I havent tried this but stack overflow has a solution http://stackoverflow.com/questions/8101294/unable-to-get-apache-archiva-working-with-ldap
On Fri, May 4, 2012 at 10:14 AM, Chris Jacobs <[email protected]>wrote: > I am a little disappointed; does no one use Archiva in an environment > where central authentication and disaster recovery is regarded as important? > > Or perhaps this is the wrong mailing list? > > Or perhaps I'm looking at the wrong documents? > > security.properties file itself offers no hints. > The comments/hints in application.xml seemed to help, but it doesn't give > everything that's needed (apparently). > > A google search for: archiva ldap > 1) http://archiva.apache.org/redback/integration/ldap.html is out of date > with the files being shipped with Archiva. > 2) > https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.htmlis > missing the actual useful bits on the page, but talks about them a lot. > 3) An LDAP thread from Oct 2008 on this mailing list talks about a lack of > documentation, with a broken link to an example default config (which I > managed to trace to the new repo but that didn't help) > 4) A bug report where steps similar to mine are reported but was closed > without addressing the actual issue with the only comment being "admin > account was locked" - but with LDAP enabled there doesn't appear to be an > unlock option. > etc. > > I'm at a loss here; I'm a system administrator - not a dev. > > Anyone feel like giving me some hints? > > - chris > > -----Original Message----- > From: Chris Jacobs [mailto:[email protected]] > Sent: Thursday, May 03, 2012 4:54 PM > To: [email protected] > Subject: RE: LDAP authentication > > I have managed some success by adding the lines to security.properties: > > redback.default.admin=archiva-admin (a real ldap account) > redback.default.guest=archiva-guest (a real ldap account) > > However, if I start with that config form the start, I am unable to login > as the archiva-admin account (even if I set it to other names which don't > exist in LDAP). > > I've found I can work around it by: > Install clean > Add ONLY the redback.default.admin line above Start Archiva Open page, > complete admin form. > On the following ridiculous page, it requests that I now CHANGE the > password. Pffft. > Stop Archiva > Put in place the security.properties and application.xml files as below > into place - with the addition of the two redback lines above, and then > start archiva. > > And things work. > > Problem: This kind of setup procedure is untenable from a repeatable > system build (disaster recovery is important yo) persepective. > > I suspect that my configs are off somewhere where I'm unable to login as > the archiva-admin LDAP account - if I'm able to resolve this issue without > having to play config file musical chairs, I'll be golden. > > Thoughts? > > Thanks, > - chris > > -----Original Message----- > From: Chris Jacobs [mailto:[email protected]] > Sent: Thursday, May 03, 2012 11:27 AM > To: [email protected] > Subject: LDAP authentication > > Hello, > > The documentation I've seen for configuring authentication via LDAP is > sparse, inconsistent, and out of date (Redback), so before I even go into > the details of my problem I'll grant that I may have missed something > important. > > I'm using the current/latest stable release of Archiva's Standalone, 1.3.5. > > Here are the changes I've made from the default configuration (I haven't > even tried to bring the config and DBs from our existing 1.2.2 Archiva > instance). > > Diff against source of > archiva/apps/archiva/WEB-INF/classes/org/apache/maven/archiva/security.properties: > (cleaned of actual DNS and DN path) > ---------------------------------------------- > 28,41d27 > < > < ldap.config.hostname=ldap-vip.example.net > < ldap.config.port=389 > < ldap.config.base.dn=ou=people,dc=example,dc=net > < ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory > < > < ldap.config.mapper.attribute.email=mail > < ldap.config.mapper.attribute.fullname=cn > < ldap.config.mapper.attribute.password=userPassword > < ldap.config.mapper.attribute.user.id=uid > < ldap.config.mapper.attribute.user.base=ou=people,dc=example,dc=net > < ldap.config.mapper.attribute.user.object.class=inetOrgPerson > < > < ldap.bind.authenticator.enabled=true > ---------------------------------------------- > > Diff against source of > archiva/apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml: > (cleaned of actual DNS and DN path) > ---------------------------------------------- > 257c257 > < <component> > --- > > <!-- component> > 266c266 > < </component> > --- > > </component--> > 291c291 > < <component> > --- > > <!-- component> > 296,297c296,297 > < <email-attribute>mail</email-attribute> > < <full-name-attribute>cn</full-name-attribute> > --- > > <email-attribute>email</email-attribute> > > <full-name-attribute>givenName</full-name-attribute> > 300c300 > < <user-base-dn>ou=people,dc=example,dc=net</user-base-dn> > --- > > <user-base-dn>o=com</user-base-dn> > 308c308 > < </component> > --- > > </component--> > ---------------------------------------------- > > I can authenticate as admin just fine, when I authenticate as an LDAP > user, I see in the logs: > ---------------------------------------------- > ==> wrapper.20120503.log <== > INFO | jvm 1 | 2012/05/03 16:34:48 | 2012-05-03 16:34:47.992::WARN: > /archiva/security/login.action > INFO | jvm 1 | 2012/05/03 16:34:48 | java.lang.NullPointerException > INFO | jvm 1 | 2012/05/03 16:34:48 | at > org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) > INFO | jvm 1 | 2012/05/03 16:34:48 | at > org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) > (continues, snipped) > ---------------------------------------------- > ==> archiva.log <== > 2012-05-03 16:34:47,940 [btpool0-3] WARN > org.codehaus.plexus.redback.authentication.users.UserManagerAuthenticator > - Login for user csjacobs failed. user not found. > 2012-05-03 16:34:47,942 [btpool0-3] INFO > org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - > Searching for users with filter: > '(&(objectClass=inetOrgPerson)(uid=csjacobs))' from base dn: > ou=people,dc=unix,dc=aptimus,dc=net > 2012-05-03 16:34:47,978 [btpool0-3] INFO > org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - > Found user?: true > 2012-05-03 16:34:47,980 [btpool0-3] INFO > org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator - > Attempting Authenication: + uid=csjacobs,ou=people,dc=unix,dc=aptimus,dc=net > ---------------------------------------------- > > And in my browser: > ---------------------------------------------- > HTTP ERROR 500 > > Problem accessing /archiva/security/login.action. Reason: > > INTERNAL_SERVER_ERROR > Caused by: > > java.lang.NullPointerException > at > org.codehaus.plexus.redback.struts2.action.LoginAction.webLogin(LoginAction.java:341) > at > org.codehaus.plexus.redback.struts2.action.LoginAction.login(LoginAction.java:133) > (continues, snipped) > ---------------------------------------------- > > And most disturbingly, further attempts to to open any page in archiva > results in a similar error, even when I attempt to go to the logout url > directly, but that's due to the account I've attempted to login as. When I > open archiva in another browser, I can open archiva without difficulty. > > Any information, assistance, etc, would be greatly appreciated. > > Thanks, > - chris > > Chris Jacobs > Systems Administrator, Technology Services Group > > Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. > 1501 4th Ave | Suite 2500 | Seattle, WA 98101 direct 206.839.8245 | > cell 206.601.3256 | Fax 206.644.0628 > email: [email protected] > > > This message is private and confidential. If you have received it in > error, please notify the sender and remove it from your system. > > > > > This message is private and confidential. If you have received it in > error, please notify the sender and remove it from your system. > > > > > This message is private and confidential. If you have received it in > error, please notify the sender and remove it from your system. > > >
