LDAP groups

[Bill Spens <bi...@gmail.com>]

I'm not sure if my first post went though since I was not subscribed to the
group when I posted.  Sorry if this is a duplicate.

 

I'm trying to understand how to get ldap groups to show up in the GUI.  I
see in the code references to "LDAP_GROUPS_ROLE_START_KEY" and
"ldap.config.groups.role.".  It looks like the reason my groups are not
showing up because they must begin with something specific.  

 

What is the default value and how do I change it?  For example, I want my
ldap group "developers' to show up in the list and map that to 'Registered
User'.  Right now, nothing is showing up in the drop down list on the ldap
group/role mapping screen and nothing I enter in the filter causes anything
to happen.  I've tried to find more details in the admin guide and a few
other places, but I must be missing something simple here.

 

Thanks for any suggestions,

Bill

 

Re: LDAP groups

[Jonathan Sharp <fo...@gmail.com>]

Hey Bill,

Ran across this today, the comments from Sasha in this thread are probably
relevant:
http://mail-archives.apache.org/mod_mbox/archiva-users/201403.mbox/%3C9BD825F3554FD04AAB3B8BCBA96F192F19D99E57@BLUPRD9201MB018.026d.mgd.msft.net%3E

-Jon


On Mon, Jul 7, 2014 at 11:09 AM, Jonathan Sharp <fo...@gmail.com> wrote:

> Hey Bill,
>
> As far as the credentials not taking effect, you probably want to check
> the attributes of your developers group in Active Directory. It looks like
> by default Redback looks for uniqueMember attributes of the group object,
> which may not be present. For example if you have member attributes, adding
> the following to the properties file might work:
> ldap.config.groups.member=member
>
> Not sure about the other items.
>
> -Jon
>
>
> On Sun, Jul 6, 2014 at 6:46 PM, Bill Spens <bi...@gmail.com> wrote:
>
>> Thanks Jon,
>>
>> This worked.  I see all the groups in the dropdown now.  However, once I
>> choose a group and a permission level, it doesn't add it to the list below.
>>  The list stays empty.  Instead, I tried adding the following to my
>> Archiva.xml file:
>>
>> <ldapGroupMappings>
>> <ldapGroupMapping>
>> <group>developers</group>
>> <roleNames>
>> <roleName>System Administrator</roleName>
>> </roleNames>
>> </ldapGroupMapping>
>> </ldapGroupMappings>
>>
>> And after a restart, it did show up in the list, but the credentials
>> don't actually take effect.  If I log in under a different account who
>> belongs to the 'developer' group, I don't see any of the admin menus.  Any
>> other suggestions?
>>
>> I've tried pulling the code and trying to debug, but I'm not quite there
>> yet.  Everything compiles (following the directions on the developer
>> website) and the webserver comes up based on the banner and the alpaca
>> picture, but when I hit http://localhost:9091, I get a 404 error.  After
>> a while, I see in the console that the repositories were scanned too, but
>> I'm still working on getting the web gui to come up.
>>
>> Bill
>>
>>
>>
>>
>> -----Original Message-----
>> From: Jonathan Sharp [mailto:forjsharp@gmail.com]
>> Sent: Thursday, July 03, 2014 11:54 AM
>> To: users@archiva.apache.org
>> Subject: Re: LDAP groups
>>
>> Hey Bill,
>>
>> Your email came through. While the LDAP directories RedBack is tested
>> against probably all conform by default to the schema defined in RFC
>> 4519... http://www.rfc-editor.org/rfc/rfc4519.txt ... Active Directory
>> deployments typically do not use all of the classes or populate attributes
>> in the way one would normally anticipate.
>>
>> You might try adding the following to the properties file:
>> ldap.config.groups.class=group
>>
>> -Jon
>>
>>
>> On Thu, Jul 3, 2014 at 8:37 AM, Bill Spens <bi...@gmail.com> wrote:
>>
>> > I'm not sure if my first post went though since I was not subscribed to
>> the
>> > group when I posted.  Sorry if this is a duplicate.
>> >
>> >
>> >
>> > I'm trying to understand how to get ldap groups to show up in the GUI.
>>  I
>> > see in the code references to "LDAP_GROUPS_ROLE_START_KEY" and
>> > "ldap.config.groups.role.".  It looks like the reason my groups are not
>> > showing up because they must begin with something specific.
>> >
>> >
>> >
>> > What is the default value and how do I change it?  For example, I want
>> my
>> > ldap group "developers' to show up in the list and map that to
>> 'Registered
>> > User'.  Right now, nothing is showing up in the drop down list on the
>> ldap
>> > group/role mapping screen and nothing I enter in the filter causes
>> anything
>> > to happen.  I've tried to find more details in the admin guide and a few
>> > other places, but I must be missing something simple here.
>> >
>> >
>> >
>> > Thanks for any suggestions,
>> >
>> > Bill
>> >
>> >
>> >
>> >
>>
>>
>

Re: LDAP groups

[Jonathan Sharp <fo...@gmail.com>]

Hey Bill,

As far as the credentials not taking effect, you probably want to check the
attributes of your developers group in Active Directory. It looks like by
default Redback looks for uniqueMember attributes of the group object,
which may not be present. For example if you have member attributes, adding
the following to the properties file might work:
ldap.config.groups.member=member

Not sure about the other items.

-Jon


On Sun, Jul 6, 2014 at 6:46 PM, Bill Spens <bi...@gmail.com> wrote:

> Thanks Jon,
>
> This worked.  I see all the groups in the dropdown now.  However, once I
> choose a group and a permission level, it doesn't add it to the list below.
>  The list stays empty.  Instead, I tried adding the following to my
> Archiva.xml file:
>
> <ldapGroupMappings>
> <ldapGroupMapping>
> <group>developers</group>
> <roleNames>
> <roleName>System Administrator</roleName>
> </roleNames>
> </ldapGroupMapping>
> </ldapGroupMappings>
>
> And after a restart, it did show up in the list, but the credentials don't
> actually take effect.  If I log in under a different account who belongs to
> the 'developer' group, I don't see any of the admin menus.  Any other
> suggestions?
>
> I've tried pulling the code and trying to debug, but I'm not quite there
> yet.  Everything compiles (following the directions on the developer
> website) and the webserver comes up based on the banner and the alpaca
> picture, but when I hit http://localhost:9091, I get a 404 error.  After
> a while, I see in the console that the repositories were scanned too, but
> I'm still working on getting the web gui to come up.
>
> Bill
>
>
>
>
> -----Original Message-----
> From: Jonathan Sharp [mailto:forjsharp@gmail.com]
> Sent: Thursday, July 03, 2014 11:54 AM
> To: users@archiva.apache.org
> Subject: Re: LDAP groups
>
> Hey Bill,
>
> Your email came through. While the LDAP directories RedBack is tested
> against probably all conform by default to the schema defined in RFC
> 4519... http://www.rfc-editor.org/rfc/rfc4519.txt ... Active Directory
> deployments typically do not use all of the classes or populate attributes
> in the way one would normally anticipate.
>
> You might try adding the following to the properties file:
> ldap.config.groups.class=group
>
> -Jon
>
>
> On Thu, Jul 3, 2014 at 8:37 AM, Bill Spens <bi...@gmail.com> wrote:
>
> > I'm not sure if my first post went though since I was not subscribed to
> the
> > group when I posted.  Sorry if this is a duplicate.
> >
> >
> >
> > I'm trying to understand how to get ldap groups to show up in the GUI.  I
> > see in the code references to "LDAP_GROUPS_ROLE_START_KEY" and
> > "ldap.config.groups.role.".  It looks like the reason my groups are not
> > showing up because they must begin with something specific.
> >
> >
> >
> > What is the default value and how do I change it?  For example, I want my
> > ldap group "developers' to show up in the list and map that to
> 'Registered
> > User'.  Right now, nothing is showing up in the drop down list on the
> ldap
> > group/role mapping screen and nothing I enter in the filter causes
> anything
> > to happen.  I've tried to find more details in the admin guide and a few
> > other places, but I must be missing something simple here.
> >
> >
> >
> > Thanks for any suggestions,
> >
> > Bill
> >
> >
> >
> >
>
>

RE: LDAP groups

[Bill Spens <bi...@gmail.com>]

Thanks Jon,

This worked.  I see all the groups in the dropdown now.  However, once I choose a group and a permission level, it doesn't add it to the list below.  The list stays empty.  Instead, I tried adding the following to my Archiva.xml file:

<ldapGroupMappings>
<ldapGroupMapping>
<group>developers</group>
<roleNames>
<roleName>System Administrator</roleName>
</roleNames>
</ldapGroupMapping>
</ldapGroupMappings>

And after a restart, it did show up in the list, but the credentials don't actually take effect.  If I log in under a different account who belongs to the 'developer' group, I don't see any of the admin menus.  Any other suggestions?

I've tried pulling the code and trying to debug, but I'm not quite there yet.  Everything compiles (following the directions on the developer website) and the webserver comes up based on the banner and the alpaca picture, but when I hit http://localhost:9091, I get a 404 error.  After a while, I see in the console that the repositories were scanned too, but I'm still working on getting the web gui to come up.

Bill




-----Original Message-----
From: Jonathan Sharp [mailto:forjsharp@gmail.com] 
Sent: Thursday, July 03, 2014 11:54 AM
To: users@archiva.apache.org
Subject: Re: LDAP groups

Hey Bill,

Your email came through. While the LDAP directories RedBack is tested
against probably all conform by default to the schema defined in RFC
4519... http://www.rfc-editor.org/rfc/rfc4519.txt ... Active Directory
deployments typically do not use all of the classes or populate attributes
in the way one would normally anticipate.

You might try adding the following to the properties file:
ldap.config.groups.class=group

-Jon


On Thu, Jul 3, 2014 at 8:37 AM, Bill Spens <bi...@gmail.com> wrote:

> I'm not sure if my first post went though since I was not subscribed to the
> group when I posted.  Sorry if this is a duplicate.
>
>
>
> I'm trying to understand how to get ldap groups to show up in the GUI.  I
> see in the code references to "LDAP_GROUPS_ROLE_START_KEY" and
> "ldap.config.groups.role.".  It looks like the reason my groups are not
> showing up because they must begin with something specific.
>
>
>
> What is the default value and how do I change it?  For example, I want my
> ldap group "developers' to show up in the list and map that to 'Registered
> User'.  Right now, nothing is showing up in the drop down list on the ldap
> group/role mapping screen and nothing I enter in the filter causes anything
> to happen.  I've tried to find more details in the admin guide and a few
> other places, but I must be missing something simple here.
>
>
>
> Thanks for any suggestions,
>
> Bill
>
>
>
>

Re: LDAP groups

[Jonathan Sharp <fo...@gmail.com>]

Hey Bill,

Your email came through. While the LDAP directories RedBack is tested
against probably all conform by default to the schema defined in RFC
4519... http://www.rfc-editor.org/rfc/rfc4519.txt ... Active Directory
deployments typically do not use all of the classes or populate attributes
in the way one would normally anticipate.

You might try adding the following to the properties file:
ldap.config.groups.class=group

-Jon


On Thu, Jul 3, 2014 at 8:37 AM, Bill Spens <bi...@gmail.com> wrote:

> I'm not sure if my first post went though since I was not subscribed to the
> group when I posted.  Sorry if this is a duplicate.
>
>
>
> I'm trying to understand how to get ldap groups to show up in the GUI.  I
> see in the code references to "LDAP_GROUPS_ROLE_START_KEY" and
> "ldap.config.groups.role.".  It looks like the reason my groups are not
> showing up because they must begin with something specific.
>
>
>
> What is the default value and how do I change it?  For example, I want my
> ldap group "developers' to show up in the list and map that to 'Registered
> User'.  Right now, nothing is showing up in the drop down list on the ldap
> group/role mapping screen and nothing I enter in the filter causes anything
> to happen.  I've tried to find more details in the admin guide and a few
> other places, but I must be missing something simple here.
>
>
>
> Thanks for any suggestions,
>
> Bill
>
>
>
>