archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Sharp <forjsh...@gmail.com>
Subject Re: Issues in LDAP Role Mapping & Filter
Date Wed, 20 Aug 2014 05:14:19 GMT
Hi Oliver,

Does the workaround in this jira issue address your #1?
<https://jira.codehaus.org/browse/MRM-1486>
https://jira.codehaus.org/browse/MRM-1486

For #2, what sort of failure and log/error messages are you seeing?

Best,

Jon Sharp



On Tue, Aug 19, 2014 at 3:11 AM, Polte, Oliver <oliver.polte@ivi.de> wrote:

> Hi,
>
>
> I am having 2 Issues with Archiva 2.1.0 Standalone and LDAP
> Authentification.
>
>
> 1.
> After adding <filter> in the Archiva.xml, the property
> ldap.config.mapper.attribute.user.filter will show up in the Redback
> Runtime Configuration
> I can then add an ldap filter to the properties -> save -> Web Interface
> will show "LDAP Role-Group mapping updated" and the filter works!
>
> The Archiva.xml is modified by the Web Interface, adding a <filter> tag
> for every comma separated Part.
>
> <filter>memberOf=CN=archiva_user</filter>
> <filter>OU=Archiva</filter>
> <filter>OU=Applikation</filter>
> <filter>OU=Groups</filter>
> <filter>DC=domain</filter>
> <filter>DC=com</filter>
>
> On Restart of the Service, the Configuration XML is modified and only 1
> <filter> tag remains.
>
> <filter>memberOf=CN=archiva_user</filter>
>
> Users are no longer seen and unable to login.
>
>
> 2.
> Group-Role Mapping fails in Active Directory with comma separated Objects.
>
> Users in AD created with a comma -> "Smith, John" are not mapped to their
> Roles in Redback.
>
> AD will create a Backslash in front of the comma for the Object Name, but
> not in the cn attribute.
>
> Object name in ldap is "Smith\, John"
> distinguishedName "cn=Smith\, John,ou=department,dc=domain,dc=com"
>
> The cn attribute inside the object is "Smith, John"
> The member attribute in a group will show the distinguishedName
>
> When the comma is removed from the object name, mapping immediately works.
> (AD will not show the backslash, Softerra LDAP Browser was used to see
> them)
>
>
>
> Mit besten Grüßen
> Oliver Polte | Systemtechnik
>
> IVI Informationsverarbeitungs GmbH
> Itzehoer Platz, 25524 Itzehoe
> Telefon: +49 4821 8040-428
> E-Mail: oliver.polte@ivi.de<mailto:oliver.polte@ivi.de>
> Internet: http://www.ivi.de/
>
>
> _____________________________________________________________________
> IVI Informationsverarbeitungs GmbH
> Itzehoer Platz, 25524 Itzehoe
> Geschäftsführer: Uwe Müller, Stefan Schwalbach
> Sitz: Itzehoe, Registergericht: Amtsgericht Pinneberg
> HRB 2073 IZ, USt.-ID-Nr. DE 134 777 598
> _____________________________________________________________________
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message