Hi François, Archiva/Redback will use LDAP for authentication only. Roles will still be managed internally so you still need a user database (either the embedded or an external one).
I don't know if there is a special configuration for TLS. Perhaps adding ldap.config.ssl=true to security.properties will works? Concerning ldap.config.authentication.method it will be used to set Context.SECURITY_AUTHENTICATION attribute of LDAP connection. See: http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html for possible values. After looking at my own configuration, it seems that I have forgotten to uncomment lines in application.xml during last upgrade of Archiva and it is still working. So I think you simply have to edit $ARCHIVA_BASE/conf/security.properties and add the values. For example here is my configuration: user.manager.impl=ldap ldap.bind.authenticator.enabled=true redback.default.admin=jhenry redback.default.guest=guest security.policy.password.expiration.enabled=false ldap.config.hostname=xxxxxxxxxxxxxxxxxx ldap.config.port=389 ldap.config.base.dn=xxxxxxxxxxxx ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory #ldap.config.bind.dn=uid=myusername,o=com #ldap.config.password=s3cr3t ldap.config.mapper.attribute.email=mail ldap.config.mapper.attribute.fullname=displayName ldap.config.mapper.attribute.password=userPassword ldap.config.mapper.attribute.user.id=cn ldap.config.mapper.attribute.user.base.dn=xxxxxxxxxxxxxxxxxxxxxxxxx ldap.config.mapper.attribute.user.object.class=user ldap.config.max.result.count=1000 #ldap.config.mapper.attribute.user.filter=(attributeName=value) Regards, Julien ________________________________ De : Francois Le Fevre <[email protected]> À : Julien HENRY <[email protected]> Cc : [email protected] Envoyé le : Lundi, 31 Août 2009, 9h01mn 29s Objet : Re: Re : User Authentication via LDAP Julien, my question is relative to the parameter found in ./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml #ldap.config.authentication.method= what are we suppose to put here ? there is no documentation about it. My secund question is : how LDAP is used by archiva? I was able to create the admin without ldap, then i comment out the ldap configuration, I have access to all users of my company. But I am not able to log in with an LDAP account ! TLS 1.1 = Transport Layer Security This is the configuration for a securiez LDAP . It is mandatory to use LDAP/TLS in my company. Perhaps I miss understand someting, do I need still a mysql user database ( I have configured JBoss to used a mysql database for the archiva data and user)? Thanks again for your help. Francois > Salut François, > > In my company we have Archiva authenticating against our corporate > LDAP (Active Directory). > > What is tsl? > > You have to edit security.properties and application.xml. > > Please read http://redback.codehaus.org/integration/ldap.html > > Regards, > > Julien > > ------------------------------------------------------------------------ > *De :* Francois Le Fevre <[email protected]> > *À :* [email protected] > *Envoyé le :* Vendredi, 28 Août 2009, 17h30mn 22s > *Objet :* User Authentication via LDAP > > Dear all, > I am trying to set up Archiva on JbOss 4.0.5 with LDAP. > > is it possible to configure the ldap authenticate service to tsl in > the application.xml or security.properties? > > do you have a documentation on it? > is it supported by Archiva 1.2.1? > > thanks you > > Francois > -- -- *Francois LE FEVRE* > Ingenieur / Chercheur > Email: [email protected] <mailto:[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > Tel: 33 (0)1 60 87 45 83 > > > *Laboratoire de bioinformatique des reseaux > CEA / DSV / FAR / IG / Genoscope / LBIR > (French Atomic Energy Commission) > * > Website: http://www.genoscope.cns.fr/bioinfo/ > Mail: 2 rue Gaston Cremieux, 91057 Evry, France > -- -- *Francois LE FEVRE* Ingenieur / Chercheur Email: [email protected] <mailto:[email protected]> Tel: 33 (0)1 60 87 45 83 *Laboratoire de bioinformatique des reseaux CEA / DSV / FAR / IG / Genoscope / LBIR (French Atomic Energy Commission) * Website: http://www.genoscope.cns.fr/bioinfo/ Mail: 2 rue Gaston Cremieux, 91057 Evry, France
