archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <stefaan.du...@roularta.be>
Subject RE: Need help configuring Archiva LDAP configuration with anonymous snapshot deploy
Date Tue, 31 Oct 2017 08:19:13 GMT
Hello,

Sorry for my late response. (vacation followed by other priorities at work)
After we finaly went back to configuring the archiva instance, it no longer started.

We re-did the configuration.
Currently we have a setup as follows:
* UserManager(s) chosen
    * LDAP User Manager
    * Database User Manager
* RbacManager(s) chosen
    * LDAP RBac Manager
    * Database RBac Manager

As additional configuration we changed the property "redback.default.guest" to "archivaguest"
instead of "guest"
After this change, we no longer have the problem of the guest user being updated.
We assume the problem was caused because our LDAP had a user named "guest" which caused it
to overwrite the config we had for the guestuser.

We were able to assign roles to LDAP groups.

There are still a few minor issues that we have:

* when starting the application when not logged on: "Unable to find principal archivaguest"
      This is probably caused because we changed the redback.default.guest property.
      Is there a configuration we can do to prevent this message.

* when trying to find a user, it only loads exactly 1000 users from our LDAP system. When
the user is not among those 1000, you can't go to the user to check the effective roles of
the user. Is this a hard maximum or is this a setting that can be changed? (applying the LDAP
group to a user not in this list still works)

Regards,
Stefaan Dutry      

-----Oorspronkelijk bericht-----
Van: Martin [mailto:martin_s@apache.org] 
Verzonden: maandag 28 augustus 2017 21:42
Aan: users@archiva.apache.org
Onderwerp: Re: Need help configuring Archiva LDAP configuration with anonymous snapshot deploy

Hi,

it would be helpful, if you could provide some logs. 
The removal of the roles from the guest user seems a bit strange. You are running a single
instance only, not in a clustered environment?

By the way, the CSRF prevention that has been introduced with version 2.2.3 can be deactivated,
if you think the security risk is acceptable. Please look at the release notes.

Greetings

Martin

Am Dienstag, 22. August 2017, 11:50:48 CEST schrieb Stefaan Dutry:
> In our current setup we only use the LDAP configuration to 
> authenticate and not for authorisation.
> 
> We would like to switch to using LDAP group membership to configure 
> group membership.
> 
> Reasons:
>   -) Archiva is not able to find all LDAP users in the Users -> Manage section.
>   -) The dirty workaround we used to configure user - role management 
> for those we couldn't find, no longer works with version 2.2.3 
> (abusing the REST-API)
> 
> What we managed to do so far:
>   -) We managed to connect to LDAP successfully
>   -) We managed to set up the groups in LDAP and configure the 
> LDAP/Roles Mappings
>   -) We switched to only LDAP User Manager and only LDAP RBac Manager 
> (Users -> Users Runtime Configuration)
> 
> Problems we are having:
>   -) We are no longer able to upload an artifact to the snapshot 
> repository. We need this because we are using jenkins to start builds 
> and create snapshots automatically
>   -) We tried adding the roles to the Guest user, but they seem to be 
> automatically removed after a certain amount of time (15 min or so)
>   -) Archiva tends to log me out randomly, even when i'm active.
> 
> Version: 2.2.3
> 
> Can someone help me find what settings are incorrect.
> 
> 



Mime
View raw message