You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@archiva.apache.org by Francois Le Fevre <fl...@genoscope.cns.fr> on 2009/08/28 17:30:22 UTC

User Authentication via LDAP

Dear all,
I am trying to set up Archiva on JbOss 4.0.5 with LDAP.

is it possible to configure the ldap authenticate service to tsl in the 
application.xml or security.properties?

do you have a documentation on it?
is it supported by Archiva 1.2.1?

thanks you

Francois
-- 
-- 
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Re : Re : User Authentication via LDAP

Posted by Julien HENRY <he...@yahoo.fr>.

Hi François,

Archiva/Redback will use LDAP for authentication only. Roles will still be managed internally so you still need a user database (either the embedded or an external one).

I don't know if there is a special configuration for TLS. Perhaps adding
ldap.config.ssl=true
to security.properties will works?

Concerning
ldap.config.authentication.method
it will be used to set Context.SECURITY_AUTHENTICATION attribute of LDAP connection.
See:
http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html
for possible values.

After looking at my own configuration, it seems that I have forgotten to uncomment lines in application.xml during last upgrade of Archiva and it is still working. So I think you simply have to edit $ARCHIVA_BASE/conf/security.properties and add the values. For example here is my configuration:

user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=jhenry
redback.default.guest=guest
security.policy.password.expiration.enabled=false

ldap.config.hostname=xxxxxxxxxxxxxxxxxx
ldap.config.port=389
ldap.config.base.dn=xxxxxxxxxxxx
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
#ldap.config.bind.dn=uid=myusername,o=com
#ldap.config.password=s3cr3t

ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=displayName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=cn
ldap.config.mapper.attribute.user.base.dn=xxxxxxxxxxxxxxxxxxxxxxxxx
ldap.config.mapper.attribute.user.object.class=user
ldap.config.max.result.count=1000
#ldap.config.mapper.attribute.user.filter=(attributeName=value)


Regards,

Julien




________________________________
De : Francois Le Fevre <fl...@genoscope.cns.fr>
À : Julien HENRY <he...@yahoo.fr>
Cc : users@archiva.apache.org
Envoyé le : Lundi, 31 Août 2009, 9h01mn 29s
Objet : Re: Re : User Authentication via LDAP

Julien,

my question is relative to the parameter found in 
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=

what are we suppose to put here ?
there is no documentation about it.


My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap 
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !

TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .

It is mandatory to use LDAP/TLS in my company.

Perhaps I miss understand someting, do I need still a mysql user 
database ( I have configured JBoss to used a mysql database for the 
archiva data and user)?

Thanks again for your help.

Francois



> Salut François,
>
> In my company we have Archiva authenticating against our corporate 
> LDAP (Active Directory).
>
> What is tsl?
>
> You have to edit security.properties and application.xml.
>
> Please read http://redback.codehaus.org/integration/ldap.html
>
> Regards,
>
> Julien
>
> ------------------------------------------------------------------------
> *De :* Francois Le Fevre <fl...@genoscope.cns.fr>
> *À :* users@archiva.apache.org
> *Envoyé le :* Vendredi, 28 Août 2009, 17h30mn 22s
> *Objet :* User Authentication via LDAP
>
> Dear all,
> I am trying to set up Archiva on JbOss 4.0.5 with LDAP.
>
> is it possible to configure the ldap authenticate service to tsl in 
> the application.xml or security.properties?
>
> do you have a documentation on it?
> is it supported by Archiva 1.2.1?
>
> thanks you
>
> Francois
> -- -- *Francois LE FEVRE*
> Ingenieur / Chercheur
> Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr> 
> <mailto:flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>>
> Tel: 33 (0)1 60 87 45 83
>
>
> *Laboratoire de bioinformatique des reseaux
> CEA / DSV / FAR / IG / Genoscope / LBIR
> (French Atomic Energy Commission)
> *
> Website: http://www.genoscope.cns.fr/bioinfo/
> Mail: 2 rue Gaston Cremieux, 91057 Evry, France
>


-- 
-- 
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Re: Re : User Authentication via LDAP

Posted by Francois Le Fevre <fl...@genoscope.cns.fr>.

Julien,

my question is relative to the parameter found in 
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=

what are we suppose to put here ?
there is no documentation about it.


My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap 
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !

TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .

It is mandatory to use LDAP/TLS in my company.

Perhaps I miss understand someting, do I need still a mysql user 
database ( I have configured JBoss to used a mysql database for the 
archiva data and user)?

Thanks again for your help.

Francois



> Salut François,
>
> In my company we have Archiva authenticating against our corporate 
> LDAP (Active Directory).
>
> What is tsl?
>
> You have to edit security.properties and application.xml.
>
> Please read http://redback.codehaus.org/integration/ldap.html
>
> Regards,
>
> Julien
>
> ------------------------------------------------------------------------
> *De :* Francois Le Fevre <fl...@genoscope.cns.fr>
> *À :* users@archiva.apache.org
> *Envoyé le :* Vendredi, 28 Août 2009, 17h30mn 22s
> *Objet :* User Authentication via LDAP
>
> Dear all,
> I am trying to set up Archiva on JbOss 4.0.5 with LDAP.
>
> is it possible to configure the ldap authenticate service to tsl in 
> the application.xml or security.properties?
>
> do you have a documentation on it?
> is it supported by Archiva 1.2.1?
>
> thanks you
>
> Francois
> -- -- *Francois LE FEVRE*
> Ingenieur / Chercheur
> Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr> 
> <mailto:flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>>
> Tel: 33 (0)1 60 87 45 83
>
>
> *Laboratoire de bioinformatique des reseaux
> CEA / DSV / FAR / IG / Genoscope / LBIR
> (French Atomic Energy Commission)
> *
> Website: http://www.genoscope.cns.fr/bioinfo/
> Mail: 2 rue Gaston Cremieux, 91057 Evry, France
>


-- 
-- 
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Re : User Authentication via LDAP

Posted by Julien HENRY <he...@yahoo.fr>.

Salut François,

In my company we have Archiva authenticating against our corporate LDAP (Active Directory).

What is tsl?

You have to edit security.properties and application.xml.

Please read http://redback.codehaus.org/integration/ldap.html

Regards,

Julien




________________________________
De : Francois Le Fevre <fl...@genoscope.cns.fr>
À : users@archiva.apache.org
Envoyé le : Vendredi, 28 Août 2009, 17h30mn 22s
Objet : User Authentication via LDAP

Dear all,
I am trying to set up Archiva on JbOss 4.0.5 with LDAP.

is it possible to configure the ldap authenticate service to tsl in the application.xml or security.properties?

do you have a documentation on it?
is it supported by Archiva 1.2.1?

thanks you

Francois
-- -- *Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France