archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brett Porter" <brett.por...@gmail.com>
Subject Re: ldap with Archiva
Date Mon, 18 Aug 2008 12:40:43 GMT
2008/8/18 Emmanuel Venisse <emmanuel.venisse@gmail.com>:
> On Mon, Aug 18, 2008 at 2:21 PM, Brett Porter <brett.porter@gmail.com>wrote:
>
>> On the admin side, I think we should allow the username for the main
>> administrator to be configurable to avoid this problem.
>
>
> For Continuum instances I installed, I'm the admin so I use my account for
> the admin in security.properties.

I didn't actually know those properties existed :)

>
> It isn't good to configure the main admin user in security.properties, a
> best way would be to use a new page where the user that install Continuum
> will can choose the admin like we do it for the configuration page if
> Continuum isn't configured yet.

Yes, that's always helpful. Does it at least skip the admin creation
page if you have the property set?

>
>
>>
>>
>> On the guest side, I think it's a bug that it's required in the store
>> (even in the database store) - it should be a special non-user user :)
>
>
> I'm agree.
>
> Emmanuel
>
>
>>
>>
>> - Brett
>>
>> 2008/8/18 Arnaud HERITIER <aheritier@gmail.com>:
>> > no they don't.
>> > And I'll not be able to do it. We don't have the possibility (for
>> security
>> > reasons) to create no human accounts in it :-(
>> > In the meantime, I found a workaround for my  initial issue :
>> > https://jira.codehaus.org/browse/MRM-911
>> > Thus I don't have actually to connect it to ldap but I think we'll have a
>> > lot of corporate environment where we won't be able to create those
>> > accounts.
>> >
>> > cheers
>> >
>> > arnaud
>> >
>> >
>> > On Mon, Aug 18, 2008 at 12:43 PM, Emmanuel Venisse <
>> > emmanuel.venisse@gmail.com> wrote:
>> >
>> >> 'admin' and 'guest' must be declared in your ldap.
>> >> Are they exists?
>> >>
>> >> Emmanuel
>> >>
>> >> On Thu, Aug 14, 2008 at 2:21 AM, Arnaud HERITIER <aheritier@gmail.com
>> >> >wrote:
>> >>
>> >> > Is it possible to do it when we deploy archiva as a war ?
>> >> > I tried to modified the application.xml in the expended webapp in
>> tomcat
>> >> > but
>> >> > I have always a NPE issue :
>> >> >
>> >> > 2008-08-14 01:23:18,435 [main] ERROR
>> >> >
>> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/archiva]
>> >> -
>> >> > Exception sending context initialized event to listener instance of
>> class
>> >> > org.apache.maven.archiva.web.startup.ArchivaStartup
>> >> > java.lang.NullPointerException
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.searchUsers(DefaultLdapController.java:129)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.getUser(DefaultLdapController.java:181)
>> >> >     at
>> >> >
>> >> >
>> >>
>> org.codehaus.plexus.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.codehaus.plexus.redback.users.configurable.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.codehaus.plexus.redback.xwork.checks.security.GuestUserEnvironmentCheck.validateEnvironment(GuestUserEnvironmentCheck.java:82)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks(SecuritySynchronization.java:151)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.maven.archiva.web.startup.SecuritySynchronization.startup(SecuritySynchronization.java:125)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized(ArchivaStartup.java:56)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
>> >> >    at
>> >> >
>> org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
>> >> >    at
>> >> >
>> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
>> >> >    at
>> >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
>> >> >    at
>> >> > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
>> >> >    at
>> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
>> >> >    at
>> >> >
>> >>
>> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
>> >> >    at
>> >> >
>> >> >
>> >>
>> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
>> >> >    at
>> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
>> >> >    at
>> org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
>> >> >    at
>> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
>> >> >    at
>> >> > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
>> >> >    at
>> >> >
>> org.apache.catalina.core.StandardService.start(StandardService.java:448)
>> >> >    at
>> >> > org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
>> >> >    at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
>> >> >     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >> >    at
>> >> >
>> >> >
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> >> >    at
>> >> >
>> >> >
>> >>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> >> >    at java.lang.reflect.Method.invoke(Method.java:597)
>> >> >     at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
>> >> >     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> >> >    at
>> >> >
>> >> >
>> >>
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> >> >    at
>> >> >
>> >> >
>> >>
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> >> >    at java.lang.reflect.Method.invoke(Method.java:597)
>> >> >    at
>> >> >
>> >>
>> org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177)
>> >> > 2008-08-14 01:23:18,436 [main] ERROR
>> >> > org.apache.catalina.core.StandardContext - Error listenerStart
>> >> > 2008-08-14 01:23:18,437 [main] ERROR
>> >> > org.apache.catalina.core.StandardContext - Context [/archiva] startup
>> >> > failed
>> >> > due to previou...
>> >> >
>> >> > In my security settings I have (it's an active directory and I get
>> >> settings
>> >> > from crowd which is also connecing to it with ldap) :
>> >> >
>> >> > user.manager.impl=ldap
>> >> > ldap.bind.authenticator.enabled=true
>> >> > redback.default.admin=admin
>> >> > redback.default.guest=guest
>> >> > security.policy.password.expiration.enabled=false
>> >> >
>> >> > ldap.config.hostname=X.Y.Z.W
>> >> > ldap.config.port=389
>> >> > ldap.config.base.dn=dc=paris,dc=france,dc=octo
>> >> > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> >> > ldap.config.bind.dn=cn=XXX,cn=users,dc=paris,dc=france,dc=octo
>> >> > ldap.config.password=XXX
>> >> > #ldap.config.authentication.method=
>> >> >
>> >> > ldap.user.store.enabled=true
>> >> >
>> >> > ldap.config.mapper.attribute.email=mail
>> >> > ldap.config.mapper.attribute.fullname=givenName
>> >> > ldap.config.mapper.attribute.password=unicodePwd
>> >> > ldap.config.mapper.attribute.user.id=sAMAccountName
>> >> >
>> >> >
>> >>
>> ldap.config.mapper.attribute.user.base.dn=cn=users,dc=paris,dc=france,dc=octo
>> >> > ldap.config.mapper.attribute.user.object.class=user
>> >> >
>> >> >
>> >>
>> ldap.config.mapper.attribute.user.filter=(&(&(objectCategory=Person)(sAMAccountName=*))(memberof=cn=octo,cn=users,dc=paris,dc=france,dc=octo))
>> >> >
>> >> > with or without components I have the NPE
>> >> > I also tried to modify my settings and I have always a NPE.
>> >> > I don't understand what I can do wrong.
>> >> >
>> >> > It seems that the NPE is due to the LDAP Context which isn't created.
>> >> >
>> >> > Any idea ?
>> >> >
>> >> >
>> >> >
>> >> > On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse <
>> >> > emmanuel.venisse@gmail.com
>> >> > > wrote:
>> >> >
>> >> > > Some components must be declared in application.xml.
>> >> > > Yesterday I added them in comments in trunk
>> >> > > Look at LDAP snippet part in
>> >> > >
>> >> > >
>> >> >
>> >>
>> https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
>> >> > >
>> >> > > Emmanuel
>> >> > >
>> >> > > On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching <oching@apache.org
>> >
>> >> > > wrote:
>> >> > >
>> >> > > > ---------- Forwarded message ----------
>> >> > > > From: Maria Odea Ching <oching@apache.org>
>> >> > > > Date: Wed, Aug 6, 2008 at 11:58 AM
>> >> > > > Subject: Re: ldap with Archiva
>> >> > > > To: ljiang15@yahoo.com
>> >> > > >
>> >> > > >
>> >> > > > Hi Marina,
>> >> > > >
>> >> > > > I'll be forwarding this to the archiva users list and we
could
>> >> continue
>> >> > > the
>> >> > > > discussion there :)
>> >> > > > Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1)
I think
>> >> you
>> >> > > only
>> >> > > > need to configure the security.properties file in order to
use
>> ldap
>> >> for
>> >> > > > authentication. Here's an example config:
>> >> > > >
>> >> > > > user.manager.impl=ldap
>> >> > > > ldap.bind.authenticator.enabled=true
>> >> > > > ldap.config.hostname=localhost
>> >> > > > ldap.config.port=10389
>> >> > > > ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org
>> >> > > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> >> > > > ldap.config.bind.dn=uid=admin,ou=system
>> >> > > > ldap.config.password=PASSWORD
>> >> > > >
>> >> > > > I'm not sure with redback 1.0.2 (used by archiva 1.1) though
if
>> there
>> >> > are
>> >> > > > additional configurations needed after the changes in redback's
>> LDAP
>> >> > > > module.
>> >> > > > Emmanuel might be able to answer that :)
>> >> > > >
>> >> > > > HTH,
>> >> > > > Deng
>> >> > > >
>> >> > > >
>> >> > > > On Wed, Aug 6, 2008 at 4:58 AM, Marina <ljiang15@yahoo.com>
>> wrote:
>> >> > > >
>> >> > > > > Hi, Maria
>> >> > > > >
>> >> > > > > I am trying to make ldap authenticated for Archiva.
I do not see
>> >> any
>> >> > of
>> >> > > > > examples online showing how to do it.
>> >> > > > > I wonder if you can give any example.
>> >> > > > >
>> >> > > > > Is the archiva.xml the only file to change?
>> >> > > > > Or I have  to change other property file?
>> >> > > > > Could you send me example of those ldap settings for
Archiva?
>> >> > > > >
>> >> > > > > Great Thanks!
>> >> > > > > Marina
>> >> > > > >
>> >> > > >
>> >> > >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > ..........................................................
>> >> > Arnaud HERITIER
>> >> > ..........................................................
>> >> > OCTO Technology - aheritier AT octo DOT com
>> >> > www.octo.com | blog.octo.com
>> >> > ..........................................................
>> >> > ASF - aheritier AT apache DOT org
>> >> > www.apache.org | maven.apache.org
>> >> > ...........................................................
>> >> >
>> >>
>> >
>> >
>> >
>> > --
>> > ..........................................................
>> > Arnaud HERITIER
>> > ..........................................................
>> > OCTO Technology - aheritier AT octo DOT com
>> > www.octo.com | blog.octo.com
>> > ..........................................................
>> > ASF - aheritier AT apache DOT org
>> > www.apache.org | maven.apache.org
>> > ...........................................................
>> >
>>
>>
>>
>> --
>> Brett Porter
>> Blog: http://blogs.exist.com/bporter/
>>
>



-- 
Brett Porter
Blog: http://blogs.exist.com/bporter/

Mime
View raw message