Weak LDAP support is my primary frustration with Archiva currently - I was quite saddened to see your report on 1.4.x: I tried to configure LDAP in 1.3.x, had pretty much the same experience you're having now, and got my hopes up after reading that some improvements for LDAP were coming in 1.4.
It boggles my mind that a large feature - authentication - would get so little work towards integrating with external, rfc spec authentication systems. Shoving this 'problem' off to Redback (documentation and decent integration from Archiva, what's that?) seems like a serious cop-out - just make it another, even more anemic (it's a fact, not a pointing out of failure), project's problem. I'm not adding anything here really; hoping to stoke some fires. - chris -----Original Message----- From: Harris, Christopher P [mailto:[email protected]] Sent: Friday, September 14, 2012 9:12 AM To: [email protected] Subject: RE: LDAP Issues Hi, Eric. I actually encountered that error Andy's describing in MRM-998. I encountered it when the initial login/config that allows Archiva to locate and log in fails. That's what was preventing Archiva from even starting up. Once I got past that error, I got to the point where I am now. I get a 404 error for that 2nd link that you sent me. - Chris Harris -----Original Message----- From: Eric Barboni [mailto:[email protected]] Sent: Friday, September 14, 2012 3:41 AM To: [email protected] Subject: RE: LDAP Issues Hi, sorry I never tried archiva and ldap Maybe this is related to http://jira.codehaus.org/browse/MRM-998 There are some old but different information here also https://cwiki.apache.org/ARCHIVA/howto-configure-usermanagement-with-ldap.ht ml Regards Eric -----Message d'origine----- De : Harris, Christopher P [mailto:[email protected]] Envoyé : vendredi 14 septembre 2012 00:09 À : [email protected] Objet : LDAP Issues Hi, I've set up archiva-webapp-js-1.4-M3-SNAPSHOT.war to utilize security.properties. I followed http://archiva.apache.org/redback/integration/ldap.html. Yes, I know it's out of date. So, I went and downloaded the stand-alone version of Archiva v1.4-M3. I found applicationContext.xml and noticed the commented-out beans and instructions left for modifying security.properties. I enabled the beans and modified security.properties accordingly: user.manager.impl=ldap ldap.bind.authenticator.enabled=true redback.default.admin=admin redback.default.guest=guest security.policy.password.expiration.enabled=false ldap.config.hostname= ldap.config.port= ldap.config.base.dn= ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.config.bind.dn= ldap.config.password= #ldap.config.authentication.method= ldap.config.mapper.attribute.email=mail ldap.config.mapper.attribute.fullname=givenName ldap.config.mapper.attribute.password=userPassword ldap.config.mapper.attribute.user.id=sAMAccountName ldap.config.mapper.attribute.user.base.dn= ldap.config.mapper.attribute.user.object.class=inetOrgPerson ldap.config.mapper.attribute.user.filter=(attributeName=value) user.manager.impl=cached ldap.bind.authenticator.enabled=true Initially, I couldn't even start Archiva once I enabled LDAP. Through trial and error using Apache Directory Studio, I was able to successfully configure LDAP. Now, Archiva can start again since it can communicate via LDAP to our AD server. There are some problems though: 1.) The initial user Archiva/Redback tries to log in as (myself) but cannot be found. I see the logs return a variable "foundUser" with a value of false. I know I have the right dn. 2.) Archiva cannot find any users via LDAP subtree searching. I'm not sure if I have to create the user in Archiva first (I assume that I do). 3.) Thinking that I need to create an Archiva user for myself so that problems #1 and #2 can be resolved, I tried to log in as admin. The only problem is that Archiva would not let me log in as admin any more. I see in archiva.log that LDAP is querying AD for admin. Of course, admin cannot be found. I thought "redback.default.admin=admin" would allow me to log in as admin as I did before I enabled LDAP. Note that my Active Directory account is not an admin account. I can't see any AD values named "userPassword". I may need to be admin to even see that field. I figured that it would be visible but contain encrypted values. ldap.config.mapper.attribute.password=userPassword is what I'm basing this on. I plan on implementing an admin account, but haven't been given that information yet. Any suggestions? - Chris Harris The information transmitted is intended only for the person(s)or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of , or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. For Translation: http://www.baxter.com/email_disclaimer The information transmitted is intended only for the person(s)or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of , or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer. For Translation: http://www.baxter.com/email_disclaimer This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
