You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Julien HENRY <he...@yahoo.fr> on 2009/08/28 20:00:34 UTC
Re : User Authentication via LDAP
Salut François,
In my company we have Archiva authenticating against our corporate LDAP (Active Directory).
What is tsl?
You have to edit security.properties and application.xml.
Please read http://redback.codehaus.org/integration/ldap.html
Regards,
Julien
________________________________
De : Francois Le Fevre <fl...@genoscope.cns.fr>
À : users@archiva.apache.org
Envoyé le : Vendredi, 28 Août 2009, 17h30mn 22s
Objet : User Authentication via LDAP
Dear all,
I am trying to set up Archiva on JbOss 4.0.5 with LDAP.
is it possible to configure the ldap authenticate service to tsl in the application.xml or security.properties?
do you have a documentation on it?
is it supported by Archiva 1.2.1?
thanks you
Francois
-- -- *Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83
*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France
Re : Re : User Authentication via LDAP
Posted by Julien HENRY <he...@yahoo.fr>.
Hi François,
Archiva/Redback will use LDAP for authentication only. Roles will still be managed internally so you still need a user database (either the embedded or an external one).
I don't know if there is a special configuration for TLS. Perhaps adding
ldap.config.ssl=true
to security.properties will works?
Concerning
ldap.config.authentication.method
it will be used to set Context.SECURITY_AUTHENTICATION attribute of LDAP connection.
See:
http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html
for possible values.
After looking at my own configuration, it seems that I have forgotten to uncomment lines in application.xml during last upgrade of Archiva and it is still working. So I think you simply have to edit $ARCHIVA_BASE/conf/security.properties and add the values. For example here is my configuration:
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=jhenry
redback.default.guest=guest
security.policy.password.expiration.enabled=false
ldap.config.hostname=xxxxxxxxxxxxxxxxxx
ldap.config.port=389
ldap.config.base.dn=xxxxxxxxxxxx
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
#ldap.config.bind.dn=uid=myusername,o=com
#ldap.config.password=s3cr3t
ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=displayName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=cn
ldap.config.mapper.attribute.user.base.dn=xxxxxxxxxxxxxxxxxxxxxxxxx
ldap.config.mapper.attribute.user.object.class=user
ldap.config.max.result.count=1000
#ldap.config.mapper.attribute.user.filter=(attributeName=value)
Regards,
Julien
________________________________
De : Francois Le Fevre <fl...@genoscope.cns.fr>
À : Julien HENRY <he...@yahoo.fr>
Cc : users@archiva.apache.org
Envoyé le : Lundi, 31 Août 2009, 9h01mn 29s
Objet : Re: Re : User Authentication via LDAP
Julien,
my question is relative to the parameter found in
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=
what are we suppose to put here ?
there is no documentation about it.
My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !
TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .
It is mandatory to use LDAP/TLS in my company.
Perhaps I miss understand someting, do I need still a mysql user
database ( I have configured JBoss to used a mysql database for the
archiva data and user)?
Thanks again for your help.
Francois
> Salut François,
>
> In my company we have Archiva authenticating against our corporate
> LDAP (Active Directory).
>
> What is tsl?
>
> You have to edit security.properties and application.xml.
>
> Please read http://redback.codehaus.org/integration/ldap.html
>
> Regards,
>
> Julien
>
> ------------------------------------------------------------------------
> *De :* Francois Le Fevre <fl...@genoscope.cns.fr>
> *À :* users@archiva.apache.org
> *Envoyé le :* Vendredi, 28 Août 2009, 17h30mn 22s
> *Objet :* User Authentication via LDAP
>
> Dear all,
> I am trying to set up Archiva on JbOss 4.0.5 with LDAP.
>
> is it possible to configure the ldap authenticate service to tsl in
> the application.xml or security.properties?
>
> do you have a documentation on it?
> is it supported by Archiva 1.2.1?
>
> thanks you
>
> Francois
> -- -- *Francois LE FEVRE*
> Ingenieur / Chercheur
> Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
> <mailto:flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>>
> Tel: 33 (0)1 60 87 45 83
>
>
> *Laboratoire de bioinformatique des reseaux
> CEA / DSV / FAR / IG / Genoscope / LBIR
> (French Atomic Energy Commission)
> *
> Website: http://www.genoscope.cns.fr/bioinfo/
> Mail: 2 rue Gaston Cremieux, 91057 Evry, France
>
--
--
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83
*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France
Re: Re : User Authentication via LDAP
Posted by Francois Le Fevre <fl...@genoscope.cns.fr>.
Julien,
my question is relative to the parameter found in
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=
what are we suppose to put here ?
there is no documentation about it.
My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !
TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .
It is mandatory to use LDAP/TLS in my company.
Perhaps I miss understand someting, do I need still a mysql user
database ( I have configured JBoss to used a mysql database for the
archiva data and user)?
Thanks again for your help.
Francois
> Salut François,
>
> In my company we have Archiva authenticating against our corporate
> LDAP (Active Directory).
>
> What is tsl?
>
> You have to edit security.properties and application.xml.
>
> Please read http://redback.codehaus.org/integration/ldap.html
>
> Regards,
>
> Julien
>
> ------------------------------------------------------------------------
> *De :* Francois Le Fevre <fl...@genoscope.cns.fr>
> *À :* users@archiva.apache.org
> *Envoyé le :* Vendredi, 28 Août 2009, 17h30mn 22s
> *Objet :* User Authentication via LDAP
>
> Dear all,
> I am trying to set up Archiva on JbOss 4.0.5 with LDAP.
>
> is it possible to configure the ldap authenticate service to tsl in
> the application.xml or security.properties?
>
> do you have a documentation on it?
> is it supported by Archiva 1.2.1?
>
> thanks you
>
> Francois
> -- -- *Francois LE FEVRE*
> Ingenieur / Chercheur
> Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
> <mailto:flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>>
> Tel: 33 (0)1 60 87 45 83
>
>
> *Laboratoire de bioinformatique des reseaux
> CEA / DSV / FAR / IG / Genoscope / LBIR
> (French Atomic Energy Commission)
> *
> Website: http://www.genoscope.cns.fr/bioinfo/
> Mail: 2 rue Gaston Cremieux, 91057 Evry, France
>
--
--
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@genoscope.cns.fr <ma...@genoscope.cns.fr>
Tel: 33 (0)1 60 87 45 83
*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France