User Authentication via LDAP

Dear all,
I am trying to set up Archiva on JbOss 4.0.5 with LDAP.

is it possible to configure the ldap authenticate service to tsl in the
application.xml or security.properties?

do you have a documentation on it?
is it supported by Archiva 1.2.1?

thanks you

Francois
--
--
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@... <mailto:flefevre@...>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Salut François,

In my company we have Archiva authenticating against our corporate LDAP (Active Directory).

What is tsl?

You have to edit security.properties and application.xml.

Please read http://redback.codehaus.org/integration/ldap.html

Regards,

Julien




________________________________
De : Francois Le Fevre <flefevre@...>
À : users@...
Envoyé le : Vendredi, 28 Août 2009, 17h30mn 22s
Objet : User Authentication via LDAP

Dear all,
I am trying to set up Archiva on JbOss 4.0.5 with LDAP.

is it possible to configure the ldap authenticate service to tsl in the application.xml or security.properties?

do you have a documentation on it?
is it supported by Archiva 1.2.1?

thanks you

Francois
-- -- *Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@... <mailto:flefevre@...>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Julien,

my question is relative to the parameter found in
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=

what are we suppose to put here ?
there is no documentation about it.


My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !

TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .

It is mandatory to use LDAP/TLS in my company.

Perhaps I miss understand someting, do I need still a mysql user
database ( I have configured JBoss to used a mysql database for the
archiva data and user)?

Thanks again for your help.

Francois




--
--
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@... <mailto:flefevre@...>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France

Hi François,

Archiva/Redback will use LDAP for authentication only. Roles will still be managed internally so you still need a user database (either the embedded or an external one).

I don't know if there is a special configuration for TLS. Perhaps adding
ldap.config.ssl=true
to security.properties will works?

Concerning
ldap.config.authentication.method
it will be used to set Context.SECURITY_AUTHENTICATION attribute of LDAP connection.
See:
http://java.sun.com/products/jndi/tutorial/ldap/security/auth.html
for possible values.

After looking at my own configuration, it seems that I have forgotten to uncomment lines in application.xml during last upgrade of Archiva and it is still working. So I think you simply have to edit $ARCHIVA_BASE/conf/security.properties and add the values. For example here is my configuration:

user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=jhenry
redback.default.guest=guest
security.policy.password.expiration.enabled=false

ldap.config.hostname=xxxxxxxxxxxxxxxxxx
ldap.config.port=389
ldap.config.base.dn=xxxxxxxxxxxx
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
#ldap.config.bind.dn=uid=myusername,o=com
#ldap.config.password=s3cr3t

ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=displayName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=cn
ldap.config.mapper.attribute.user.base.dn=xxxxxxxxxxxxxxxxxxxxxxxxx
ldap.config.mapper.attribute.user.object.class=user
ldap.config.max.result.count=1000
#ldap.config.mapper.attribute.user.filter=(attributeName=value)


Regards,

Julien




________________________________
De : Francois Le Fevre <flefevre@...>
À : Julien HENRY <henryju@...>
Cc : users@...
Envoyé le : Lundi, 31 Août 2009, 9h01mn 29s
Objet : Re: Re : User Authentication via LDAP

Julien,

my question is relative to the parameter found in
./archiva.war/WEB-INF/classes/META-INF/plexus/application.xml
#ldap.config.authentication.method=

what are we suppose to put here ?
there is no documentation about it.


My secund question is : how LDAP is used by archiva?
I was able to create the admin without ldap, then i comment out the ldap
configuration, I have access to all users of my company.
But I am not able to log in with an LDAP account !

TLS 1.1 = Transport Layer Security
This is the configuration for a securiez LDAP .

It is mandatory to use LDAP/TLS in my company.

Perhaps I miss understand someting, do I need still a mysql user
database ( I have configured JBoss to used a mysql database for the
archiva data and user)?

Thanks again for your help.

Francois




--
--
*Francois LE FEVRE*
Ingenieur / Chercheur
Email: flefevre@... <mailto:flefevre@...>
Tel: 33 (0)1 60 87 45 83


*Laboratoire de bioinformatique des reseaux
CEA / DSV / FAR / IG / Genoscope / LBIR
(French Atomic Energy Commission)
*
Website: http://www.genoscope.cns.fr/bioinfo/
Mail: 2 rue Gaston Cremieux, 91057 Evry, France