continuum-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: I need a help to ldap and archiva
Date Thu, 28 Jul 2011 14:30:05 GMT
At present, there is no connection between LDAP groups and roles in either Archiva or Continuum
- they still need to be allocated per user from the UI.

- Brett

On 28/07/2011, at 10:20 PM, "Pedro M. Leite \"" <pedro.larva@gmail.com> <pedro.larva@gmail.com>
wrote:

> I resolved my problem, now only to improve .. have some form so let users
> log in the group that are XXX?
> 
> Another question is whether it has to take that option to change the
> password when I enter the first time with the user.
> 
> 
> 
> ??????
> 
> 
> 
> 2011/7/27 Pedro M. Leite " <pedro.larva@gmail.com>
> 
>> I just discovered what it was ....
>> 
>> By default, the Archive has the line:
>> ldap.config.mapper.attribute.user.object.class=inetOrgPerson
>> 
>> Changed to:
>> ldap.config.mapper.attribute.user.object.class=simpleSecurityObject
>> 
>> And he proceeded to get UID's.
>> 
>> I resolved my problem, now only to improve .. have some form so let users
>> log in the group that are XXX?
>> 
>> Another question is whether it has to take that option to change the
>> password when I enter the first time with the user.
>> 
>> 
>> 
>> Tks.
>> 
>> --
>> Pedro Macedo Leite"
>> 2011/7/27 Pedro M. Leite " <pedro.larva@gmail.com>
>> 
>> Of course,
>>> 
>>> In application.xml am using the default unchanged. In login.properties
>>> esotu using the following lines:
>>> 
>>> 
>>> 
>>> user.manager.impl=ldap
>>> ldap.bind.authenticator.enabled=true
>>> redback.default.admin=pedro
>>> 
>>> security.policy.password.expiration.enabled=false
>>> ldap.config.hostname=IP_Server
>>> ldap.config.port=389
>>> ldap.config.base.dn=dc=domain,dc=domain,dc=domain
>>> 
>>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>> ldap.config.bind.dn=cn=admin,dc=domain,dc=domain,dc=domain
>>> ldap.config.password=xxxxxxxxx
>>> ldap.config.mapper.attribute.email=mail
>>> ldap.config.mapper.attribute.fullname=givenName
>>> ldap.config.mapper.attribute.password=userPassword
>>> ldap.config.mapper.attribute.user.id=uid
>>> 
>>> 
>>> And only with these settings, I can authenticate, since the LDAP user is created
>>> as the "User Account", if I create only profile "Simple Object Security", it
>>> does not work.
>>> The User Account is a more complete description of the user. Within the
>>> security.properties get the attribute from the user via "userid" and it
>>> works.
>>> The Simple Object Security is a registry that includes only user name and
>>> password (my current environment used in other systems). I try to get UID
>>> via the attribute and I can not. Archive tells the user not found, and
>>> there fall into the same problem of creating the admin.
>>> 
>>> Excuse my English, but I'm not native.
>>> 
>>> 
>>> --
>>> Pedro Macedo Leite"
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 2011/7/26 Brent Atkinson <batkinson@apache.org>
>>> 
>>>> Pedro,
>>>> 
>>>> I am curious, what instructions were you using to configure ldap?
>>>> 
>>>> Brent
>>>> 
>>>> On Tue, Jul 26, 2011 at 3:58 PM, Brent Atkinson <batkinson@apache.org
>>>>> wrote:
>>>> 
>>>>> Pedro,
>>>>> 
>>>>> Because you are being asked to create the admin user, it suggests that
>>>>> there is something wrong with your configuration. Could you give
>>>> specifics
>>>>> on what you have done to configure ldap? Just be careful not to send
>>>> any
>>>>> login credentials.
>>>>> 
>>>>> What would be helpful:
>>>>> 
>>>>> * settings.properties
>>>>> * application.xml
>>>>> 
>>>>> Brent
>>>>> 
>>>>> 
>>>>> On Tue, Jul 26, 2011 at 3:40 PM, Pedro M. Leite " <
>>>> pedro.larva@gmail.com>wrote:
>>>>> 
>>>>>> thanks
>>>>>> 
>>>>>> However it is my ldap openldap. After I sent the email, I got to
work
>>>> only
>>>>>> with the configuration by security.properties.
>>>>>> So that is not good, is giving many errors.
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Pedro Macedo Leite"
>>>>>> 
>>>>>> 2011/7/26 Louis Smith <dr.louis.smith@gmail.com>
>>>>>> 
>>>>>>> It is easy, but detailed.... it does work, I have it in several
>>>>>>> installations of my own and in client sites for heavy production
>>>> usage.
>>>>>>> 
>>>>>>> 
>>>>>>> In the security.properties file, you must specify the
>>>>>> redback.default.admin
>>>>>>> - it MUST be an EXISTING account in the LDAP.
>>>>>>> 
>>>>>>> It must be found at the config.base
>>>>>>> 
>>>>>>> All fields MUST be mapped to the correct LDAP entries.
>>>>>>> 
>>>>>>> The security.properties and the application.xml have to match
>>>> perfectly
>>>>>> in
>>>>>>> the definitions...
>>>>>>> 
>>>>>>> This is the security.properties file from my notebook:
>>>>>>> 
>>>>>>> user.manager.impl=ldap
>>>>>>> ldap.bind.authenticator.enabled=true
>>>>>>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>>>>>> 
>>>>>>> #
>>>>>>> # BinaryStar LDAP  (my dual core notebook)
>>>>>>> #
>>>>>>> 
>>>>>>> ldap.config.hostname=localhost
>>>>>>> ldap.config.base.dn=ou=External Users,ou=users,dc=locahost,dc=com
>>>>>>> ldap.config.port=389
>>>>>>> ldap.config.mapper.attribute.user.id=orclSAMAccountName
>>>>>>> ldap.config.mapper.attribute.user.email=orclSAMAccountName
>>>>>>> ldap.config.mapper.attribute.user.fullname=givenName
>>>>>>> ldap.config.mapper.attribute.user.password=userPassword
>>>>>>> redback.default.admin=Dr.Louis.Smith@gmail.com
>>>>>>> redback.default.guest=guest
>>>>>>> security.policy.password.expiration.enabled=false
>>>>>>> 
>>>>>>> and this is from the application.xml:
>>>>>>> 
>>>>>>> 
>>>>>>> <component>
>>>>>>>     <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
>>>>>>>     <role-hint>ldap</role-hint>
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>> <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation>
>>>>>>>     <configuration>
>>>>>>>       <email-attribute>orclSAMAccountName</email-attribute>
>>>>>>>       <full-name-attribute>givenName</full-name-attribute>
>>>>>>>       <password-attribute>userPassword</password-attribute>
>>>>>>>       <user-id-attribute>uid</user-id-attribute>
>>>>>>>       <user-base-dn>ou=External
>>>>>>> Users,ou=users,dc=localhost,dc=com</user-base-dn>
>>>>>>>       <user-object-class>inetOrgPerson</user-object-class>
>>>>>>>     </configuration>
>>>>>>>     <requirements>
>>>>>>>       <requirement>
>>>>>>> 
>>>>>>> 
>>>>>> 
>>>> <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
>>>>>>>       </requirement>
>>>>>>>     </requirements>
>>>>>>>   </component>
>>>>>>> 
>>>>>>> Triple-check everything.
>>>>>>> 
>>>>>>> And the final hint:  Verify that you can connect to the LDAP
>>>>>> anonymously,
>>>>>>> and that you can search for and find the defined admin userid
by DN
>>>>>>> 
>>>>>>> On Tue, Jul 26, 2011 at 1:06 PM, Pedro M. Leite " <
>>>>>> pedro.larva@gmail.com
>>>>>>>> wrote:
>>>>>>> 
>>>>>>>> Hello, I need a help from you.
>>>>>>>> 
>>>>>>>> I'm trying to configure to authenticate to an Archiva ldap
I have.
>>>> Ja
>>>>>>>> followed several posts.
>>>>>>>> However various posts led me to a problem.
>>>>>>>> When I set up security.properties and / or the application.xml
and
>>>>>>> restart
>>>>>>>> the
>>>>>>>> server, it goes without error and put me a screen to create
the
>>>> admin.
>>>>>>>> So far so good, the problem that this creation screen has
no time
>>>> for
>>>>>>>> typing,
>>>>>>>> so I can not fill in the fields.
>>>>>>>> With this he gave me the information below:
>>>>>>>> Create Admin User
>>>>>>>> Username: admin
>>>>>>>> Full Name is required.
>>>>>>>> Full Name:
>>>>>>>> Email Address is required.
>>>>>>>> Email Address:
>>>>>>>> 
>>>>>>>> Help me please.
>>>>>>>> 
>>>>>>>> --
>>>>>>>> Pedro Macedo Leite "
>>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> --
>>>>>>> Dr. Louis Smith, ThD
>>>>>>> Chief Technology Officer, Kyra InfoTech
>>>>>>> Colonel, Commemorative Air Force
>>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> --
>>>>>> Pedro Macedo Leite "
>>>>>> 
>>>>> 
>>>>> 
>>>> 
>>> 
>>> 
>>> 
>>> --
>>> Pedro Macedo Leite "
>>> 
>> 
>> 
>> 
>> --
>> Pedro Macedo Leite "
>> 
> 
> 
> 
> -- 
> Pedro Macedo Leite "

--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter





Mime
View raw message