auth01.foo.bar is signed by my own internal CA. I originally got a certificate error, as reported here:
http://mail.openjdk.java.net/pipermail/discuss/2011-March/001731.html However I was then able to import my certificate into openJDK's keystore and get past that error. So I'm pretty sure the LDAP connection is working normally. As for anonymous binds, yes I can see users and most of their information. On Apr 4, 2011, at 3:02 PM, Brent Atkinson wrote: > Kurt, > > Thank you for sending this information along. It makes it much easier to try > and help you. > > Some questions based on this configuration: > > * auth01.foo.bar - does the host have a signed cert from a trusted CA or is > it self-signed? > * if you connect anonymously to auth01.foo.bar, can you find users and see > some of their basic information? > > Brent > > On Mon, Apr 4, 2011 at 9:50 PM, Kurt Yoder <[email protected]> wrote: > >> Thanks for all the replies. Here is my security.properties: >> >> [email protected] >> >> user.manager.impl=ldap >> ldap.bind.authenticator.enabled=true >> ldap.bind.authenticator=true >> security.policy.password.expiration.enabled=false >> >> ldap.config.hostname=auth01.foo.bar >> ldap.config.port=636 >> ldap.config.ssl=true >> ldap.config.base.dn=ou=people,dc=foo,dc=bar >> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory >> >> >> As for the application.xml, I was a bit confused by the documentation; is >> it out of date? There are two versions of docs that I have been able to >> find. One says to set various configurations directly in the >> application.xml, and the other says to set these configurations within >> security.properties. To be thorough, I will also include my application.xml: >> >> >> >> >> Here's a screenshot of the immutable HTML form where archiva sends me (it's >> behind an SSL proxy): >> >> >> >> >> >> On Apr 2, 2011, at 1:22 AM, Brett Porter wrote: >> >> <snip> >> >>> >>> Asking here should be fine too, Archiva needs to offer the functionality >> regardless, after all :) >>> >>> Kurt, can you post an obfuscated copy of the settings you're using? >>> >>> This works for me with anonymous bind: >>> >>> === >>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory >>> >>> # LDAP server config >>> ldap.config.hostname=*** >>> ldap.config.base.dn=*** >>> ldap.config.port=389 >>> >>> # LDAP anonymous bind config >>> ldap.bind.authenticator.enabled=true >>> >>> # LDAP user mapping : openldap use uid, redback default is cn >>> ldap.config.mapper.attribute.user.id=uid >>> ldap.config.mapper.attribute.user.email=mail >>> ldap.config.mapper.attribute.fullname=givenName >>> ldap.config.mapper.attribute.password=userPassword >>> >>> # uid of the ldap user >>> redback.default.admin=root >>> >>> security.policy.password.expiration.enabled=false >>> === >>> >>> (+ application.xml as in the docs) >>> >>> Cheers, >>> Brett >>> >>> -- >>> Brett Porter >>> [email protected] >>> http://brettporter.wordpress.com/ >>> http://au.linkedin.com/in/brettporter >>> >>> >>> >>> >> >> >>
