I have managed some success by adding the lines to security.properties: redback.default.admin=archiva-admin (a real ldap account) redback.default.guest=archiva-guest (a real ldap account)
However, if I start with that config form the start, I am unable to login as the archiva-admin account (even if I set it to other names which don't exist in LDAP). I've found I can work around it by: Install clean Add ONLY the redback.default.admin line above Start Archiva Open page, complete admin form. On the following ridiculous page, it requests that I now CHANGE the password. Pffft. Stop Archiva Put in place the security.properties and application.xml files as below into place - with the addition of the two redback lines above, and then start archiva. And things work. Problem: This kind of setup procedure is untenable from a repeatable system build (disaster recovery is important yo) persepective. I suspect that my configs are off somewhere where I'm unable to login as the archiva-admin LDAP account - if I'm able to resolve this issue without having to play config file musical chairs, I'll be golden. Thoughts? Thanks, - chris -----Original Message----- From: Chris Jacobs [mailto:[email protected]] Sent: Thursday, May 03, 2012 11:27 AM To: [email protected] Subject: LDAP authentication Hello, The documentation I've seen for configuring authentication via LDAP is sparse, inconsistent, and out of date (Redback), so before I even go into the details of my problem I'll grant that I may have missed something important. I'm using the current/latest stable release of Archiva's Standalone, 1.3.5. Here are the changes I've made from the default configuration (I haven't even tried to bring the config and DBs from our existing 1.2.2 Archiva instance). Diff against source of archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties: (cleaned of actual DNS and DN path) ---------------------------------------------- 28,41d27 < < ldap.config.hostname=ldap-vip.example.net < ldap.config.port=389 < ldap.config.base.dn=ou=people,dc=example,dc=net < ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory < < ldap.config.mapper.attribute.email=mail < ldap.config.mapper.attribute.fullname=cn < ldap.config.mapper.attribute.password=userPassword < ldap.config.mapper.attribute.user.id=uid < ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net < ldap.config.mapper.attribute.user.object.class=inetOrgPerson < < ldap.bind.authenticator.enabled=true ---------------------------------------------- Diff against source of archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml: (cleaned of actual DNS and DN path) ---------------------------------------------- 257c257 < <component> --- > <!-- component> 266c266 < </component> --- > </component--> 291c291 < <component> --- > <!-- component> 296,297c296,297 < <email-attribute>mail</email-attribute> < <full-name-attribute>cn</full-name-attribute> --- > <email-attribute>email</email-attribute> > <full-name-attribute>givenName</full-name-attribute> 300c300 < <user-base-dn>ou=people,dc=example,dc=net</user-base-dn> --- > <user-base-dn>o=com</user-base-dn> 308c308 < </component> --- > </component--> ---------------------------------------------- I can authenticate as admin just fine, when I authenticate as an LDAP user, I see in the logs: ---------------------------------------------- ==> wrapper.20120503.log <== INFO | jvm 1 | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN: /archiva/security/login.action INFO | jvm 1 | 2012/05/03 16:34:48 | java.lang.NullPointerException INFO | jvm 1 | 2012/05/03 16:34:48 | at org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) INFO | jvm 1 | 2012/05/03 16:34:48 | at org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) (continues, snipped) ---------------------------------------------- ==> archiva.log <== 2012-05-03 16:34:47,940 [btpool0-3] WARN org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator - Login for user csjacobs failed. user not found. 2012-05-03 16:34:47,942 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Searching for users with filter: '(&(objectClass=inetOrgPerson)(uid=csjacobs))' from base dn: ou=people,dc=unix,dc=aptimus,dc=net 2012-05-03 16:34:47,978 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Found user?: true 2012-05-03 16:34:47,980 [btpool0-3] INFO org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - Attempting Authenication: + uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net ---------------------------------------------- And in my browser: ---------------------------------------------- HTTP ERROR 500 Problem accessing /archiva/security/login.action. Reason: INTERNAL_SERVER_ERROR Caused by: java.lang.NullPointerException at org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) at org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) (continues, snipped) ---------------------------------------------- And most disturbingly, further attempts to to open any page in archiva results in a similar error, even when I attempt to go to the logout url directly, but that's due to the account I've attempted to login as. When I open archiva in another browser, I can open archiva without difficulty. Any information, assistance, etc, would be greatly appreciated. Thanks, - chris Chris Jacobs Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | cell 206.601.3256 | Fax 206.644.0628 email: [email protected] This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system. This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
