You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by "Harris, Christopher P" <ch...@baxter.com> on 2014/03/04 01:00:40 UTC
MRM-1791 doesn't seem to be fixed
Hi.
I'm testing the standalone version of Archiva v2.0.0 on Win 7 64-bit with no extra configuration.
I'm trying to map Active Directory groups to Archiva roles, but I'm not having any luck.
The LDAP config is correct. The tests conducted by the "Verify LDAP changes." and "Verify LDAP configuration on server side." Buttons successfully execute.
However, when I navigate to the "LDAP/Roles Mapping" tab, no groups are listed within the LDAP Groups dropdown menu.
This has never worked for me. How do I get this to work?
Here have been my 2 approaches:
1.) Specify the same Dn in "Base Dn for groups" as I did in "baseDn". This is true for my scenario, because our groups are scattered all over the place. This situation could be related to MRM-1770<https://jira.codehaus.org/browse/MRM-1770>.
2.) My AD user belongs to a specific group, and I know where the group resides within the AD tree. If I pick the containing OrganizationUnit (meaning no subtree search is involved) and use that as the "Base Dn for groups", I still see no "LDAP Groups" dropdown menu items listed on the "LDAP/Roles Mapping" tab.
Chris Harris
Sr. Systems Consultant
Mobility CoE
Baxter Healthcare Corporation
340 N. Milwaukee Ave.
VH1E-075
Vernon Hills, IL 60061
M 224.383.4947
T 847.371.6632
chris_harris@baxter.com<ma...@baxter.com>
The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
For Translation:
http://www.baxter.com/email_disclaimer
RE: MRM-1791 doesn't seem to be fixed
Posted by "Harris, Christopher P" <ch...@baxter.com>.
O.K. I'll file it in JIRA.
I have another issue. Our groups are not located in 1 location. They're all over the place. This means, in order to target 2 specific groups, I have to specify a domain that's 1 level below the root.
Using this domain returns a list of users so huge that I get the following message:
[[LDAP: error code 3 - Timelimit Exceeded]]
...every time I click on "Manage", "Roles", or "Users Runtime Configuration".
Clicking on "Manage" also now pulls up the "Roles" page.
Any suggestions about what I can do?
Can I map multiple groups?
- Chris Harris
-----Original Message-----
From: Olivier Lamy [mailto:olamy@apache.org]
Sent: Tuesday, March 04, 2014 5:44 PM
To: users@archiva.apache.org
Subject: Re: MRM-1791 doesn't seem to be fixed
Hi
On 5 March 2014 09:40, Harris, Christopher P <ch...@baxter.com> wrote:
> Hi, Sascha & Olivier.
>
> Sascha, your advice worked! Thank you!
>
> Olivier, I had to go find the groups element within archiva.xml and manually edit it. It was not available within the properties section. Is that a bug?
Uhm not sure exactly. (but no time ATM to test that). So yes a jira entry could help as a reminder -:)
>
> Chris Harris
> Sr. Systems Consultant
> Baxter Mobility CoE
> Baxter Healthcare Corporation
> 340 N Milwaukee Ave VH1E-075
> Vernon Hills, IL 60061
> One Baxter Parkway DF6-4E
> Deerfield, Illinois 60015
> M 224.383.4947 T 847.371.6632 F 224.948.2885
> chris_harris@baxter.com<ma...@baxter.com>
>
> On Mar 4, 2014, at 5:59 AM, Olivier Lamy <ol...@apache.org>> wrote:
>
> On 4 March 2014 20:22, Sascha Vogt <sa...@gmail.com>> wrote:
> Hi Chris,
>
> Am 04.03.2014 01:00, schrieb Harris, Christopher P:
> The LDAP config is correct. The tests conducted by the "Verify LDAP
> changes." and "Verify LDAP configuration on server side." Buttons
> successfully execute.
> Well, those tests don't really verify much ;)
>
> yup only we can connect to the ldap server with the credentials (not
> more :-) )
>
>
> However, when I navigate to the "LDAP/Roles Mapping" tab, no groups
> are listed within the LDAP Groups dropdown menu.
> You need to tweak a few things before that'll work
>
> This has never worked for me. How do I get this to work?
> First, check that under "Users Runtime Configuration" you have added
> the LDAP RBac Manager. We have both, database first, LDAP second for
> both, UserManager and RbacManager.
>
> Second, tab LDAP:
> baseDn, for the users to login
> base Dn for groups, your groups are here
>
> Third, Properties tab:
> ldap.config.mapper.attribute.user.id = sAMAccountName
> ldap.config.mapper.attribute.password = userPassword
> ldap.config.mapper.attribute.user.object.class = user
>
> 4th, archiva.xml
> /configuration/redbackRuntimeConfiguration/configurationProperties/lda
> p
> (XML path)
>
> Make sure you have
> <config>
> <groups>
> <member>member</member>
> <class>group</class>
> </groups>
> ...
> </config>
> in there.
>
> can be added in the properties tab (normally :-) )
>
>
> Then you should be able to see in LDAP/Roles Mapping a dropdown filled
> with your groups.
>
> Hope that helps,
> Greetings
> -Sascha-
>
>
>
> --
> Olivier Lamy
> Ecetera: http://ecetera.com.au
> http://twitter.com/olamy | http://linkedin.com/in/olamy
>
> The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
>
> For Translation:
>
> http://www.baxter.com/email_disclaimer
--
Olivier Lamy
Ecetera: http://ecetera.com.au
http://twitter.com/olamy | http://linkedin.com/in/olamy
The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
For Translation:
http://www.baxter.com/email_disclaimer
Re: MRM-1791 doesn't seem to be fixed
Posted by Olivier Lamy <ol...@apache.org>.
Hi
On 5 March 2014 09:40, Harris, Christopher P <ch...@baxter.com> wrote:
> Hi, Sascha & Olivier.
>
> Sascha, your advice worked! Thank you!
>
> Olivier, I had to go find the groups element within archiva.xml and manually edit it. It was not available within the properties section. Is that a bug?
Uhm not sure exactly. (but no time ATM to test that). So yes a jira
entry could help as a reminder -:)
>
> Chris Harris
> Sr. Systems Consultant
> Baxter Mobility CoE
> Baxter Healthcare Corporation
> 340 N Milwaukee Ave VH1E-075
> Vernon Hills, IL 60061
> One Baxter Parkway DF6-4E
> Deerfield, Illinois 60015
> M 224.383.4947 T 847.371.6632 F 224.948.2885
> chris_harris@baxter.com<ma...@baxter.com>
>
> On Mar 4, 2014, at 5:59 AM, Olivier Lamy <ol...@apache.org>> wrote:
>
> On 4 March 2014 20:22, Sascha Vogt <sa...@gmail.com>> wrote:
> Hi Chris,
>
> Am 04.03.2014 01:00, schrieb Harris, Christopher P:
> The LDAP config is correct. The tests conducted by the "Verify LDAP
> changes." and "Verify LDAP configuration on server side." Buttons
> successfully execute.
> Well, those tests don't really verify much ;)
>
> yup only we can connect to the ldap server with the credentials (not more :-) )
>
>
> However, when I navigate to the "LDAP/Roles Mapping" tab, no groups
> are listed within the LDAP Groups dropdown menu.
> You need to tweak a few things before that'll work
>
> This has never worked for me. How do I get this to work?
> First, check that under "Users Runtime Configuration" you have added the
> LDAP RBac Manager. We have both, database first, LDAP second for both,
> UserManager and RbacManager.
>
> Second, tab LDAP:
> baseDn, for the users to login
> base Dn for groups, your groups are here
>
> Third, Properties tab:
> ldap.config.mapper.attribute.user.id = sAMAccountName
> ldap.config.mapper.attribute.password = userPassword
> ldap.config.mapper.attribute.user.object.class = user
>
> 4th, archiva.xml
> /configuration/redbackRuntimeConfiguration/configurationProperties/ldap
> (XML path)
>
> Make sure you have
> <config>
> <groups>
> <member>member</member>
> <class>group</class>
> </groups>
> ...
> </config>
> in there.
>
> can be added in the properties tab (normally :-) )
>
>
> Then you should be able to see in LDAP/Roles Mapping a dropdown filled
> with your groups.
>
> Hope that helps,
> Greetings
> -Sascha-
>
>
>
> --
> Olivier Lamy
> Ecetera: http://ecetera.com.au
> http://twitter.com/olamy | http://linkedin.com/in/olamy
>
> The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
>
> For Translation:
>
> http://www.baxter.com/email_disclaimer
--
Olivier Lamy
Ecetera: http://ecetera.com.au
http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: MRM-1791 doesn't seem to be fixed
Posted by "Harris, Christopher P" <ch...@baxter.com>.
Hi, Sascha & Olivier.
Sascha, your advice worked! Thank you!
Olivier, I had to go find the groups element within archiva.xml and manually edit it. It was not available within the properties section. Is that a bug?
Chris Harris
Sr. Systems Consultant
Baxter Mobility CoE
Baxter Healthcare Corporation
340 N Milwaukee Ave VH1E-075
Vernon Hills, IL 60061
One Baxter Parkway DF6-4E
Deerfield, Illinois 60015
M 224.383.4947 T 847.371.6632 F 224.948.2885
chris_harris@baxter.com<ma...@baxter.com>
On Mar 4, 2014, at 5:59 AM, Olivier Lamy <ol...@apache.org>> wrote:
On 4 March 2014 20:22, Sascha Vogt <sa...@gmail.com>> wrote:
Hi Chris,
Am 04.03.2014 01:00, schrieb Harris, Christopher P:
The LDAP config is correct. The tests conducted by the "Verify LDAP
changes." and "Verify LDAP configuration on server side." Buttons
successfully execute.
Well, those tests don't really verify much ;)
yup only we can connect to the ldap server with the credentials (not more :-) )
However, when I navigate to the "LDAP/Roles Mapping" tab, no groups
are listed within the LDAP Groups dropdown menu.
You need to tweak a few things before that'll work
This has never worked for me. How do I get this to work?
First, check that under "Users Runtime Configuration" you have added the
LDAP RBac Manager. We have both, database first, LDAP second for both,
UserManager and RbacManager.
Second, tab LDAP:
baseDn, for the users to login
base Dn for groups, your groups are here
Third, Properties tab:
ldap.config.mapper.attribute.user.id = sAMAccountName
ldap.config.mapper.attribute.password = userPassword
ldap.config.mapper.attribute.user.object.class = user
4th, archiva.xml
/configuration/redbackRuntimeConfiguration/configurationProperties/ldap
(XML path)
Make sure you have
<config>
<groups>
<member>member</member>
<class>group</class>
</groups>
...
</config>
in there.
can be added in the properties tab (normally :-) )
Then you should be able to see in LDAP/Roles Mapping a dropdown filled
with your groups.
Hope that helps,
Greetings
-Sascha-
--
Olivier Lamy
Ecetera: http://ecetera.com.au
http://twitter.com/olamy | http://linkedin.com/in/olamy
The information transmitted is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or legally privileged material. Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by entities other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
For Translation:
http://www.baxter.com/email_disclaimer
Re: MRM-1791 doesn't seem to be fixed
Posted by Olivier Lamy <ol...@apache.org>.
On 4 March 2014 20:22, Sascha Vogt <sa...@gmail.com> wrote:
> Hi Chris,
>
> Am 04.03.2014 01:00, schrieb Harris, Christopher P:
>> The LDAP config is correct. The tests conducted by the "Verify LDAP
>> changes." and "Verify LDAP configuration on server side." Buttons
>> successfully execute.
> Well, those tests don't really verify much ;)
yup only we can connect to the ldap server with the credentials (not more :-) )
>
>> However, when I navigate to the "LDAP/Roles Mapping" tab, no groups
>> are listed within the LDAP Groups dropdown menu.
> You need to tweak a few things before that'll work
>
>> This has never worked for me. How do I get this to work?
> First, check that under "Users Runtime Configuration" you have added the
> LDAP RBac Manager. We have both, database first, LDAP second for both,
> UserManager and RbacManager.
>
> Second, tab LDAP:
> baseDn, for the users to login
> base Dn for groups, your groups are here
>
> Third, Properties tab:
> ldap.config.mapper.attribute.user.id = sAMAccountName
> ldap.config.mapper.attribute.password = userPassword
> ldap.config.mapper.attribute.user.object.class = user
>
> 4th, archiva.xml
> /configuration/redbackRuntimeConfiguration/configurationProperties/ldap
> (XML path)
>
> Make sure you have
> <config>
> <groups>
> <member>member</member>
> <class>group</class>
> </groups>
> ...
> </config>
> in there.
can be added in the properties tab (normally :-) )
>
> Then you should be able to see in LDAP/Roles Mapping a dropdown filled
> with your groups.
>
> Hope that helps,
> Greetings
> -Sascha-
--
Olivier Lamy
Ecetera: http://ecetera.com.au
http://twitter.com/olamy | http://linkedin.com/in/olamy
Re: MRM-1791 doesn't seem to be fixed
Posted by Sascha Vogt <sa...@gmail.com>.
Hi Chris,
Am 04.03.2014 01:00, schrieb Harris, Christopher P:
> The LDAP config is correct. The tests conducted by the "Verify LDAP
> changes." and "Verify LDAP configuration on server side." Buttons
> successfully execute.
Well, those tests don't really verify much ;)
> However, when I navigate to the "LDAP/Roles Mapping" tab, no groups
> are listed within the LDAP Groups dropdown menu.
You need to tweak a few things before that'll work
> This has never worked for me. How do I get this to work?
First, check that under "Users Runtime Configuration" you have added the
LDAP RBac Manager. We have both, database first, LDAP second for both,
UserManager and RbacManager.
Second, tab LDAP:
baseDn, for the users to login
base Dn for groups, your groups are here
Third, Properties tab:
ldap.config.mapper.attribute.user.id = sAMAccountName
ldap.config.mapper.attribute.password = userPassword
ldap.config.mapper.attribute.user.object.class = user
4th, archiva.xml
/configuration/redbackRuntimeConfiguration/configurationProperties/ldap
(XML path)
Make sure you have
<config>
<groups>
<member>member</member>
<class>group</class>
</groups>
...
</config>
in there.
Then you should be able to see in LDAP/Roles Mapping a dropdown filled
with your groups.
Hope that helps,
Greetings
-Sascha-