Hi Ken,
Glad to hear about the Power Pack :)
About your issue - could you please check that the default group LDAP
authenticated users are assigned to has 'read' permissions on the
repositories artifacts are downloaded from? If the artifacts in question are
downloaded from remote repositories, you'd also have to assign the group
with a 'deploy' permission on the relevant remote repositories (cache
population is considered deploying in Artifactory).
If that still doesn't help, maybe you want to send your configuration files
(from the UI Admin:Advanced:Config Descriptor + Security Descriptor) and the
'artifactory.log' and 'access.log' files directly to supp...@jfrog.org -
it'd be the fastest way to help you and get all the needed information for
that.
Thanks,
Yoav
On Fri, Feb 12, 2010 at 6:40 AM, Pacileo, Ken <ken_paci...@uhc.com> wrote:
> Hi Yoav,
>
>
>
> Thank you for your reply. We submitted the form for a support contract and
> for the power pack. It’s in management’s hands now and will probably take
> some time to work out the details.
>
>
>
> In the interim, I’m having problems trying to setup a proof of concept
> Artifactory instance running the OSS version of 2.2.0 with LDAP enabled,
> anonymous access disabled, a default group that all users get assigned to
> and a permissions target that maps read permissions for the group to all
> repositories. I wanted to start simple with allowing read access for all
> repositories and then selectively disable some local repositories for all
> but certain users. I verified LDAP is working by having some users sign in
> to the UI successfully and I can see their userid in Artifactory after they
> sign in. The problem I have is that builds fail to authenticate with an
> access denied message. If I enable anonymous access then the builds succeed.
> I tried using both encrypted passwords and clear text passwords in the
> ${MAVEN_HOME}/conf/settings.xml file but neither seems to make a difference.
>
>
>
>
> Am I missing something obvious or is there something else I need to setup?
>
>
>
> When running “mvn –X -e help:effective-settings” on a sample project this
> is the stack trace:
>
> [DEBUG] Retrieving parent-POM: com.myco:ParentPom:pom:1.3.17 for project:
> com.myco.eaj:eaj-parentPom:pom:1.2.1-SNAPSHOT from the repository.
>
> [DEBUG] Trying repository EAJ-Releases
>
> [DEBUG] Using mirror: http://xxxxxxxx/artifactory/repo (id: artifactory)
>
> [DEBUG] Using Wagon implementation lightweight from default mapping for
> protocol http
>
> [DEBUG] Checking for pre-existing User-Agent configuration.
>
> [DEBUG] Adding User-Agent configuration.
>
> [DEBUG] Connecting to repository: 'artifactory' with url: '
> http://xxxxxxxx/artifactory/repo'.
>
> Downloading:
> http://xxxxxxxx/artifactory/repo/com/myco/ParentPom/1.3.17/ParentPom-1.3.17.pom
>
> [DEBUG] Access denied to:
> http://xxxxxxxx/artifactory/repo/com/myco/ParentPom/1.3.17/ParentPom-1.3.17.pom
>
> org.apache.maven.wagon.authorization.AuthorizationException: Access denied
> to:
> http://xxxxxxxx/artifactory/repo/com/myco/ParentPom/1.3.17/ParentPom-1.3.17.pom
>
> at
> org.apache.maven.wagon.providers.http.LightweightHttpWagon.fillInputData(LightweightHttpWagon.java:119)
>
> at
> org.apache.maven.wagon.StreamWagon.getInputStream(StreamWagon.java:116)
>
> at
> org.apache.maven.wagon.StreamWagon.getIfNewer(StreamWagon.java:88)
>
> at org.apache.maven.wagon.StreamWagon.get(StreamWagon.java:61)
>
> at
> org.apache.maven.artifact.manager.DefaultWagonManager.getRemoteFile(DefaultWagonManager.java:546)
>
> at
> org.apache.maven.artifact.manager.DefaultWagonManager.getArtifact(DefaultWagonManager.java:427)
>
> at
> org.apache.maven.artifact.manager.DefaultWagonManager.getArtifact(DefaultWagonManager.java:382)
>
> at
> org.apache.maven.artifact.resolver.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:216)
>
> at
> org.apache.maven.artifact.resolver.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:90)
>
> at
> org.apache.maven.project.DefaultMavenProjectBuilder.findModelFromRepository(DefaultMavenProjectBuilder.java:558)
>
> at
> org.apache.maven.project.DefaultMavenProjectBuilder.assembleLineage(DefaultMavenProjectBuilder.java:1392)
>
> at
> org.apache.maven.project.DefaultMavenProjectBuilder.buildInternal(DefaultMavenProjectBuilder.java:823)
>
> at
> org.apache.maven.project.DefaultMavenProjectBuilder.buildFromSourceFileInternal(DefaultMavenProjectBuilder.java:508)
>
> at
> org.apache.maven.project.DefaultMavenProjectBuilder.build(DefaultMavenProjectBuilder.java:200)
>
> at
> org.apache.maven.DefaultMaven.getProject(DefaultMaven.java:604)
>
> at
> org.apache.maven.DefaultMaven.collectProjects(DefaultMaven.java:487)
>
> at
> org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:391)
>
> at
> org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:272)
>
> at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:138)
>
> at org.apache.maven.cli.MavenCli.main(MavenCli.java:362)
>
> at
> org.apache.maven.cli.compat.CompatibleMain.main(CompatibleMain.java:60)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>
> at java.lang.reflect.Method.invoke(Method.java:585)
>
> at
> org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
>
> at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
>
> at
> org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
>
> at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
>
>
>
> Thanks and regards,
>
> Ken
>
>
> ------------------------------
>
> *From:* Yoav Landman [mailto:yo...@jfrog.org]
> *Sent:* Monday, February 08, 2010 12:55 PM
> *To:* artifactory-users@lists.sourceforge.net
> *Subject:* Re: [Artifactory-users] Clustering Artifactory / mapping roles
>
>
>
> Hi Ken,
>
>
>
> First, glad to hear about your experience with Artifactory :)
>
>
>
> To answer your questions -
>
>
>
> To use Artifactory in a HA environment the Active/Standby approach is still
> the one we recommend and the one we implement on client sites. Since version
> 2.1.x of Artifactory, configuration is copied to the database after the
> initial startup, so a single database can be used to fully replicate
> configuration across different instances (with the exception is the repo.xml
> and artifactory.system.properties, which are pretty much constant for a
> production server). The documentation was a bit lagging behind on this
> matter - I updated it.
>
> FYI, this solution is not limited to MySQL, and you can certainly use
> Oracle instead. In fact, with MySQL we mostly recommend on storing the
> binaries on the file system instead of as BLOBs (see:
> http://wiki.jfrog.org/confluence/display/RTF/Running+Artifactory+on+MySQL,
> for the reasons why), which makes replication of configuration + data a bit
> more complicated. With Oracle, you will not need to do that, so replication
> is easier and safer.
>
> We do not support Active/Active yet. Common feedback we get from users,
> BTW, is that a failover downtime of a couple of minutes is tolerable for
> them. Nevertheless, if your requirements are different we'd love to hear
> them.
>
>
>
> I do not see any particular issue with running Artifactory on AIX, except
> maybe that you do not have an out-of-the-box startup service, which can also
> be easily resolved. For that matter, it should not be different than running
> Tomcat on AIX and Artifactory was tested against the IBM JDK.
>
>
>
> Finally, we have released just today Artifactory 2.2 that includes, among
> other things (
> http://wiki.jfrog.org/confluence/display/RTF/Artifactory+2.2.0), a new
> Power Pack add-on that supports LDAP Groups (you didn't miss anything in the
> docs :). It allows you to use your selected exiting NT groups in Artifactory
> and assign permissions to them. The LDAP Group uses caching and offers
> flexible ways to sync groups into Artifactory (including hierarchical
> groups, which is common in many NT shops). You can read more about this
> here: http://wiki.jfrog.org/confluence/display/RTF/LDAP+Groups.
>
>
>
> If you need more help in setting this up feel free to contact us.
>
> Hope that helps,
>
>
>
> Yoav
>
> On Sat, Feb 6, 2010 at 1:21 AM, Pacileo, Ken <ken_paci...@uhc.com> wrote:
>
> Hi,
>
> We’ve been using Artifactory for two years now and have been happy with its
> performance.
>
> We’re currently using Artifactory v2.1.1 with Tomcat 6.0.18 running on a
> Windows Server 2003. We now need to setup an HA environment and plan
> implementing
> it by installing Artifactory on two AIX servers running as a standalone
> application and would like to know more about clustering the two
> Artifactory instances in an active/active or active/passive mode.
>
> The documentation at
> http://wiki.jfrog.org/confluence/display/RTF/Clustering+Artifactory talks
> about clustering Artifactory with a MySQL database but that document is
> referring to Artifactory version 1.3.0. That document recommends using an
> active/passive configuration using a shared MySQL database.
>
> Now that Artifactory is at v2.1.3, are there any updates to the document
> regarding clustering Artifactory? Does Artifactory now support Oracle
> databases or is MySQL still the recommended database? Does the current
> version of Artifactory fully support active/active at this time? Does
> Artifactory have any issues running on AIX?
>
> Are there any other considerations we need to be aware of concerning
> exporting
> our current repositories and importing them into the HA setup?
>
> As a side thread, can I map NT groups to Artifactory roles to control
> access to repositories or specific groupids or artifacts? Looking at the
> documentation I see that it supports authenticating with LDAP but it looks
> like
> we would continually need to map new users to an Artifactory Group to allow
> access to a defined repository/group/artifact. Setting up a role that is
> mapped to an NT group would make our life much easier. Am I missing
> something in the documentation? Here’s some of the links I’m referring to:
>
> http://wiki.jfrog.org/confluence/display/RTF/Managing+Permissions
>
> http://wiki.jfrog.org/confluence/display/RTF/Managing+Groups
>
> Thanks and regards,
>
> Ken
>
> This e-mail, including attachments, may include confidential and/or
>
> proprietary information, and may be used only by the person or entity
>
> to which it is addressed. If the reader of this e-mail is not the intended
>
> recipient or his or her authorized agent, the reader is hereby notified
>
> that any dissemination, distribution or copying of this e-mail is
>
> prohibited. If you have received this e-mail in error, please notify the
>
> sender by replying to this message and delete this e-mail immediately.
>
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the
> business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Artifactory-users mailing list
> Artifactory-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.
>
>
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> _______________________________________________
> Artifactory-users mailing list
> Artifactory-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Artifactory-users mailing list
Artifactory-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/artifactory-users
