archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carr, Brian M" <brianmc...@austin.utexas.edu>
Subject Re: ldap with Archiva
Date Fri, 08 Aug 2008 18:58:24 GMT
I¹ve discovered that the BindDN magically gets a Œ,¹ added to it when read
from the config.  This causes authentication to fail, since the bind dn is
now incorrect.  The problem is in the
ConfigurableLdapConnectionFactory.getConcatenatedList(String, String)
method.  It is receiving your full bind dn as a single element list.  It
then iterates over the list, adding a Œ,¹ after every element.  I¹m thinking
that the entry in the properties file was intended to be added in some other
way than the full bind dn as a string, but can¹t find documentation to
exactly what it expects.

--b


On 8/8/08 12:53 PM, "Chris Brentano" <chris.brentano@jivesoftware.com>
wrote:

> I'm getting somewhere, but I think I may be missing a piece of
> configuration or doing something incorrect.
> 
> My $archiva_home/conf/security.properties file looks like this:
> user.manager.impl=ldap
> ldap.bind.authenticator.enabled=true
> redback.default.admin=admin
> redback.default.guest=guest
> security.policy.password.expiration.enabled=false
> 
> ldap.user.store.enabled=true
> ldap.config.hostname=dc02.jiveville.com
> ldap.config.port=389
> ldap.config.base.dn=OU=JiveUsers,DC=jiveville,DC=com
> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> ldap
> .config
> .bind.dn=CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com
> ldap.config.password=********
> 
> 
> And my $archiva_home/conf/application.xml file looks like:
>      <component>
> 
> <
> role
>>  >
> org
> .codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</
> role>
>        <role-hint>configurable</role-hint>
> 
> <
> implementation
>>  >
> org
> .codehaus
> .plexus
> .redback.common.ldap.connection.ConfigurableLdapConnectionFactory</
> implementation>
>        <description>ldap connection</description>
>        <configuration>
>          <hostname>dc02.jiveville.com</hostname>
>          <port>389</port>
>          <baseDn>OU=JiveUsers,DC=jiveville,DC=com</baseDn>
>          <contextFactory>com.sun.jndi.ldap.LdapCtxFactory</
> contextFactory>
>          <password>********</password>
> 
> <
> bindDn
>>  >CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com</
> bindDn>
>        </configuration>
>      </component>
> 
>      <component>
>        <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
>        <role-hint>ldap</role-hint>
> 
> <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper
> </implementation>
>        <description></description>
>        <configuration>
>          <email-attribute>email</email-attribute>
>          <full-name-attribute>givenName</full-name-attribute>
>          <password-attribute>userPassword</password-attribute>
>          <user-id-attribute>cn</user-id-attribute>
>          <user-base-dn></user-base-dn>
>          <user-object-class>inetOrgPerson</user-object-class>
>        </configuration>
>      </component>
> 
> But what I end up with is:
> org.codehaus.plexus.redback.common.ldap.connection.LdapException:
> Could not connect to the server. [Root exception is
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308
> : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
> 525, vece^@]]
>          at
> org
> .codehaus
> .plexus
> .redback
> .common.ldap.connection.LdapConnection.<init>(LdapConnection.java:81)
>          at
> org
> .codehaus
> .plexus
> .redback
> .common
> .ldap
> .connection
> .ConfigurableLdapConnectionFactory
> .getConnection(ConfigurableLdapConnectionFactory.java:130)
>          at
> org
> .codehaus
> .plexus
> .redback.users.ldap.LdapUserManager.newDirContext(LdapUserManager.java:
> 338)
>          at
> org
> .codehaus
> .plexus
> .redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214)
>          at
> org
> .codehaus
> .plexus
> .redback
> .users
> .configurable
> .ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
>          at
> org
> .codehaus
> .plexus
> .redback
> .xwork
> .checks
> .security
> .GuestUserEnvironmentCheck
> .validateEnvironment(GuestUserEnvironmentCheck.java:82)
>          at 
> org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmen
> tChecks
> (SecuritySynchronization.java:151)
>          at 
> org.apache.maven.archiva.web.startup.SecuritySynchronization.startup
> (SecuritySynchronization.java:125)
>          at 
> org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized
> (ArchivaStartup.java:56)
>          at
> org
> .mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:
> 539)
>          at
> org.mortbay.jetty.servlet.Context.startContext(Context.java:135)
>          at
> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:
> 1216)
>          at
> org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:
> 509)
>          at
> org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447)
>          at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
>          at
> org
> .mortbay
> .jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
>          at
> org
> .mortbay
> .jetty
> .handler
> .ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
>          at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
>          at
> org
> .mortbay
> .jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
>          at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
>          at
> org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:
> 117)
>          at org.mortbay.jetty.Server.doStart(Server.java:222)
>          at
> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
>          at
> org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977)
>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>          at
> sun
> .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 39)
>          at
> sun
> .reflect
> .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
> 25)
>          at java.lang.reflect.Method.invoke(Method.java:597)
>          at org.mortbay.start.Main.invokeMain(Main.java:194)
>          at org.mortbay.start.Main.start(Main.java:509)
>          at org.mortbay.start.Main.main(Main.java:119)
>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>          at
> sun
> .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 39)
>          at
> sun
> .reflect
> .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
> 25)
>          at java.lang.reflect.Method.invoke(Method.java:597)
>          at
> org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:
> 240)
>          at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49
> - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece^@]
>          at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
>          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
> 2951)
>          at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:
> 2753)
>          at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
>          at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
>          at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
>          at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
>          at
> com
> .sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:
> 136)
>          at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:
> 66)
>          at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
>          at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
>          at javax.naming.InitialContext.init(InitialContext.java:223)
>          at javax.naming.InitialContext.<init>(InitialContext.java:197)
>          at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:
> 82)
>          at
> org
> .codehaus
> .plexus
> .redback
> .common.ldap.connection.LdapConnection.<init>(LdapConnection.java:77)
>          ... 36 more
> 
> ---
> 
> Now, I wasn't sure where to put application.xml, so I'm unsure if it
> belongs in a different directory. I couldn't find anything in the
> Archiva docs or on the Wiki saying where to put that file so I took a
> best guess. Also, I am able to connect to the LDAP server using
> JXplorer using the same credentials/settings so I know that they are
> correct. (It looks like AcceptSecurityContext error, data 525 could
> mean "Bad username" according to
> http://forums.sun.com/thread.jspa?messageID=9941793
>   -- which if I deliberately use an incorrect username with JXplorer I
> get this same error).
> 
> Thanks for your help everyone, I sincerely appreciate it!
> 
> - Chris
> 
> 
> On 6 Aug, 2008, at 4:51 AM, Emmanuel Venisse wrote:
> 
>> > redback 1.0.1 doesn't work well with LDAP and 1.0.2/1.0.3 doesn't
>> > support
>> > LDAPS
>> >
>> > Emmanuel
>> >
>> > On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse
>> <emmanuel.venisse@gmail.com
>>> >> wrote:
>> >
>>> >> Some components must be declared in application.xml.
>>> >> Yesterday I added them in comments in trunk
>>> >> Look at LDAP snippet part in
>>> >> 
>>> https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/a
>>> rchiva-webapp/src/main/resources/META-INF/plexus/application.xml
>>> >>
>>> >> Emmanuel
>>> >>
>>> >>
>>> >> On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching
>>> >> <oching@apache.org>wrote:
>>> >>
>>>> >>> ---------- Forwarded message ----------
>>>> >>> From: Maria Odea Ching <oching@apache.org>
>>>> >>> Date: Wed, Aug 6, 2008 at 11:58 AM
>>>> >>> Subject: Re: ldap with Archiva
>>>> >>> To: ljiang15@yahoo.com
>>>> >>>
>>>> >>>
>>>> >>> Hi Marina,
>>>> >>>
>>>> >>> I'll be forwarding this to the archiva users list and we could
>>>> >>> continue
>>>> >>> the
>>>> >>> discussion there :)
>>>> >>> Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1)
I think
>>>> >>> you
>>>> >>> only
>>>> >>> need to configure the security.properties file in order to use
>>>> >>> ldap for
>>>> >>> authentication. Here's an example config:
>>>> >>>
>>>> >>> user.manager.impl=ldap
>>>> >>> ldap.bind.authenticator.enabled=true
>>>> >>> ldap.config.hostname=localhost
>>>> >>> ldap.config.port=10389
>>>> >>> ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org
>>>> >>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>>> >>> ldap.config.bind.dn=uid=admin,ou=system
>>>> >>> ldap.config.password=PASSWORD
>>>> >>>
>>>> >>> I'm not sure with redback 1.0.2 (used by archiva 1.1) though
if
>>>> >>> there are
>>>> >>> additional configurations needed after the changes in redback's
LDAP
>>>> >>> module.
>>>> >>> Emmanuel might be able to answer that :)
>>>> >>>
>>>> >>> HTH,
>>>> >>> Deng
>>>> >>>
>>>> >>>
>>>> >>> On Wed, Aug 6, 2008 at 4:58 AM, Marina <ljiang15@yahoo.com>
wrote:
>>>> >>>
>>>>> >>>> Hi, Maria
>>>>> >>>>
>>>>> >>>> I am trying to make ldap authenticated for Archiva.
I do not see
>>>>> >>>> any of
>>>>> >>>> examples online showing how to do it.
>>>>> >>>> I wonder if you can give any example.
>>>>> >>>>
>>>>> >>>> Is the archiva.xml the only file to change?
>>>>> >>>> Or I have  to change other property file?
>>>>> >>>> Could you send me example of those ldap settings for
Archiva?
>>>>> >>>>
>>>>> >>>> Great Thanks!
>>>>> >>>> Marina
>>>>> >>>>
>>>> >>>
>>> >>
>>> >>
> 
> 


______________________________
Brian M. Carr
Identity and Access Management
ITS Applications
University of Texas at Austin
V: 512-232-6419
F: 512-471-5746
brianmcarr@austin.utexas.edu



Mime
View raw message