Re: ldap with Archiva

[Chris Brentano]

I'm getting somewhere, but I think I may be missing a piece of  
configuration or doing something incorrect.

My $archiva_home/conf/security.properties file looks like this:
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
redback.default.guest=guest
security.policy.password.expiration.enabled=false
ldap.user.store.enabled=true
ldap.config.hostname=dc02.jiveville.com
ldap.config.port=389
ldap.config.base.dn=OU=JiveUsers,DC=jiveville,DC=com
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap 
.config 
.bind.dn=CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com
ldap.config.password=********


And my $archiva_home/conf/application.xml file looks like:
    <component>
       
< 
role 
> 
org 
.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</ 
role>
      <role-hint>configurable</role-hint>
       
< 
implementation 
> 
org 
.codehaus 
.plexus 
.redback.common.ldap.connection.ConfigurableLdapConnectionFactory</ 
implementation>
      <description>ldap connection</description>
      <configuration>
        <hostname>dc02.jiveville.com</hostname>
        <port>389</port>
        <baseDn>OU=JiveUsers,DC=jiveville,DC=com</baseDn>
        <contextFactory>com.sun.jndi.ldap.LdapCtxFactory</ 
contextFactory>
        <password>********</password>
         
< 
bindDn 
>CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com</ 
bindDn>
      </configuration>
    </component>

    <component>
      <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
      <role-hint>ldap</role-hint>
       
<implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper  
</implementation>
      <description></description>
      <configuration>
        <email-attribute>email</email-attribute>
        <full-name-attribute>givenName</full-name-attribute>
        <password-attribute>userPassword</password-attribute>
        <user-id-attribute>cn</user-id-attribute>
        <user-base-dn></user-base-dn>
        <user-object-class>inetOrgPerson</user-object-class>
      </configuration>
    </component>

But what I end up with is:
org.codehaus.plexus.redback.common.ldap.connection.LdapException:  
Could not connect to the server. [Root exception is  
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308
: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data  
525, [EMAIL PROTECTED]
        at  
org 
.codehaus 
.plexus 
.redback 
.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:81)
        at  
org 
.codehaus 
.plexus 
.redback 
.common 
.ldap 
.connection 
.ConfigurableLdapConnectionFactory 
.getConnection(ConfigurableLdapConnectionFactory.java:130)
        at  
org 
.codehaus 
.plexus 
.redback.users.ldap.LdapUserManager.newDirContext(LdapUserManager.java: 
338)
        at  
org 
.codehaus 
.plexus 
.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214)
        at  
org 
.codehaus 
.plexus 
.redback 
.users 
.configurable 
.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
        at  
org 
.codehaus 
.plexus 
.redback 
.xwork 
.checks 
.security 
.GuestUserEnvironmentCheck 
.validateEnvironment(GuestUserEnvironmentCheck.java:82)
        at org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks 
(SecuritySynchronization.java:151)
        at org.apache.maven.archiva.web.startup.SecuritySynchronization.startup 
(SecuritySynchronization.java:125)
        at org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized 
(ArchivaStartup.java:56)
        at  
org 
.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java: 
539)
        at  
org.mortbay.jetty.servlet.Context.startContext(Context.java:135)
        at  
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java: 
1216)
        at  
org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java: 
509)
        at  
org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447)
        at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
        at  
org 
.mortbay 
.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
        at  
org 
.mortbay 
.jetty 
.handler 
.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
        at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
        at  
org 
.mortbay 
.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
        at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
        at  
org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java: 
117)
        at org.mortbay.jetty.Server.doStart(Server.java:222)
        at  
org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
        at  
org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at  
sun 
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 
39)
        at  
sun 
.reflect 
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 
25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.mortbay.start.Main.invokeMain(Main.java:194)
        at org.mortbay.start.Main.start(Main.java:509)
        at org.mortbay.start.Main.main(Main.java:119)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at  
sun 
.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 
39)
        at  
sun 
.reflect 
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 
25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at  
org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java: 
240)
        at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49  
- 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext  
error, data 525, [EMAIL PROTECTED]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: 
2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: 
2753)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
        at  
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at  
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at  
com 
.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java: 
136)
        at  
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java: 
66)
        at  
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at  
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at  
javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java: 
82)
        at  
org 
.codehaus 
.plexus 
.redback 
.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:77)
        ... 36 more

---

Now, I wasn't sure where to put application.xml, so I'm unsure if it  
belongs in a different directory. I couldn't find anything in the  
Archiva docs or on the Wiki saying where to put that file so I took a  
best guess. Also, I am able to connect to the LDAP server using  
JXplorer using the same credentials/settings so I know that they are  
correct. (It looks like AcceptSecurityContext error, data 525 could  
mean "Bad username" according to http://forums.sun.com/thread.jspa?messageID=9941793 
 -- which if I deliberately use an incorrect username with JXplorer I  
get this same error).

Thanks for your help everyone, I sincerely appreciate it!

- Chris


On 6 Aug, 2008, at 4:51 AM, Emmanuel Venisse wrote:

redback 1.0.1 doesn't work well with LDAP and 1.0.2/1.0.3 doesn't  
support
LDAPS

Emmanuel

On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse <[EMAIL PROTECTED]
wrote:

Some components must be declared in application.xml.
Yesterday I added them in comments in trunk
Look at LDAP snippet part in
https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml

Emmanuel


On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching  
<[EMAIL PROTECTED]>wrote:

---------- Forwarded message ----------
From: Maria Odea Ching <[EMAIL PROTECTED]>
Date: Wed, Aug 6, 2008 at 11:58 AM
Subject: Re: ldap with Archiva
To: [EMAIL PROTECTED]


Hi Marina,

I'll be forwarding this to the archiva users list and we could  
continue
the
discussion there :)
Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1) I think  
you
only
need to configure the security.properties file in order to use  
ldap for
authentication. Here's an example config:

user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
ldap.config.hostname=localhost
ldap.config.port=10389
ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=uid=admin,ou=system
ldap.config.password=PASSWORD

I'm not sure with redback 1.0.2 (used by archiva 1.1) though if  
there are
additional configurations needed after the changes in redback's LDAP
module.
Emmanuel might be able to answer that :)

HTH,
Deng


On Wed, Aug 6, 2008 at 4:58 AM, Marina <[EMAIL PROTECTED]> wrote:

Hi, Maria

I am trying to make ldap authenticated for Archiva. I do not see  
any of
examples online showing how to do it.
I wonder if you can give any example.

Is the archiva.xml the only file to change?
Or I have  to change other property file?
Could you send me example of those ldap settings for Archiva?

Great Thanks!
Marina