I¹ve discovered that the BindDN magically gets a ,¹ added to it when read from the config. This causes authentication to fail, since the bind dn is now incorrect. The problem is in the ConfigurableLdapConnectionFactory.getConcatenatedList(String, String) method. It is receiving your full bind dn as a single element list. It then iterates over the list, adding a ,¹ after every element. I¹m thinking that the entry in the properties file was intended to be added in some other way than the full bind dn as a string, but can¹t find documentation to exactly what it expects.
--b On 8/8/08 12:53 PM, "Chris Brentano" <[EMAIL PROTECTED]> wrote: > I'm getting somewhere, but I think I may be missing a piece of > configuration or doing something incorrect. > > My $archiva_home/conf/security.properties file looks like this: > user.manager.impl=ldap > ldap.bind.authenticator.enabled=true > redback.default.admin=admin > redback.default.guest=guest > security.policy.password.expiration.enabled=false > > ldap.user.store.enabled=true > ldap.config.hostname=dc02.jiveville.com > ldap.config.port=389 > ldap.config.base.dn=OU=JiveUsers,DC=jiveville,DC=com > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory > ldap > .config > .bind.dn=CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com > ldap.config.password=******** > > > And my $archiva_home/conf/application.xml file looks like: > <component> > > < > role >> > > org > .codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</ > role> > <role-hint>configurable</role-hint> > > < > implementation >> > > org > .codehaus > .plexus > .redback.common.ldap.connection.ConfigurableLdapConnectionFactory</ > implementation> > <description>ldap connection</description> > <configuration> > <hostname>dc02.jiveville.com</hostname> > <port>389</port> > <baseDn>OU=JiveUsers,DC=jiveville,DC=com</baseDn> > <contextFactory>com.sun.jndi.ldap.LdapCtxFactory</ > contextFactory> > <password>********</password> > > < > bindDn >> >CN=ldapuser,OU=ServiceAccounts,OU=JiveUsers,DC=jiveville,DC=com</ > bindDn> > </configuration> > </component> > > <component> > <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role> > <role-hint>ldap</role-hint> > > <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper > </implementation> > <description></description> > <configuration> > <email-attribute>email</email-attribute> > <full-name-attribute>givenName</full-name-attribute> > <password-attribute>userPassword</password-attribute> > <user-id-attribute>cn</user-id-attribute> > <user-base-dn></user-base-dn> > <user-object-class>inetOrgPerson</user-object-class> > </configuration> > </component> > > But what I end up with is: > org.codehaus.plexus.redback.common.ldap.connection.LdapException: > Could not connect to the server. [Root exception is > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308 > : LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data > 525, [EMAIL PROTECTED] > at > org > .codehaus > .plexus > .redback > .common.ldap.connection.LdapConnection.<init>(LdapConnection.java:81) > at > org > .codehaus > .plexus > .redback > .common > .ldap > .connection > .ConfigurableLdapConnectionFactory > .getConnection(ConfigurableLdapConnectionFactory.java:130) > at > org > .codehaus > .plexus > .redback.users.ldap.LdapUserManager.newDirContext(LdapUserManager.java: > 338) > at > org > .codehaus > .plexus > .redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214) > at > org > .codehaus > .plexus > .redback > .users > .configurable > .ConfigurableUserManager.findUser(ConfigurableUserManager.java:111) > at > org > .codehaus > .plexus > .redback > .xwork > .checks > .security > .GuestUserEnvironmentCheck > .validateEnvironment(GuestUserEnvironmentCheck.java:82) > at > org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmen > tChecks > (SecuritySynchronization.java:151) > at > org.apache.maven.archiva.web.startup.SecuritySynchronization.startup > (SecuritySynchronization.java:125) > at > org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized > (ArchivaStartup.java:56) > at > org > .mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java: > 539) > at > org.mortbay.jetty.servlet.Context.startContext(Context.java:135) > at > org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java: > 1216) > at > org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java: > 509) > at > org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at > org > .mortbay > .jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147) > at > org > .mortbay > .jetty > .handler > .ContextHandlerCollection.doStart(ContextHandlerCollection.java:156) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at > org > .mortbay > .jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at > org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java: > 117) > at org.mortbay.jetty.Server.doStart(Server.java:222) > at > org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) > at > org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun > .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: > 39) > at > sun > .reflect > .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: > 25) > at java.lang.reflect.Method.invoke(Method.java:597) > at org.mortbay.start.Main.invokeMain(Main.java:194) > at org.mortbay.start.Main.start(Main.java:509) > at org.mortbay.start.Main.main(Main.java:119) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun > .reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: > 39) > at > sun > .reflect > .DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: > 25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java: > 240) > at java.lang.Thread.run(Thread.java:619) > Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 > - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext > error, data 525, [EMAIL PROTECTED] > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: > 2951) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java: > 2753) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) > at > com > .sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java: > 136) > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java: > 66) > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) > at > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) > at javax.naming.InitialContext.init(InitialContext.java:223) > at javax.naming.InitialContext.<init>(InitialContext.java:197) > at > javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java: > 82) > at > org > .codehaus > .plexus > .redback > .common.ldap.connection.LdapConnection.<init>(LdapConnection.java:77) > ... 36 more > > --- > > Now, I wasn't sure where to put application.xml, so I'm unsure if it > belongs in a different directory. I couldn't find anything in the > Archiva docs or on the Wiki saying where to put that file so I took a > best guess. Also, I am able to connect to the LDAP server using > JXplorer using the same credentials/settings so I know that they are > correct. (It looks like AcceptSecurityContext error, data 525 could > mean "Bad username" according to > http://forums.sun.com/thread.jspa?messageID=9941793 > -- which if I deliberately use an incorrect username with JXplorer I > get this same error). > > Thanks for your help everyone, I sincerely appreciate it! > > - Chris > > > On 6 Aug, 2008, at 4:51 AM, Emmanuel Venisse wrote: > >> > redback 1.0.1 doesn't work well with LDAP and 1.0.2/1.0.3 doesn't >> > support >> > LDAPS >> > >> > Emmanuel >> > >> > On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse >> <[EMAIL PROTECTED] >>> >> wrote: >> > >>> >> Some components must be declared in application.xml. >>> >> Yesterday I added them in comments in trunk >>> >> Look at LDAP snippet part in >>> >> >>> https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/a >>> rchiva-webapp/src/main/resources/META-INF/plexus/application.xml >>> >> >>> >> Emmanuel >>> >> >>> >> >>> >> On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching >>> >> <[EMAIL PROTECTED]>wrote: >>> >> >>>> >>> ---------- Forwarded message ---------- >>>> >>> From: Maria Odea Ching <[EMAIL PROTECTED]> >>>> >>> Date: Wed, Aug 6, 2008 at 11:58 AM >>>> >>> Subject: Re: ldap with Archiva >>>> >>> To: [EMAIL PROTECTED] >>>> >>> >>>> >>> >>>> >>> Hi Marina, >>>> >>> >>>> >>> I'll be forwarding this to the archiva users list and we could >>>> >>> continue >>>> >>> the >>>> >>> discussion there :) >>>> >>> Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1) I think >>>> >>> you >>>> >>> only >>>> >>> need to configure the security.properties file in order to use >>>> >>> ldap for >>>> >>> authentication. Here's an example config: >>>> >>> >>>> >>> user.manager.impl=ldap >>>> >>> ldap.bind.authenticator.enabled=true >>>> >>> ldap.config.hostname=localhost >>>> >>> ldap.config.port=10389 >>>> >>> ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org >>>> >>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory >>>> >>> ldap.config.bind.dn=uid=admin,ou=system >>>> >>> ldap.config.password=PASSWORD >>>> >>> >>>> >>> I'm not sure with redback 1.0.2 (used by archiva 1.1) though if >>>> >>> there are >>>> >>> additional configurations needed after the changes in redback's LDAP >>>> >>> module. >>>> >>> Emmanuel might be able to answer that :) >>>> >>> >>>> >>> HTH, >>>> >>> Deng >>>> >>> >>>> >>> >>>> >>> On Wed, Aug 6, 2008 at 4:58 AM, Marina <[EMAIL PROTECTED]> wrote: >>>> >>> >>>>> >>>> Hi, Maria >>>>> >>>> >>>>> >>>> I am trying to make ldap authenticated for Archiva. I do not see >>>>> >>>> any of >>>>> >>>> examples online showing how to do it. >>>>> >>>> I wonder if you can give any example. >>>>> >>>> >>>>> >>>> Is the archiva.xml the only file to change? >>>>> >>>> Or I have to change other property file? >>>>> >>>> Could you send me example of those ldap settings for Archiva? >>>>> >>>> >>>>> >>>> Great Thanks! >>>>> >>>> Marina >>>>> >>>> >>>> >>> >>> >> >>> >> > > ______________________________ Brian M. Carr Identity and Access Management ITS Applications University of Texas at Austin V: 512-232-6419 F: 512-471-5746 [EMAIL PROTECTED]
smime.p7s
Description: S/MIME cryptographic signature
