You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Julien Graglia <jg...@netceler.com> on 2009/03/26 12:46:39 UTC
1.2.0 and ldap and SSL
Hi,
I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
want to switch to an ldap authentication (I'am bored of copying user
databases...)
I'have found many threads about ldap and archiva : security.properties,
redback ldap config page (1)... but I have not found how to connect to a
ldaps directory?
I have defined the ldap.config.port (636) but i did not found how to
says to use ssl
> On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >
> > I'm not sure ldap docs on redback site are up-to-date
> >>
> >> Chris, do you use LDAP or LDAPS?
> >> LDAPS isn't supported for the moment
> >>
> >> Emmanuel
>
>
It seems to me that redback still can't handle SSL for ldap... Did I
have to wait for another archiva/redback release? or stick with my user
database (I don't want to store the users in a sql db, they are already
in ldap...)
1 : http://redback.codehaus.org/configuration.html and
http://redback.codehaus.org/integration/ldap.html
Thx,
Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> I think you might be missing this property?
> user.manager.impl=ldap
>
> Thanks,
> Deng
>
> On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> chris.brentano@jivesoftware.com> wrote:
>
> > Thanks everyone for your assistance!
> >
> > Just LDAP, no SSL at the moment.
> >
> > I configured my conf/security.properties file like so:
> >
> > ldap.user.store.enabled=true
> > ldap.bind.authenticator.enabled=true
> > ldap.config.hostname=dc02.jiveville.com
> > ldap.config.port=389
> > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > ldap
> > .config
> > .bind
> > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > ldap.config.password=********
> >
> > But cannot log in with any LDAP accounts. But I do have a couple questions:
> >
> > - Is there any way to test that Archiva is able to successfully talk to the
> > LDAP server?
> > - Are there any options above that I may be missing or which are incorrect?
> > - When LDAP authentication is working, do all accounts that fall under the
> > base dn OU have access? If so, what level?
> > - Do I need to do anything in User Administrator to grant specific LDAP
> > accounts access privileges?
> >
> > Thanks again!
> >
> > - Chris
> >
> >
> >
> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >
> > I'm not sure ldap docs on redback site are up-to-date
> >>
> >> Chris, do you use LDAP or LDAPS?
> >> LDAPS isn't supported for the moment
> >>
> >> Emmanuel
> >>
> >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <oc...@apache.org>
> >> wrote:
> >>
> >> Hi Chris,
> >>>
> >>> You just need to put the LDAP config in your security.properties file,
> >>> you
> >>> no longer need to edit the application.xml as specified here:
> >>> http://redback.codehaus.org/integration/ldap.html (just copy & paste the
> >>> config specifed in the security.properties section)
> >>>
> >>> And you might also need to add the LDAP specific configuration specified
> >>> in
> >>> the LDAP Settings section in this document:
> >>> http://redback.codehaus.org/configuration.html
> >>>
> >>> HTH,
> >>> Deng
> >>>
> >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> >>> chris.brentano@jivesoftware.com> wrote:
> >>>
> >>> Hi all,
> >>>>
> >>>> I'd like to configure Archiva to do LDAP authentication to Active
> >>>> Directory. It appears that Redback has LDAP support, and I've seen some
> >>>> various bits here and there about configuring the security.properties or
> >>>> application.xml file to utilize LDAP, but I can't find a concise guide.
> >>>>
> >>> Can
> >>>
> >>>> anyone provide some basic instructions and are there any gotchas I
> >>>> should
> >>>>
> >>> be
> >>>
> >>>> aware of? Thanks!
> >>>>
> >>>> - Chris
> >>>>
> >>>>
> >>>
> >
--
Julien Graglia
NetCeler
Re: 1.2.0 and ldap and SSL
Posted by Emmanuel Venisse <em...@gmail.com>.
On Mon, Mar 30, 2009 at 7:20 AM, Julien Graglia <jg...@netceler.com>wrote:
> Le vendredi 27 mars 2009 à 10:34 +0100, Emmanuel Venisse a écrit :
> > Hi,
> > Thanks for your test.
> > You have two things to modify in your security.properties.
> >
> > 1- Add security.policy.password.expiration.enabled=false
> > 2- Remove ldap.user.store.enabled=true because it isn't use by Redback,
> > I'll remove it in config-defaults.properties
> >
> > With these modifications, all should be ok.
> Yes everything is working fine!
>
>
> > Do you use a truststore like dscribed in [1] or only the conf described
> in
> > your mail?
> Yes I'am a using a trustore and a self signed certificate.
So you use some truststore properties to start your app server? Can you add
it too in the documentation?
>
> > Can you provide a patch for the LDAP documentation page?
> Yes I can, which page?
http://svn.codehaus.org/redback/redback-site/trunk/src/site/apt/integration/ldap.apt
I'll patch the Continuum page when Continuum will use latest Redback
I don't think Archiva have a LDAP page.
Thanks for your help.
>
> >
> > [1] http://directory.apache.org/apacheds/1.0/33-how-to-enable-ssl.html
> >
> > Emmanuel
> >
> > On Fri, Mar 27, 2009 at 9:18 AM, Julien Graglia <jgraglia@netceler.com
> >wrote:
> >
> > > I have installed redback 1.3-SNAPSHOT rev 823 in archiva and configure
> > > ldap + ssl + user mapping (openldap user uid not cn attributes) and it
> > > works
> > >
> > > logs saying that the admin user exists, no need to create one :
> > >
> > > 09-03-27 09:06:41,238 [btpool0-4] INFO
> > > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> > > Searching for user: jgr
> > > 2009-03-27 09:06:41,240 [btpool0-4] INFO
> > > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> > > Searching for users with filter:
> > > '(&(objectClass=inetOrgPerson)(uid=jgr))' from base dn:
> > > dc=netceler,dc=com
> > > 2009-03-27 09:06:41,288 [btpool0-4] INFO
> > >
> org.codehaus.plexus.redback.struts2.interceptor.ForceAdminUserInterceptor
> > > - Admin user found. No need to configure admin user.
> > >
> > >
> > >
> > > But when in really log in archiva, i got an NPE :
> > >
> > > java.lang.NullPointerException
> > > at java.util.Calendar.setTime(Calendar.java:1075)
> > > at
> > >
> org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor.intercept(PolicyEnforcementInterceptor.java:141)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > > at
> > >
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > > at
> > >
> org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor.intercept(SecureActionInterceptor.java:173)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > > at
> > >
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > > at
> > >
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > > at
> > >
> com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor.intercept(ParameterFilterInterceptor.java:143)
> > >
> > > I could send you logs (i have put redback in "trace" log4j debug level)
> > > if you want..
> > >
> > >
> > > PS : here is my ldap config :
> > >
> > > #LDAP
> > > user.manager.impl=ldap
> > > ldap.user.store.enabled=true
> > > ldap.bind.authenticator.enabled=true
> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > >
> > > # LDAP server config
> > > ldap.config.hostname=scarab-server
> > > ldap.config.port=636
> > > ldap.config.ssl=true
> > > ldap.config.base.dn=dc=netceler,dc=com
> > > # LDAP bind config
> > > ldap.config.bind.dn=XXXXXXXXXXXXXXXXXXX,dc=netceler,dc=com
> > > ldap.config.password=XXXXXXXXXXX
> > > # LDAP user mapping : openldap use uid, redbak default is cn
> > > ldap.config.mapper.attribute.user.id=uid
> > > # uid of the ldap user that I use as the archiva administrator
> > > redback.default.admin=jgr
> > >
> > >
> > > Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> > > > I added something to support it in Redback, but not tested it.You can
> > > look
> > > > at the issue [1]
> > > >
> > > > Can you test it?
> > > >
> > > > [1] http://jira.codehaus.org/browse/REDBACK-215
> > > >
> > > > Emmanuel
> > > >
> > > > On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> > > > emmanuel.venisse@gmail.com> wrote:
> > > >
> > > > > It isn't there yet.
> > > > > If you really need it, maybe you can write a patch for Redback.
> > > > >
> > > > > Emmanuel
> > > > >
> > > > >
> > > > > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <
> > > jgraglia@netceler.com>wrote:
> > > > >
> > > > >> Hi,
> > > > >>
> > > > >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0...
> and I
> > > > >> want to switch to an ldap authentication (I'am bored of copying
> user
> > > > >> databases...)
> > > > >>
> > > > >> I'have found many threads about ldap and archiva :
> > > security.properties,
> > > > >> redback ldap config page (1)... but I have not found how to
> connect to
> > > a
> > > > >> ldaps directory?
> > > > >> I have defined the ldap.config.port (636) but i did not found how
> to
> > > > >> says to use ssl
> > > > >>
> > > > >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > > >> > >
> > > > >> > > I'm not sure ldap docs on redback site are up-to-date
> > > > >> > >>
> > > > >> > >> Chris, do you use LDAP or LDAPS?
> > > > >> > >> LDAPS isn't supported for the moment
> > > > >> > >>
> > > > >> > >> Emmanuel
> > > > >> >
> > > > >> >
> > > > >> It seems to me that redback still can't handle SSL for ldap... Did
> I
> > > > >> have to wait for another archiva/redback release? or stick with my
> > > user
> > > > >> database (I don't want to store the users in a sql db, they are
> > > already
> > > > >> in ldap...)
> > > > >>
> > > > >> 1 : http://redback.codehaus.org/configuration.html and
> > > > >> http://redback.codehaus.org/integration/ldap.html
> > > > >>
> > > > >>
> > > > >> Thx,
> > > > >>
> > > > >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> > > > >> > I think you might be missing this property?
> > > > >> > user.manager.impl=ldap
> > > > >> >
> > > > >> > Thanks,
> > > > >> > Deng
> > > > >> >
> > > > >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> > > > >> > chris.brentano@jivesoftware.com> wrote:
> > > > >> >
> > > > >> > > Thanks everyone for your assistance!
> > > > >> > >
> > > > >> > > Just LDAP, no SSL at the moment.
> > > > >> > >
> > > > >> > > I configured my conf/security.properties file like so:
> > > > >> > >
> > > > >> > > ldap.user.store.enabled=true
> > > > >> > > ldap.bind.authenticator.enabled=true
> > > > >> > > ldap.config.hostname=dc02.jiveville.com
> > > > >> > > ldap.config.port=389
> > > > >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > > > >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > > > >> > > ldap
> > > > >> > > .config
> > > > >> > > .bind
> > > > >> > >
> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > > > >> > > ldap.config.password=********
> > > > >> > >
> > > > >> > > But cannot log in with any LDAP accounts. But I do have a
> couple
> > > > >> questions:
> > > > >> > >
> > > > >> > > - Is there any way to test that Archiva is able to
> successfully
> > > talk
> > > > >> to the
> > > > >> > > LDAP server?
> > > > >> > > - Are there any options above that I may be missing or which
> are
> > > > >> incorrect?
> > > > >> > > - When LDAP authentication is working, do all accounts that
> fall
> > > under
> > > > >> the
> > > > >> > > base dn OU have access? If so, what level?
> > > > >> > > - Do I need to do anything in User Administrator to grant
> specific
> > > > >> LDAP
> > > > >> > > accounts access privileges?
> > > > >> > >
> > > > >> > > Thanks again!
> > > > >> > >
> > > > >> > > - Chris
> > > > >> > >
> > > > >> > >
> > > > >> > >
> > > > >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > > >> > >
> > > > >> > > I'm not sure ldap docs on redback site are up-to-date
> > > > >> > >>
> > > > >> > >> Chris, do you use LDAP or LDAPS?
> > > > >> > >> LDAPS isn't supported for the moment
> > > > >> > >>
> > > > >> > >> Emmanuel
> > > > >> > >>
> > > > >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <
> > > oching@apache.org>
> > > > >> > >> wrote:
> > > > >> > >>
> > > > >> > >> Hi Chris,
> > > > >> > >>>
> > > > >> > >>> You just need to put the LDAP config in your
> security.properties
> > > > >> file,
> > > > >> > >>> you
> > > > >> > >>> no longer need to edit the application.xml as specified
> here:
> > > > >> > >>> http://redback.codehaus.org/integration/ldap.html (just
> copy &
> > > > >> paste the
> > > > >> > >>> config specifed in the security.properties section)
> > > > >> > >>>
> > > > >> > >>> And you might also need to add the LDAP specific
> configuration
> > > > >> specified
> > > > >> > >>> in
> > > > >> > >>> the LDAP Settings section in this document:
> > > > >> > >>> http://redback.codehaus.org/configuration.html
> > > > >> > >>>
> > > > >> > >>> HTH,
> > > > >> > >>> Deng
> > > > >> > >>>
> > > > >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> > > > >> > >>> chris.brentano@jivesoftware.com> wrote:
> > > > >> > >>>
> > > > >> > >>> Hi all,
> > > > >> > >>>>
> > > > >> > >>>> I'd like to configure Archiva to do LDAP authentication to
> > > Active
> > > > >> > >>>> Directory. It appears that Redback has LDAP support, and
> I've
> > > seen
> > > > >> some
> > > > >> > >>>> various bits here and there about configuring the
> > > > >> security.properties or
> > > > >> > >>>> application.xml file to utilize LDAP, but I can't find a
> > > concise
> > > > >> guide.
> > > > >> > >>>>
> > > > >> > >>> Can
> > > > >> > >>>
> > > > >> > >>>> anyone provide some basic instructions and are there any
> > > gotchas I
> > > > >> > >>>> should
> > > > >> > >>>>
> > > > >> > >>> be
> > > > >> > >>>
> > > > >> > >>>> aware of? Thanks!
> > > > >> > >>>>
> > > > >> > >>>> - Chris
> > > > >> > >>>>
> > > > >> > >>>>
> > > > >> > >>>
> > > > >> > >
> > > > >> --
> > > > >> Julien Graglia
> > > > >> NetCeler
> > > > >>
> > > > >>
> > > > >
> > > --
> > > Julien Graglia - jgraglia@netceler.com
> > > NetCeler
> > > Les Peyrons 05400 Veynes
> > > Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
> > >
> > >
> --
> Julien Graglia - jgraglia@netceler.com
> NetCeler
> Les Peyrons 05400 Veynes
> Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
>
>
Re: 1.2.0 and ldap and SSL
Posted by Julien Graglia <jg...@netceler.com>.
Le vendredi 27 mars 2009 à 10:34 +0100, Emmanuel Venisse a écrit :
> Hi,
> Thanks for your test.
> You have two things to modify in your security.properties.
>
> 1- Add security.policy.password.expiration.enabled=false
> 2- Remove ldap.user.store.enabled=true because it isn't use by Redback,
> I'll remove it in config-defaults.properties
>
> With these modifications, all should be ok.
Yes everything is working fine!
> Do you use a truststore like dscribed in [1] or only the conf described in
> your mail?
Yes I'am a using a trustore and a self signed certificate.
> Can you provide a patch for the LDAP documentation page?
Yes I can, which page?
>
> [1] http://directory.apache.org/apacheds/1.0/33-how-to-enable-ssl.html
>
> Emmanuel
>
> On Fri, Mar 27, 2009 at 9:18 AM, Julien Graglia <jg...@netceler.com>wrote:
>
> > I have installed redback 1.3-SNAPSHOT rev 823 in archiva and configure
> > ldap + ssl + user mapping (openldap user uid not cn attributes) and it
> > works
> >
> > logs saying that the admin user exists, no need to create one :
> >
> > 09-03-27 09:06:41,238 [btpool0-4] INFO
> > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> > Searching for user: jgr
> > 2009-03-27 09:06:41,240 [btpool0-4] INFO
> > org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> > Searching for users with filter:
> > '(&(objectClass=inetOrgPerson)(uid=jgr))' from base dn:
> > dc=netceler,dc=com
> > 2009-03-27 09:06:41,288 [btpool0-4] INFO
> > org.codehaus.plexus.redback.struts2.interceptor.ForceAdminUserInterceptor
> > - Admin user found. No need to configure admin user.
> >
> >
> >
> > But when in really log in archiva, i got an NPE :
> >
> > java.lang.NullPointerException
> > at java.util.Calendar.setTime(Calendar.java:1075)
> > at
> > org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor.intercept(PolicyEnforcementInterceptor.java:141)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > at
> > com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > at
> > org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor.intercept(SecureActionInterceptor.java:173)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> > at
> > com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> > at
> > com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> > at
> > com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor.intercept(ParameterFilterInterceptor.java:143)
> >
> > I could send you logs (i have put redback in "trace" log4j debug level)
> > if you want..
> >
> >
> > PS : here is my ldap config :
> >
> > #LDAP
> > user.manager.impl=ldap
> > ldap.user.store.enabled=true
> > ldap.bind.authenticator.enabled=true
> > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> >
> > # LDAP server config
> > ldap.config.hostname=scarab-server
> > ldap.config.port=636
> > ldap.config.ssl=true
> > ldap.config.base.dn=dc=netceler,dc=com
> > # LDAP bind config
> > ldap.config.bind.dn=XXXXXXXXXXXXXXXXXXX,dc=netceler,dc=com
> > ldap.config.password=XXXXXXXXXXX
> > # LDAP user mapping : openldap use uid, redbak default is cn
> > ldap.config.mapper.attribute.user.id=uid
> > # uid of the ldap user that I use as the archiva administrator
> > redback.default.admin=jgr
> >
> >
> > Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> > > I added something to support it in Redback, but not tested it.You can
> > look
> > > at the issue [1]
> > >
> > > Can you test it?
> > >
> > > [1] http://jira.codehaus.org/browse/REDBACK-215
> > >
> > > Emmanuel
> > >
> > > On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> > > emmanuel.venisse@gmail.com> wrote:
> > >
> > > > It isn't there yet.
> > > > If you really need it, maybe you can write a patch for Redback.
> > > >
> > > > Emmanuel
> > > >
> > > >
> > > > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <
> > jgraglia@netceler.com>wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
> > > >> want to switch to an ldap authentication (I'am bored of copying user
> > > >> databases...)
> > > >>
> > > >> I'have found many threads about ldap and archiva :
> > security.properties,
> > > >> redback ldap config page (1)... but I have not found how to connect to
> > a
> > > >> ldaps directory?
> > > >> I have defined the ldap.config.port (636) but i did not found how to
> > > >> says to use ssl
> > > >>
> > > >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > >> > >
> > > >> > > I'm not sure ldap docs on redback site are up-to-date
> > > >> > >>
> > > >> > >> Chris, do you use LDAP or LDAPS?
> > > >> > >> LDAPS isn't supported for the moment
> > > >> > >>
> > > >> > >> Emmanuel
> > > >> >
> > > >> >
> > > >> It seems to me that redback still can't handle SSL for ldap... Did I
> > > >> have to wait for another archiva/redback release? or stick with my
> > user
> > > >> database (I don't want to store the users in a sql db, they are
> > already
> > > >> in ldap...)
> > > >>
> > > >> 1 : http://redback.codehaus.org/configuration.html and
> > > >> http://redback.codehaus.org/integration/ldap.html
> > > >>
> > > >>
> > > >> Thx,
> > > >>
> > > >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> > > >> > I think you might be missing this property?
> > > >> > user.manager.impl=ldap
> > > >> >
> > > >> > Thanks,
> > > >> > Deng
> > > >> >
> > > >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> > > >> > chris.brentano@jivesoftware.com> wrote:
> > > >> >
> > > >> > > Thanks everyone for your assistance!
> > > >> > >
> > > >> > > Just LDAP, no SSL at the moment.
> > > >> > >
> > > >> > > I configured my conf/security.properties file like so:
> > > >> > >
> > > >> > > ldap.user.store.enabled=true
> > > >> > > ldap.bind.authenticator.enabled=true
> > > >> > > ldap.config.hostname=dc02.jiveville.com
> > > >> > > ldap.config.port=389
> > > >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > > >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > > >> > > ldap
> > > >> > > .config
> > > >> > > .bind
> > > >> > >
> > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > > >> > > ldap.config.password=********
> > > >> > >
> > > >> > > But cannot log in with any LDAP accounts. But I do have a couple
> > > >> questions:
> > > >> > >
> > > >> > > - Is there any way to test that Archiva is able to successfully
> > talk
> > > >> to the
> > > >> > > LDAP server?
> > > >> > > - Are there any options above that I may be missing or which are
> > > >> incorrect?
> > > >> > > - When LDAP authentication is working, do all accounts that fall
> > under
> > > >> the
> > > >> > > base dn OU have access? If so, what level?
> > > >> > > - Do I need to do anything in User Administrator to grant specific
> > > >> LDAP
> > > >> > > accounts access privileges?
> > > >> > >
> > > >> > > Thanks again!
> > > >> > >
> > > >> > > - Chris
> > > >> > >
> > > >> > >
> > > >> > >
> > > >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > > >> > >
> > > >> > > I'm not sure ldap docs on redback site are up-to-date
> > > >> > >>
> > > >> > >> Chris, do you use LDAP or LDAPS?
> > > >> > >> LDAPS isn't supported for the moment
> > > >> > >>
> > > >> > >> Emmanuel
> > > >> > >>
> > > >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <
> > oching@apache.org>
> > > >> > >> wrote:
> > > >> > >>
> > > >> > >> Hi Chris,
> > > >> > >>>
> > > >> > >>> You just need to put the LDAP config in your security.properties
> > > >> file,
> > > >> > >>> you
> > > >> > >>> no longer need to edit the application.xml as specified here:
> > > >> > >>> http://redback.codehaus.org/integration/ldap.html (just copy &
> > > >> paste the
> > > >> > >>> config specifed in the security.properties section)
> > > >> > >>>
> > > >> > >>> And you might also need to add the LDAP specific configuration
> > > >> specified
> > > >> > >>> in
> > > >> > >>> the LDAP Settings section in this document:
> > > >> > >>> http://redback.codehaus.org/configuration.html
> > > >> > >>>
> > > >> > >>> HTH,
> > > >> > >>> Deng
> > > >> > >>>
> > > >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> > > >> > >>> chris.brentano@jivesoftware.com> wrote:
> > > >> > >>>
> > > >> > >>> Hi all,
> > > >> > >>>>
> > > >> > >>>> I'd like to configure Archiva to do LDAP authentication to
> > Active
> > > >> > >>>> Directory. It appears that Redback has LDAP support, and I've
> > seen
> > > >> some
> > > >> > >>>> various bits here and there about configuring the
> > > >> security.properties or
> > > >> > >>>> application.xml file to utilize LDAP, but I can't find a
> > concise
> > > >> guide.
> > > >> > >>>>
> > > >> > >>> Can
> > > >> > >>>
> > > >> > >>>> anyone provide some basic instructions and are there any
> > gotchas I
> > > >> > >>>> should
> > > >> > >>>>
> > > >> > >>> be
> > > >> > >>>
> > > >> > >>>> aware of? Thanks!
> > > >> > >>>>
> > > >> > >>>> - Chris
> > > >> > >>>>
> > > >> > >>>>
> > > >> > >>>
> > > >> > >
> > > >> --
> > > >> Julien Graglia
> > > >> NetCeler
> > > >>
> > > >>
> > > >
> > --
> > Julien Graglia - jgraglia@netceler.com
> > NetCeler
> > Les Peyrons 05400 Veynes
> > Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
> >
> >
--
Julien Graglia - jgraglia@netceler.com
NetCeler
Les Peyrons 05400 Veynes
Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
Re: 1.2.0 and ldap and SSL
Posted by Emmanuel Venisse <em...@gmail.com>.
Hi,
Thanks for your test.
You have two things to modify in your security.properties.
1- Add security.policy.password.expiration.enabled=false
2- Remove ldap.user.store.enabled=true because it isn't use by Redback,
I'll remove it in config-defaults.properties
With these modifications, all should be ok. If it is, Add a comment on the
redback issue and I'll close it.
Do you use a truststore like dscribed in [1] or only the conf described in
your mail?
Can you provide a patch for the LDAP documentation page?
[1] http://directory.apache.org/apacheds/1.0/33-how-to-enable-ssl.html
Emmanuel
On Fri, Mar 27, 2009 at 9:18 AM, Julien Graglia <jg...@netceler.com>wrote:
> I have installed redback 1.3-SNAPSHOT rev 823 in archiva and configure
> ldap + ssl + user mapping (openldap user uid not cn attributes) and it
> works
>
> logs saying that the admin user exists, no need to create one :
>
> 09-03-27 09:06:41,238 [btpool0-4] INFO
> org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> Searching for user: jgr
> 2009-03-27 09:06:41,240 [btpool0-4] INFO
> org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
> Searching for users with filter:
> '(&(objectClass=inetOrgPerson)(uid=jgr))' from base dn:
> dc=netceler,dc=com
> 2009-03-27 09:06:41,288 [btpool0-4] INFO
> org.codehaus.plexus.redback.struts2.interceptor.ForceAdminUserInterceptor
> - Admin user found. No need to configure admin user.
>
>
>
> But when in really log in archiva, i got an NPE :
>
> java.lang.NullPointerException
> at java.util.Calendar.setTime(Calendar.java:1075)
> at
> org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor.intercept(PolicyEnforcementInterceptor.java:141)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> at
> org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor.intercept(SecureActionInterceptor.java:173)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor.intercept(ParameterFilterInterceptor.java:143)
>
> I could send you logs (i have put redback in "trace" log4j debug level)
> if you want..
>
>
> PS : here is my ldap config :
>
> #LDAP
> user.manager.impl=ldap
> ldap.user.store.enabled=true
> ldap.bind.authenticator.enabled=true
> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>
> # LDAP server config
> ldap.config.hostname=scarab-server
> ldap.config.port=636
> ldap.config.ssl=true
> ldap.config.base.dn=dc=netceler,dc=com
> # LDAP bind config
> ldap.config.bind.dn=XXXXXXXXXXXXXXXXXXX,dc=netceler,dc=com
> ldap.config.password=XXXXXXXXXXX
> # LDAP user mapping : openldap use uid, redbak default is cn
> ldap.config.mapper.attribute.user.id=uid
> # uid of the ldap user that I use as the archiva administrator
> redback.default.admin=jgr
>
>
> Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> > I added something to support it in Redback, but not tested it.You can
> look
> > at the issue [1]
> >
> > Can you test it?
> >
> > [1] http://jira.codehaus.org/browse/REDBACK-215
> >
> > Emmanuel
> >
> > On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> > emmanuel.venisse@gmail.com> wrote:
> >
> > > It isn't there yet.
> > > If you really need it, maybe you can write a patch for Redback.
> > >
> > > Emmanuel
> > >
> > >
> > > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <
> jgraglia@netceler.com>wrote:
> > >
> > >> Hi,
> > >>
> > >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
> > >> want to switch to an ldap authentication (I'am bored of copying user
> > >> databases...)
> > >>
> > >> I'have found many threads about ldap and archiva :
> security.properties,
> > >> redback ldap config page (1)... but I have not found how to connect to
> a
> > >> ldaps directory?
> > >> I have defined the ldap.config.port (636) but i did not found how to
> > >> says to use ssl
> > >>
> > >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > >> > >
> > >> > > I'm not sure ldap docs on redback site are up-to-date
> > >> > >>
> > >> > >> Chris, do you use LDAP or LDAPS?
> > >> > >> LDAPS isn't supported for the moment
> > >> > >>
> > >> > >> Emmanuel
> > >> >
> > >> >
> > >> It seems to me that redback still can't handle SSL for ldap... Did I
> > >> have to wait for another archiva/redback release? or stick with my
> user
> > >> database (I don't want to store the users in a sql db, they are
> already
> > >> in ldap...)
> > >>
> > >> 1 : http://redback.codehaus.org/configuration.html and
> > >> http://redback.codehaus.org/integration/ldap.html
> > >>
> > >>
> > >> Thx,
> > >>
> > >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> > >> > I think you might be missing this property?
> > >> > user.manager.impl=ldap
> > >> >
> > >> > Thanks,
> > >> > Deng
> > >> >
> > >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> > >> > chris.brentano@jivesoftware.com> wrote:
> > >> >
> > >> > > Thanks everyone for your assistance!
> > >> > >
> > >> > > Just LDAP, no SSL at the moment.
> > >> > >
> > >> > > I configured my conf/security.properties file like so:
> > >> > >
> > >> > > ldap.user.store.enabled=true
> > >> > > ldap.bind.authenticator.enabled=true
> > >> > > ldap.config.hostname=dc02.jiveville.com
> > >> > > ldap.config.port=389
> > >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > >> > > ldap
> > >> > > .config
> > >> > > .bind
> > >> > >
> .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > >> > > ldap.config.password=********
> > >> > >
> > >> > > But cannot log in with any LDAP accounts. But I do have a couple
> > >> questions:
> > >> > >
> > >> > > - Is there any way to test that Archiva is able to successfully
> talk
> > >> to the
> > >> > > LDAP server?
> > >> > > - Are there any options above that I may be missing or which are
> > >> incorrect?
> > >> > > - When LDAP authentication is working, do all accounts that fall
> under
> > >> the
> > >> > > base dn OU have access? If so, what level?
> > >> > > - Do I need to do anything in User Administrator to grant specific
> > >> LDAP
> > >> > > accounts access privileges?
> > >> > >
> > >> > > Thanks again!
> > >> > >
> > >> > > - Chris
> > >> > >
> > >> > >
> > >> > >
> > >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > >> > >
> > >> > > I'm not sure ldap docs on redback site are up-to-date
> > >> > >>
> > >> > >> Chris, do you use LDAP or LDAPS?
> > >> > >> LDAPS isn't supported for the moment
> > >> > >>
> > >> > >> Emmanuel
> > >> > >>
> > >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <
> oching@apache.org>
> > >> > >> wrote:
> > >> > >>
> > >> > >> Hi Chris,
> > >> > >>>
> > >> > >>> You just need to put the LDAP config in your security.properties
> > >> file,
> > >> > >>> you
> > >> > >>> no longer need to edit the application.xml as specified here:
> > >> > >>> http://redback.codehaus.org/integration/ldap.html (just copy &
> > >> paste the
> > >> > >>> config specifed in the security.properties section)
> > >> > >>>
> > >> > >>> And you might also need to add the LDAP specific configuration
> > >> specified
> > >> > >>> in
> > >> > >>> the LDAP Settings section in this document:
> > >> > >>> http://redback.codehaus.org/configuration.html
> > >> > >>>
> > >> > >>> HTH,
> > >> > >>> Deng
> > >> > >>>
> > >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> > >> > >>> chris.brentano@jivesoftware.com> wrote:
> > >> > >>>
> > >> > >>> Hi all,
> > >> > >>>>
> > >> > >>>> I'd like to configure Archiva to do LDAP authentication to
> Active
> > >> > >>>> Directory. It appears that Redback has LDAP support, and I've
> seen
> > >> some
> > >> > >>>> various bits here and there about configuring the
> > >> security.properties or
> > >> > >>>> application.xml file to utilize LDAP, but I can't find a
> concise
> > >> guide.
> > >> > >>>>
> > >> > >>> Can
> > >> > >>>
> > >> > >>>> anyone provide some basic instructions and are there any
> gotchas I
> > >> > >>>> should
> > >> > >>>>
> > >> > >>> be
> > >> > >>>
> > >> > >>>> aware of? Thanks!
> > >> > >>>>
> > >> > >>>> - Chris
> > >> > >>>>
> > >> > >>>>
> > >> > >>>
> > >> > >
> > >> --
> > >> Julien Graglia
> > >> NetCeler
> > >>
> > >>
> > >
> --
> Julien Graglia - jgraglia@netceler.com
> NetCeler
> Les Peyrons 05400 Veynes
> Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
>
>
Re: 1.2.0 and ldap and SSL
Posted by Julien Graglia <jg...@netceler.com>.
I have installed redback 1.3-SNAPSHOT rev 823 in archiva and configure
ldap + ssl + user mapping (openldap user uid not cn attributes) and it
works
logs saying that the admin user exists, no need to create one :
09-03-27 09:06:41,238 [btpool0-4] INFO
org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
Searching for user: jgr
2009-03-27 09:06:41,240 [btpool0-4] INFO
org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController -
Searching for users with filter:
'(&(objectClass=inetOrgPerson)(uid=jgr))' from base dn:
dc=netceler,dc=com
2009-03-27 09:06:41,288 [btpool0-4] INFO
org.codehaus.plexus.redback.struts2.interceptor.ForceAdminUserInterceptor - Admin user found. No need to configure admin user.
But when in really log in archiva, i got an NPE :
java.lang.NullPointerException
at java.util.Calendar.setTime(Calendar.java:1075)
at org.codehaus.plexus.redback.struts2.interceptor.PolicyEnforcementInterceptor.intercept(PolicyEnforcementInterceptor.java:141)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
at org.codehaus.plexus.redback.struts2.interceptor.SecureActionInterceptor.intercept(SecureActionInterceptor.java:173)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTimerStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:221)
at com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor.intercept(ParameterFilterInterceptor.java:143)
I could send you logs (i have put redback in "trace" log4j debug level)
if you want..
PS : here is my ldap config :
#LDAP
user.manager.impl=ldap
ldap.user.store.enabled=true
ldap.bind.authenticator.enabled=true
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
# LDAP server config
ldap.config.hostname=scarab-server
ldap.config.port=636
ldap.config.ssl=true
ldap.config.base.dn=dc=netceler,dc=com
# LDAP bind config
ldap.config.bind.dn=XXXXXXXXXXXXXXXXXXX,dc=netceler,dc=com
ldap.config.password=XXXXXXXXXXX
# LDAP user mapping : openldap use uid, redbak default is cn
ldap.config.mapper.attribute.user.id=uid
# uid of the ldap user that I use as the archiva administrator
redback.default.admin=jgr
Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> I added something to support it in Redback, but not tested it.You can look
> at the issue [1]
>
> Can you test it?
>
> [1] http://jira.codehaus.org/browse/REDBACK-215
>
> Emmanuel
>
> On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> emmanuel.venisse@gmail.com> wrote:
>
> > It isn't there yet.
> > If you really need it, maybe you can write a patch for Redback.
> >
> > Emmanuel
> >
> >
> > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <jg...@netceler.com>wrote:
> >
> >> Hi,
> >>
> >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
> >> want to switch to an ldap authentication (I'am bored of copying user
> >> databases...)
> >>
> >> I'have found many threads about ldap and archiva : security.properties,
> >> redback ldap config page (1)... but I have not found how to connect to a
> >> ldaps directory?
> >> I have defined the ldap.config.port (636) but i did not found how to
> >> says to use ssl
> >>
> >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >> > >
> >> > > I'm not sure ldap docs on redback site are up-to-date
> >> > >>
> >> > >> Chris, do you use LDAP or LDAPS?
> >> > >> LDAPS isn't supported for the moment
> >> > >>
> >> > >> Emmanuel
> >> >
> >> >
> >> It seems to me that redback still can't handle SSL for ldap... Did I
> >> have to wait for another archiva/redback release? or stick with my user
> >> database (I don't want to store the users in a sql db, they are already
> >> in ldap...)
> >>
> >> 1 : http://redback.codehaus.org/configuration.html and
> >> http://redback.codehaus.org/integration/ldap.html
> >>
> >>
> >> Thx,
> >>
> >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> >> > I think you might be missing this property?
> >> > user.manager.impl=ldap
> >> >
> >> > Thanks,
> >> > Deng
> >> >
> >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> >> > chris.brentano@jivesoftware.com> wrote:
> >> >
> >> > > Thanks everyone for your assistance!
> >> > >
> >> > > Just LDAP, no SSL at the moment.
> >> > >
> >> > > I configured my conf/security.properties file like so:
> >> > >
> >> > > ldap.user.store.enabled=true
> >> > > ldap.bind.authenticator.enabled=true
> >> > > ldap.config.hostname=dc02.jiveville.com
> >> > > ldap.config.port=389
> >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> >> > > ldap
> >> > > .config
> >> > > .bind
> >> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> >> > > ldap.config.password=********
> >> > >
> >> > > But cannot log in with any LDAP accounts. But I do have a couple
> >> questions:
> >> > >
> >> > > - Is there any way to test that Archiva is able to successfully talk
> >> to the
> >> > > LDAP server?
> >> > > - Are there any options above that I may be missing or which are
> >> incorrect?
> >> > > - When LDAP authentication is working, do all accounts that fall under
> >> the
> >> > > base dn OU have access? If so, what level?
> >> > > - Do I need to do anything in User Administrator to grant specific
> >> LDAP
> >> > > accounts access privileges?
> >> > >
> >> > > Thanks again!
> >> > >
> >> > > - Chris
> >> > >
> >> > >
> >> > >
> >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >> > >
> >> > > I'm not sure ldap docs on redback site are up-to-date
> >> > >>
> >> > >> Chris, do you use LDAP or LDAPS?
> >> > >> LDAPS isn't supported for the moment
> >> > >>
> >> > >> Emmanuel
> >> > >>
> >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <oc...@apache.org>
> >> > >> wrote:
> >> > >>
> >> > >> Hi Chris,
> >> > >>>
> >> > >>> You just need to put the LDAP config in your security.properties
> >> file,
> >> > >>> you
> >> > >>> no longer need to edit the application.xml as specified here:
> >> > >>> http://redback.codehaus.org/integration/ldap.html (just copy &
> >> paste the
> >> > >>> config specifed in the security.properties section)
> >> > >>>
> >> > >>> And you might also need to add the LDAP specific configuration
> >> specified
> >> > >>> in
> >> > >>> the LDAP Settings section in this document:
> >> > >>> http://redback.codehaus.org/configuration.html
> >> > >>>
> >> > >>> HTH,
> >> > >>> Deng
> >> > >>>
> >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> >> > >>> chris.brentano@jivesoftware.com> wrote:
> >> > >>>
> >> > >>> Hi all,
> >> > >>>>
> >> > >>>> I'd like to configure Archiva to do LDAP authentication to Active
> >> > >>>> Directory. It appears that Redback has LDAP support, and I've seen
> >> some
> >> > >>>> various bits here and there about configuring the
> >> security.properties or
> >> > >>>> application.xml file to utilize LDAP, but I can't find a concise
> >> guide.
> >> > >>>>
> >> > >>> Can
> >> > >>>
> >> > >>>> anyone provide some basic instructions and are there any gotchas I
> >> > >>>> should
> >> > >>>>
> >> > >>> be
> >> > >>>
> >> > >>>> aware of? Thanks!
> >> > >>>>
> >> > >>>> - Chris
> >> > >>>>
> >> > >>>>
> >> > >>>
> >> > >
> >> --
> >> Julien Graglia
> >> NetCeler
> >>
> >>
> >
--
Julien Graglia - jgraglia@netceler.com
NetCeler
Les Peyrons 05400 Veynes
Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
Re: 1.2.0 and ldap and SSL
Posted by Julien Graglia <jg...@netceler.com>.
redback 1.3-SNAPSHOT is ok for ldap and ssl !! great!!
See redback jira isssue 215
co redback
mvn install
then copy redback jars in ${archiva.home}/apps/archiva/WEB-INF/lib
only redback jars already in v 1.2 !!
Here is my ldap config in security.properties
user.manager.impl=ldap
ldap.user.store.enabled=true
ldap.bind.authenticator.enabled=true
ldap.config.hostname=xxxxxxx
ldap.config.port=636
ldap.config.ssl=true
ldap.config.base.dn=dc=netceler,dc=com
ldap.config.bind.dn=xxxxxxxxxxxxxxxxx,dc=netceler,dc=com
ldap.config.password=xxxxxxxxxxxxxx
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
#OpenLdap use uid,not cn attribute
ldap.config.mapper.attribute.user.id=uid
# NPE occur because Ldapuser don't have an pwd expiration date (null)
# and archiva want to display that date.. so disabling that
# functionnnality.No need for that in archiva, I already handle
# expiration date in ldap server
security.policy.password.expiration.enabled=false
Thx Emmanuel!
Le jeudi 26 mars 2009 à 18:23 +0100, Emmanuel Venisse a écrit :
> I added something to support it in Redback, but not tested it.You can look
> at the issue [1]
>
> Can you test it?
>
> [1] http://jira.codehaus.org/browse/REDBACK-215
>
> Emmanuel
>
> On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
> emmanuel.venisse@gmail.com> wrote:
>
> > It isn't there yet.
> > If you really need it, maybe you can write a patch for Redback.
> >
> > Emmanuel
> >
> >
> > On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <jg...@netceler.com>wrote:
> >
> >> Hi,
> >>
> >> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
> >> want to switch to an ldap authentication (I'am bored of copying user
> >> databases...)
> >>
> >> I'have found many threads about ldap and archiva : security.properties,
> >> redback ldap config page (1)... but I have not found how to connect to a
> >> ldaps directory?
> >> I have defined the ldap.config.port (636) but i did not found how to
> >> says to use ssl
> >>
> >> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >> > >
> >> > > I'm not sure ldap docs on redback site are up-to-date
> >> > >>
> >> > >> Chris, do you use LDAP or LDAPS?
> >> > >> LDAPS isn't supported for the moment
> >> > >>
> >> > >> Emmanuel
> >> >
> >> >
> >> It seems to me that redback still can't handle SSL for ldap... Did I
> >> have to wait for another archiva/redback release? or stick with my user
> >> database (I don't want to store the users in a sql db, they are already
> >> in ldap...)
> >>
> >> 1 : http://redback.codehaus.org/configuration.html and
> >> http://redback.codehaus.org/integration/ldap.html
> >>
> >>
> >> Thx,
> >>
> >> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> >> > I think you might be missing this property?
> >> > user.manager.impl=ldap
> >> >
> >> > Thanks,
> >> > Deng
> >> >
> >> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> >> > chris.brentano@jivesoftware.com> wrote:
> >> >
> >> > > Thanks everyone for your assistance!
> >> > >
> >> > > Just LDAP, no SSL at the moment.
> >> > >
> >> > > I configured my conf/security.properties file like so:
> >> > >
> >> > > ldap.user.store.enabled=true
> >> > > ldap.bind.authenticator.enabled=true
> >> > > ldap.config.hostname=dc02.jiveville.com
> >> > > ldap.config.port=389
> >> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> >> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> >> > > ldap
> >> > > .config
> >> > > .bind
> >> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> >> > > ldap.config.password=********
> >> > >
> >> > > But cannot log in with any LDAP accounts. But I do have a couple
> >> questions:
> >> > >
> >> > > - Is there any way to test that Archiva is able to successfully talk
> >> to the
> >> > > LDAP server?
> >> > > - Are there any options above that I may be missing or which are
> >> incorrect?
> >> > > - When LDAP authentication is working, do all accounts that fall under
> >> the
> >> > > base dn OU have access? If so, what level?
> >> > > - Do I need to do anything in User Administrator to grant specific
> >> LDAP
> >> > > accounts access privileges?
> >> > >
> >> > > Thanks again!
> >> > >
> >> > > - Chris
> >> > >
> >> > >
> >> > >
> >> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> >> > >
> >> > > I'm not sure ldap docs on redback site are up-to-date
> >> > >>
> >> > >> Chris, do you use LDAP or LDAPS?
> >> > >> LDAPS isn't supported for the moment
> >> > >>
> >> > >> Emmanuel
> >> > >>
> >> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <oc...@apache.org>
> >> > >> wrote:
> >> > >>
> >> > >> Hi Chris,
> >> > >>>
> >> > >>> You just need to put the LDAP config in your security.properties
> >> file,
> >> > >>> you
> >> > >>> no longer need to edit the application.xml as specified here:
> >> > >>> http://redback.codehaus.org/integration/ldap.html (just copy &
> >> paste the
> >> > >>> config specifed in the security.properties section)
> >> > >>>
> >> > >>> And you might also need to add the LDAP specific configuration
> >> specified
> >> > >>> in
> >> > >>> the LDAP Settings section in this document:
> >> > >>> http://redback.codehaus.org/configuration.html
> >> > >>>
> >> > >>> HTH,
> >> > >>> Deng
> >> > >>>
> >> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> >> > >>> chris.brentano@jivesoftware.com> wrote:
> >> > >>>
> >> > >>> Hi all,
> >> > >>>>
> >> > >>>> I'd like to configure Archiva to do LDAP authentication to Active
> >> > >>>> Directory. It appears that Redback has LDAP support, and I've seen
> >> some
> >> > >>>> various bits here and there about configuring the
> >> security.properties or
> >> > >>>> application.xml file to utilize LDAP, but I can't find a concise
> >> guide.
> >> > >>>>
> >> > >>> Can
> >> > >>>
> >> > >>>> anyone provide some basic instructions and are there any gotchas I
> >> > >>>> should
> >> > >>>>
> >> > >>> be
> >> > >>>
> >> > >>>> aware of? Thanks!
> >> > >>>>
> >> > >>>> - Chris
> >> > >>>>
> >> > >>>>
> >> > >>>
> >> > >
> >> --
> >> Julien Graglia
> >> NetCeler
> >>
> >>
> >
--
Julien Graglia - jgraglia@netceler.com
NetCeler
Les Peyrons 05400 Veynes
Tel : +33 4 92 57 12 12 Fax : +33 4 92 57 12 62
Re: 1.2.0 and ldap and SSL
Posted by Emmanuel Venisse <em...@gmail.com>.
I added something to support it in Redback, but not tested it.You can look
at the issue [1]
Can you test it?
[1] http://jira.codehaus.org/browse/REDBACK-215
Emmanuel
On Thu, Mar 26, 2009 at 4:26 PM, Emmanuel Venisse <
emmanuel.venisse@gmail.com> wrote:
> It isn't there yet.
> If you really need it, maybe you can write a patch for Redback.
>
> Emmanuel
>
>
> On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <jg...@netceler.com>wrote:
>
>> Hi,
>>
>> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
>> want to switch to an ldap authentication (I'am bored of copying user
>> databases...)
>>
>> I'have found many threads about ldap and archiva : security.properties,
>> redback ldap config page (1)... but I have not found how to connect to a
>> ldaps directory?
>> I have defined the ldap.config.port (636) but i did not found how to
>> says to use ssl
>>
>> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
>> > >
>> > > I'm not sure ldap docs on redback site are up-to-date
>> > >>
>> > >> Chris, do you use LDAP or LDAPS?
>> > >> LDAPS isn't supported for the moment
>> > >>
>> > >> Emmanuel
>> >
>> >
>> It seems to me that redback still can't handle SSL for ldap... Did I
>> have to wait for another archiva/redback release? or stick with my user
>> database (I don't want to store the users in a sql db, they are already
>> in ldap...)
>>
>> 1 : http://redback.codehaus.org/configuration.html and
>> http://redback.codehaus.org/integration/ldap.html
>>
>>
>> Thx,
>>
>> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
>> > I think you might be missing this property?
>> > user.manager.impl=ldap
>> >
>> > Thanks,
>> > Deng
>> >
>> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
>> > chris.brentano@jivesoftware.com> wrote:
>> >
>> > > Thanks everyone for your assistance!
>> > >
>> > > Just LDAP, no SSL at the moment.
>> > >
>> > > I configured my conf/security.properties file like so:
>> > >
>> > > ldap.user.store.enabled=true
>> > > ldap.bind.authenticator.enabled=true
>> > > ldap.config.hostname=dc02.jiveville.com
>> > > ldap.config.port=389
>> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
>> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> > > ldap
>> > > .config
>> > > .bind
>> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
>> > > ldap.config.password=********
>> > >
>> > > But cannot log in with any LDAP accounts. But I do have a couple
>> questions:
>> > >
>> > > - Is there any way to test that Archiva is able to successfully talk
>> to the
>> > > LDAP server?
>> > > - Are there any options above that I may be missing or which are
>> incorrect?
>> > > - When LDAP authentication is working, do all accounts that fall under
>> the
>> > > base dn OU have access? If so, what level?
>> > > - Do I need to do anything in User Administrator to grant specific
>> LDAP
>> > > accounts access privileges?
>> > >
>> > > Thanks again!
>> > >
>> > > - Chris
>> > >
>> > >
>> > >
>> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
>> > >
>> > > I'm not sure ldap docs on redback site are up-to-date
>> > >>
>> > >> Chris, do you use LDAP or LDAPS?
>> > >> LDAPS isn't supported for the moment
>> > >>
>> > >> Emmanuel
>> > >>
>> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <oc...@apache.org>
>> > >> wrote:
>> > >>
>> > >> Hi Chris,
>> > >>>
>> > >>> You just need to put the LDAP config in your security.properties
>> file,
>> > >>> you
>> > >>> no longer need to edit the application.xml as specified here:
>> > >>> http://redback.codehaus.org/integration/ldap.html (just copy &
>> paste the
>> > >>> config specifed in the security.properties section)
>> > >>>
>> > >>> And you might also need to add the LDAP specific configuration
>> specified
>> > >>> in
>> > >>> the LDAP Settings section in this document:
>> > >>> http://redback.codehaus.org/configuration.html
>> > >>>
>> > >>> HTH,
>> > >>> Deng
>> > >>>
>> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
>> > >>> chris.brentano@jivesoftware.com> wrote:
>> > >>>
>> > >>> Hi all,
>> > >>>>
>> > >>>> I'd like to configure Archiva to do LDAP authentication to Active
>> > >>>> Directory. It appears that Redback has LDAP support, and I've seen
>> some
>> > >>>> various bits here and there about configuring the
>> security.properties or
>> > >>>> application.xml file to utilize LDAP, but I can't find a concise
>> guide.
>> > >>>>
>> > >>> Can
>> > >>>
>> > >>>> anyone provide some basic instructions and are there any gotchas I
>> > >>>> should
>> > >>>>
>> > >>> be
>> > >>>
>> > >>>> aware of? Thanks!
>> > >>>>
>> > >>>> - Chris
>> > >>>>
>> > >>>>
>> > >>>
>> > >
>> --
>> Julien Graglia
>> NetCeler
>>
>>
>
Re: 1.2.0 and ldap and SSL
Posted by Emmanuel Venisse <em...@gmail.com>.
It isn't there yet.
If you really need it, maybe you can write a patch for Redback.
Emmanuel
On Thu, Mar 26, 2009 at 12:46 PM, Julien Graglia <jg...@netceler.com>wrote:
> Hi,
>
> I am currently migrating from archiva 1.1.3 to archiva 1.2.0... and I
> want to switch to an ldap authentication (I'am bored of copying user
> databases...)
>
> I'have found many threads about ldap and archiva : security.properties,
> redback ldap config page (1)... but I have not found how to connect to a
> ldaps directory?
> I have defined the ldap.config.port (636) but i did not found how to
> says to use ssl
>
> > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > >
> > > I'm not sure ldap docs on redback site are up-to-date
> > >>
> > >> Chris, do you use LDAP or LDAPS?
> > >> LDAPS isn't supported for the moment
> > >>
> > >> Emmanuel
> >
> >
> It seems to me that redback still can't handle SSL for ldap... Did I
> have to wait for another archiva/redback release? or stick with my user
> database (I don't want to store the users in a sql db, they are already
> in ldap...)
>
> 1 : http://redback.codehaus.org/configuration.html and
> http://redback.codehaus.org/integration/ldap.html
>
>
> Thx,
>
> Le mercredi 06 août 2008 à 11:14 +0800, Maria Odea Ching a écrit :
> > I think you might be missing this property?
> > user.manager.impl=ldap
> >
> > Thanks,
> > Deng
> >
> > On Wed, Aug 6, 2008 at 2:38 AM, Chris Brentano <
> > chris.brentano@jivesoftware.com> wrote:
> >
> > > Thanks everyone for your assistance!
> > >
> > > Just LDAP, no SSL at the moment.
> > >
> > > I configured my conf/security.properties file like so:
> > >
> > > ldap.user.store.enabled=true
> > > ldap.bind.authenticator.enabled=true
> > > ldap.config.hostname=dc02.jiveville.com
> > > ldap.config.port=389
> > > ldap.config.base.dn=ou=JiveUsers,ou=jiveville,ou=com
> > > ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> > > ldap
> > > .config
> > > .bind
> > > .dn=cn=ldapUser,ou=ResourceAccounts,ou=JiveUsers,ou=jiveville,ou=com
> > > ldap.config.password=********
> > >
> > > But cannot log in with any LDAP accounts. But I do have a couple
> questions:
> > >
> > > - Is there any way to test that Archiva is able to successfully talk to
> the
> > > LDAP server?
> > > - Are there any options above that I may be missing or which are
> incorrect?
> > > - When LDAP authentication is working, do all accounts that fall under
> the
> > > base dn OU have access? If so, what level?
> > > - Do I need to do anything in User Administrator to grant specific LDAP
> > > accounts access privileges?
> > >
> > > Thanks again!
> > >
> > > - Chris
> > >
> > >
> > >
> > > On 5 Aug, 2008, at 8:38 AM, Emmanuel Venisse wrote:
> > >
> > > I'm not sure ldap docs on redback site are up-to-date
> > >>
> > >> Chris, do you use LDAP or LDAPS?
> > >> LDAPS isn't supported for the moment
> > >>
> > >> Emmanuel
> > >>
> > >> On Tue, Aug 5, 2008 at 5:08 AM, Maria Odea Ching <oc...@apache.org>
> > >> wrote:
> > >>
> > >> Hi Chris,
> > >>>
> > >>> You just need to put the LDAP config in your security.properties
> file,
> > >>> you
> > >>> no longer need to edit the application.xml as specified here:
> > >>> http://redback.codehaus.org/integration/ldap.html (just copy & paste
> the
> > >>> config specifed in the security.properties section)
> > >>>
> > >>> And you might also need to add the LDAP specific configuration
> specified
> > >>> in
> > >>> the LDAP Settings section in this document:
> > >>> http://redback.codehaus.org/configuration.html
> > >>>
> > >>> HTH,
> > >>> Deng
> > >>>
> > >>> On Tue, Aug 5, 2008 at 8:16 AM, Chris Brentano <
> > >>> chris.brentano@jivesoftware.com> wrote:
> > >>>
> > >>> Hi all,
> > >>>>
> > >>>> I'd like to configure Archiva to do LDAP authentication to Active
> > >>>> Directory. It appears that Redback has LDAP support, and I've seen
> some
> > >>>> various bits here and there about configuring the
> security.properties or
> > >>>> application.xml file to utilize LDAP, but I can't find a concise
> guide.
> > >>>>
> > >>> Can
> > >>>
> > >>>> anyone provide some basic instructions and are there any gotchas I
> > >>>> should
> > >>>>
> > >>> be
> > >>>
> > >>>> aware of? Thanks!
> > >>>>
> > >>>> - Chris
> > >>>>
> > >>>>
> > >>>
> > >
> --
> Julien Graglia
> NetCeler
>
>