Hello,
The documentation I've seen for configuring authentication via LDAP is sparse,
inconsistent, and out of date (Redback), so before I even go into the details
of my problem I'll grant that I may have missed something important.
I'm using the current/latest stable release of Archiva's Standalone, 1.3.5.
Here are the changes I've made from the default configuration (I haven't even
tried to bring the config and DBs from our existing 1.2.2 Archiva instance).
Diff against source of
archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties:
(cleaned of actual DNS and DN path)
----------------------------------------------
28,41d27
<
< ldap.config.hostname=ldap-vip.example.net
< ldap.config.port=389
< ldap.config.base.dn=ou=people,dc=example,dc=net
< ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
<
< ldap.config.mapper.attribute.email=mail
< ldap.config.mapper.attribute.fullname=cn
< ldap.config.mapper.attribute.password=userPassword
< ldap.config.mapper.attribute.user.id=uid
< ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net
< ldap.config.mapper.attribute.user.object.class=inetOrgPerson
<
< ldap.bind.authenticator.enabled=true
----------------------------------------------
Diff against source of
archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml:
(cleaned of actual DNS and DN path)
----------------------------------------------
257c257
< <component>
---
> <!-- component>
266c266
< </component>
---
> </component-->
291c291
< <component>
---
> <!-- component>
296,297c296,297
< <email-attribute>mail</email-attribute>
< <full-name-attribute>cn</full-name-attribute>
---
> <email-attribute>email</email-attribute>
> <full-name-attribute>givenName</full-name-attribute>
300c300
< <user-base-dn>ou=people,dc=example,dc=net</user-base-dn>
---
> <user-base-dn>o=com</user-base-dn>
308c308
< </component>
---
> </component-->
----------------------------------------------
I can authenticate as admin just fine, when I authenticate as an LDAP user, I
see in the logs:
----------------------------------------------
==> wrapper.20120503.log <==
INFO | jvm 1 | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN:
/archiva/security/login.action
INFO | jvm 1 | 2012/05/03 16:34:48 | java.lang.NullPointerException
INFO | jvm 1 | 2012/05/03 16:34:48 | at
org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
INFO | jvm 1 | 2012/05/03 16:34:48 | at
org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
(continues, snipped)
----------------------------------------------
==> archiva.log <==
2012-05-03 16:34:47,940 [btpool0-3] WARN
org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator -
Login for user csjacobs failed. user not found.
2012-05-03 16:34:47,942 [btpool0-3] INFO
org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator -
Searching for users with filter: '(&(objectClass=inetOrgPerson)(uid=csjacobs))'
from base dn: ou=people,dc=unix,dc=aptimus,dc=net
2012-05-03 16:34:47,978 [btpool0-3] INFO
org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Found
user?: true
2012-05-03 16:34:47,980 [btpool0-3] INFO
org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator -
Attempting Authenication: + uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net
----------------------------------------------
And in my browser:
----------------------------------------------
HTTP ERROR 500
Problem accessing /archiva/security/login.action. Reason:
INTERNAL_SERVER_ERROR
Caused by:
java.lang.NullPointerException
at
org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341)
at
org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133)
(continues, snipped)
----------------------------------------------
And most disturbingly, further attempts to to open any page in archiva results
in a similar error, even when I attempt to go to the logout url directly, but
that's due to the account I've attempted to login as. When I open archiva in
another browser, I can open archiva without difficulty.
Any information, assistance, etc, would be greatly appreciated.
Thanks,
- chris
Chris Jacobs
Systems Administrator, Technology Services Group
Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc.
1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell
206.601.3256 | Fax 206.644.0628
email: [email protected]
This message is private and confidential. If you have received it in error,
please notify the sender and remove it from your system.
