fixed. You can test builds from here: https://builds.apache.org/view/A-F/view/Archiva/job/archiva-all-maven-3.x-jdk-1.6/ build >= #1749
I still need some ui magnify to add but it works :-) 2012/12/11 Olivier Lamy <[email protected]>: > Note: one case doesn't work yet. > The same userid is in both ldap and jdo with different paswords. > If try to log with the wrong password with the first impl, the login > is rejected. > I will try to fix that tomorrow. > > 2012/12/10 Olivier Lamy <[email protected]>: >> So mostly implemented, you can choose more than one userManager (jdo >> and/or ldap) and specify the order. >> Feel free to try a snapshot build from here: >> https://builds.apache.org/view/A-F/view/Archiva/job/archiva-all-maven-3.x-jdk-1.6/ >> I need to add some UI improvements (magnify :-)) and verify various ui >> part (users tables, modifying a user) >> It's possible to configure ldap server too. >> >> @Brett note security.properties is checked first and then imported in >> archiva.xml. >> So must cover your use case :-) >> >> >> >> 2012/12/4 Olivier Lamy <[email protected]>: >>> 2012/12/3 Sascha Vogt <[email protected]>: >>>> Am 03.12.2012 17:14, schrieb Olivier Lamy: >>>>>> I have the title a bit more concrete and a more general approach in the >>>>>> description. I think as in the title, having database being the backup >>>>>> of LDAP is a good first step, perfect would be to be able to chain >>>>>> various auth-modules (that way one could also have the database first, >>>>>> and second the LDAP, as a database lookup is much quicker than first >>>>>> waiting for an LDAP fail). >>>>> Some questions: >>>>> * what will be the content of the users screen (merge of n users >>>>> backend ? first id win ?) >>>>> * users backend (as ldap) can be read only so when a user is logged we >>>>> must which system he uses. but users can be in n systems. How do we >>>>> handle that ? >>>> >>>> Well, I think the easiest and most "transparent" way would be to only >>>> show the user from the first found auth-module. >>>> >>>> So if I configure LDAP to be the first, database second, and I have the >>>> same user in both, only the LDAP one is shown... I know this is not >>>> ideal, because if LDAP fails, the user would be looked up from the >>>> database and I wouldn't be able to add "rights" to that user, unless I >>>> first disable LDAP or shuffle the order of the auth-modules, though I >>>> find that tolerable. >>>> >>>> In generally one should keep the user-ids distinct otherwise everyone >>>> gets confused anyway, so I think this is a sensible restriction. >>>> >>>> If you want to be able to edit both accounts, just add that as a >>>> configuration "hiearachy", so first choose the auth-module, then show >>>> the users of that auth-module. If one wants to edit the other, one >>>> navigates up one level and selects the other module. But as I said, I >>>> think the hiding from above is perfectly tolerable. Though the second >>>> options has the advantage that from an admin point of view its always >>>> perfectly clear which user base I'm currently editing. >>>> >>> Sounds good and similar to what I have in mind :-) >>>> By the way, these are just my thoughts, feel free to ignore them ;) I >>> No you are probably using/managing more archiva instances than I do :-) >>>> can even live without the auth-module chaining by now (we finally got a >>>> technical user added to our active directory and even got the damn >>>> password policy disabled for that one *g*) >>>> >>>> Greetings >>>> -Sascha- >>> >>> >>> >>> -- >>> Olivier Lamy >>> Talend: http://coders.talend.com >>> http://twitter.com/olamy | http://linkedin.com/in/olamy >> >> >> >> -- >> Olivier Lamy >> Talend: http://coders.talend.com >> http://twitter.com/olamy | http://linkedin.com/in/olamy > > > > -- > Olivier Lamy > Talend: http://coders.talend.com > http://twitter.com/olamy | http://linkedin.com/in/olamy -- Olivier Lamy Talend: http://coders.talend.com http://twitter.com/olamy | http://linkedin.com/in/olamy
