Active Directory account is not an admin account.  I can't =
see
>> any AD values named "userPassword".  I may need to be admin to even see =
that
>> field.  I figured that it would be visible but contain encrypted values.
>> ldap.config.mapper.attribute.password=3DuserPassword is what I'm basing =
this
>> on.  I plan on implementing an admin account, but haven't been given tha=
t
>> information yet.
>>
>> Any suggestions?
>>
>>
>> -    Chris Harris
>> The information transmitted is intended only for the person(s)or entity =
to
>> which it is addressed and may contain confidential and/or legally privil=
eged
>> material. Delivery of this message to any person other than the intended
>> recipient(s) is not intended in any way to waive privilege or
>> confidentiality. Any review, retransmission, dissemination or other use =
of ,
>> or taking of any action in reliance upon, this information by entities o=
ther
>> than the intended recipient is prohibited. If you receive this in error,
>> please contact the sender and delete the material from any computer.
>>
>> For Translation:
>>
>> http://www.baxter.com/email_disclaimer
>>
>> The information transmitted is intended only for the person(s)or entity =
to which it is addressed and may contain confidential and/or legally privil=
eged material. Delivery of this message to any person other than the intend=
ed recipient(s) is not intended in any way to waive privilege or confidenti=
ality. Any review, retransmission, dissemination or other use of , or takin=
g of any action in reliance upon, this information by entities other than t=
he intended recipient is prohibited. If you receive this in error, please c=
ontact the sender and delete the material from any computer.
>>
>> For Translation:
>>
>> http://www.baxter.com/email_disclaimer
>>
>>
>>
>> This message is private and confidential. If you have received it in err=
or, please notify the sender and remove it from your system.
>>
>>
>
>
>
> --
> Olivier Lamy
> Talend: http://coders.talend.com
> http://twitter.com/olamy | http://linkedin.com/in/olamy
> The information transmitted is intended only for the person(s)or entity t=
o which it is addressed and may contain confidential and/or legally privile=
ged material. Delivery of this message to any person other than the intende=
d recipient(s) is not intended in any way to waive privilege or confidentia=
lity. Any review, retransmission, dissemination or other use of , or taking=
 of any action in reliance upon, this information by entities other than th=
e intended recipient is prohibited. If you receive this in error, please co=
ntact the sender and delete the material from any computer.
>
> For Translation:
>
> http://www.baxter.com/email_disclaimer
>


--=20
Olivier Lamy
Talend: http://coders.talend.com
http://twitter.com/olamy | http://linkedin.com/in/olamy