On Mon, Aug 18, 2008 at 2:40 PM, Brett Porter <[EMAIL PROTECTED]>wrote:
> 2008/8/18 Emmanuel Venisse <[EMAIL PROTECTED]>: > > On Mon, Aug 18, 2008 at 2:21 PM, Brett Porter <[EMAIL PROTECTED] > >wrote: > > > >> On the admin side, I think we should allow the username for the main > >> administrator to be configurable to avoid this problem. > > > > > > For Continuum instances I installed, I'm the admin so I use my account > for > > the admin in security.properties. > > I didn't actually know those properties existed :) Those properties are for ldap only. > > > > It isn't good to configure the main admin user in security.properties, a > > best way would be to use a new page where the user that install Continuum > > will can choose the admin like we do it for the configuration page if > > Continuum isn't configured yet. > > > Yes, that's always helpful. Does it at least skip the admin creation > page if you have the property set? With ldap, we don't have user/admin creation page because users are already created in ldap. > > > > > > >> > >> > >> On the guest side, I think it's a bug that it's required in the store > >> (even in the database store) - it should be a special non-user user :) > > > > > > I'm agree. > > > > Emmanuel > > > > > >> > >> > >> - Brett > >> > >> 2008/8/18 Arnaud HERITIER <[EMAIL PROTECTED]>: > >> > no they don't. > >> > And I'll not be able to do it. We don't have the possibility (for > >> security > >> > reasons) to create no human accounts in it :-( > >> > In the meantime, I found a workaround for my initial issue : > >> > https://jira.codehaus.org/browse/MRM-911 > >> > Thus I don't have actually to connect it to ldap but I think we'll > have a > >> > lot of corporate environment where we won't be able to create those > >> > accounts. > >> > > >> > cheers > >> > > >> > arnaud > >> > > >> > > >> > On Mon, Aug 18, 2008 at 12:43 PM, Emmanuel Venisse < > >> > [EMAIL PROTECTED]> wrote: > >> > > >> >> 'admin' and 'guest' must be declared in your ldap. > >> >> Are they exists? > >> >> > >> >> Emmanuel > >> >> > >> >> On Thu, Aug 14, 2008 at 2:21 AM, Arnaud HERITIER < > [EMAIL PROTECTED] > >> >> >wrote: > >> >> > >> >> > Is it possible to do it when we deploy archiva as a war ? > >> >> > I tried to modified the application.xml in the expended webapp in > >> tomcat > >> >> > but > >> >> > I have always a NPE issue : > >> >> > > >> >> > 2008-08-14 01:23:18,435 [main] ERROR > >> >> > > >> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/archiva] > >> >> - > >> >> > Exception sending context initialized event to listener instance of > >> class > >> >> > org.apache.maven.archiva.web.startup.ArchivaStartup > >> >> > java.lang.NullPointerException > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.searchUsers(DefaultLdapController.java:129) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.getUser(DefaultLdapController.java:181) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.codehaus.plexus.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:214) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.codehaus.plexus.redback.users.configurable.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.codehaus.plexus.redback.xwork.checks.security.GuestUserEnvironmentCheck.validateEnvironment(GuestUserEnvironmentCheck.java:82) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks(SecuritySynchronization.java:151) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.maven.archiva.web.startup.SecuritySynchronization.startup(SecuritySynchronization.java:125) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized(ArchivaStartup.java:56) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764) > >> >> > at > >> >> > > >> > org.apache.catalina.core.StandardContext.start(StandardContext.java:4216) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) > >> >> > at > >> >> > > >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) > >> >> > at > >> >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553) > >> >> > at > >> >> > > org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488) > >> >> > at > >> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149) > >> >> > at > >> >> > > >> >> > >> > org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) > >> >> > at > >> >> > > >> >> > > >> >> > >> > org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) > >> >> > at > >> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) > >> >> > at > >> org.apache.catalina.core.StandardHost.start(StandardHost.java:736) > >> >> > at > >> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) > >> >> > at > >> >> > > org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) > >> >> > at > >> >> > > >> org.apache.catalina.core.StandardService.start(StandardService.java:448) > >> >> > at > >> >> > > org.apache.catalina.core.StandardServer.start(StandardServer.java:700) > >> >> > at org.apache.catalina.startup.Catalina.start(Catalina.java:552) > >> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >> >> > at > >> >> > > >> >> > > >> >> > >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > >> >> > at > >> >> > > >> >> > > >> >> > >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > >> >> > at java.lang.reflect.Method.invoke(Method.java:597) > >> >> > at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) > >> >> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >> >> > at > >> >> > > >> >> > > >> >> > >> > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > >> >> > at > >> >> > > >> >> > > >> >> > >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > >> >> > at java.lang.reflect.Method.invoke(Method.java:597) > >> >> > at > >> >> > > >> >> > >> > org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:177) > >> >> > 2008-08-14 01:23:18,436 [main] ERROR > >> >> > org.apache.catalina.core.StandardContext - Error listenerStart > >> >> > 2008-08-14 01:23:18,437 [main] ERROR > >> >> > org.apache.catalina.core.StandardContext - Context [/archiva] > startup > >> >> > failed > >> >> > due to previou... > >> >> > > >> >> > In my security settings I have (it's an active directory and I get > >> >> settings > >> >> > from crowd which is also connecing to it with ldap) : > >> >> > > >> >> > user.manager.impl=ldap > >> >> > ldap.bind.authenticator.enabled=true > >> >> > redback.default.admin=admin > >> >> > redback.default.guest=guest > >> >> > security.policy.password.expiration.enabled=false > >> >> > > >> >> > ldap.config.hostname=X.Y.Z.W > >> >> > ldap.config.port=389 > >> >> > ldap.config.base.dn=dc=paris,dc=france,dc=octo > >> >> > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory > >> >> > ldap.config.bind.dn=cn=XXX,cn=users,dc=paris,dc=france,dc=octo > >> >> > ldap.config.password=XXX > >> >> > #ldap.config.authentication.method= > >> >> > > >> >> > ldap.user.store.enabled=true > >> >> > > >> >> > ldap.config.mapper.attribute.email=mail > >> >> > ldap.config.mapper.attribute.fullname=givenName > >> >> > ldap.config.mapper.attribute.password=unicodePwd > >> >> > ldap.config.mapper.attribute.user.id=sAMAccountName > >> >> > > >> >> > > >> >> > >> > ldap.config.mapper.attribute.user.base.dn=cn=users,dc=paris,dc=france,dc=octo > >> >> > ldap.config.mapper.attribute.user.object.class=user > >> >> > > >> >> > > >> >> > >> > ldap.config.mapper.attribute.user.filter=(&(&(objectCategory=Person)(sAMAccountName=*))(memberof=cn=octo,cn=users,dc=paris,dc=france,dc=octo)) > >> >> > > >> >> > with or without components I have the NPE > >> >> > I also tried to modify my settings and I have always a NPE. > >> >> > I don't understand what I can do wrong. > >> >> > > >> >> > It seems that the NPE is due to the LDAP Context which isn't > created. > >> >> > > >> >> > Any idea ? > >> >> > > >> >> > > >> >> > > >> >> > On Wed, Aug 6, 2008 at 1:50 PM, Emmanuel Venisse < > >> >> > [EMAIL PROTECTED] > >> >> > > wrote: > >> >> > > >> >> > > Some components must be declared in application.xml. > >> >> > > Yesterday I added them in comments in trunk > >> >> > > Look at LDAP snippet part in > >> >> > > > >> >> > > > >> >> > > >> >> > >> > https://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml > >> >> > > > >> >> > > Emmanuel > >> >> > > > >> >> > > On Wed, Aug 6, 2008 at 5:58 AM, Maria Odea Ching < > [EMAIL PROTECTED] > >> > > >> >> > > wrote: > >> >> > > > >> >> > > > ---------- Forwarded message ---------- > >> >> > > > From: Maria Odea Ching <[EMAIL PROTECTED]> > >> >> > > > Date: Wed, Aug 6, 2008 at 11:58 AM > >> >> > > > Subject: Re: ldap with Archiva > >> >> > > > To: [EMAIL PROTECTED] > >> >> > > > > >> >> > > > > >> >> > > > Hi Marina, > >> >> > > > > >> >> > > > I'll be forwarding this to the archiva users list and we could > >> >> continue > >> >> > > the > >> >> > > > discussion there :) > >> >> > > > Anyway, with redback 1.0.1 (used by archiva 1.0.2 & 1.0.1) I > think > >> >> you > >> >> > > only > >> >> > > > need to configure the security.properties file in order to use > >> ldap > >> >> for > >> >> > > > authentication. Here's an example config: > >> >> > > > > >> >> > > > user.manager.impl=ldap > >> >> > > > ldap.bind.authenticator.enabled=true > >> >> > > > ldap.config.hostname=localhost > >> >> > > > ldap.config.port=10389 > >> >> > > > ldap.config.base.dn=dc=redback,dc=plexus,dc=codehaus,dc=org > >> >> > > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory > >> >> > > > ldap.config.bind.dn=uid=admin,ou=system > >> >> > > > ldap.config.password=PASSWORD > >> >> > > > > >> >> > > > I'm not sure with redback 1.0.2 (used by archiva 1.1) though if > >> there > >> >> > are > >> >> > > > additional configurations needed after the changes in redback's > >> LDAP > >> >> > > > module. > >> >> > > > Emmanuel might be able to answer that :) > >> >> > > > > >> >> > > > HTH, > >> >> > > > Deng > >> >> > > > > >> >> > > > > >> >> > > > On Wed, Aug 6, 2008 at 4:58 AM, Marina <[EMAIL PROTECTED]> > >> wrote: > >> >> > > > > >> >> > > > > Hi, Maria > >> >> > > > > > >> >> > > > > I am trying to make ldap authenticated for Archiva. I do not > see > >> >> any > >> >> > of > >> >> > > > > examples online showing how to do it. > >> >> > > > > I wonder if you can give any example. > >> >> > > > > > >> >> > > > > Is the archiva.xml the only file to change? > >> >> > > > > Or I have to change other property file? > >> >> > > > > Could you send me example of those ldap settings for Archiva? > >> >> > > > > > >> >> > > > > Great Thanks! > >> >> > > > > Marina > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > > >> >> > > >> >> > -- > >> >> > .......................................................... > >> >> > Arnaud HERITIER > >> >> > .......................................................... > >> >> > OCTO Technology - aheritier AT octo DOT com > >> >> > www.octo.com | blog.octo.com > >> >> > .......................................................... > >> >> > ASF - aheritier AT apache DOT org > >> >> > www.apache.org | maven.apache.org > >> >> > ........................................................... > >> >> > > >> >> > >> > > >> > > >> > > >> > -- > >> > .......................................................... > >> > Arnaud HERITIER > >> > .......................................................... > >> > OCTO Technology - aheritier AT octo DOT com > >> > www.octo.com | blog.octo.com > >> > .......................................................... > >> > ASF - aheritier AT apache DOT org > >> > www.apache.org | maven.apache.org > >> > ........................................................... > >> > > >> > >> > >> > >> -- > >> Brett Porter > >> Blog: http://blogs.exist.com/bporter/ > >> > > > > > > -- > Brett Porter > Blog: http://blogs.exist.com/bporter/ >
