Hello,
Sorry for my late response. (vacation followed by other priorities at work)
After we finaly went back to configuring the archiva instance, it no longer
started.
We re-did the configuration.
Currently we have a setup as follows:
* UserManager(s) chosen
* LDAP User Manager
* Database User Manager
* RbacManager(s) chosen
* LDAP RBac Manager
* Database RBac Manager
As additional configuration we changed the property "redback.default.guest" to
"archivaguest" instead of "guest"
After this change, we no longer have the problem of the guest user being
updated.
We assume the problem was caused because our LDAP had a user named "guest"
which caused it to overwrite the config we had for the guestuser.
We were able to assign roles to LDAP groups.
There are still a few minor issues that we have:
* when starting the application when not logged on: "Unable to find principal
archivaguest"
This is probably caused because we changed the redback.default.guest
property.
Is there a configuration we can do to prevent this message.
* when trying to find a user, it only loads exactly 1000 users from our LDAP
system. When the user is not among those 1000, you can't go to the user to
check the effective roles of the user. Is this a hard maximum or is this a
setting that can be changed? (applying the LDAP group to a user not in this
list still works)
Regards,
Stefaan Dutry
-----Oorspronkelijk bericht-----
Van: Martin [mailto:marti...@apache.org]
Verzonden: maandag 28 augustus 2017 21:42
Aan: users@archiva.apache.org
Onderwerp: Re: Need help configuring Archiva LDAP configuration with anonymous
snapshot deploy
Hi,
it would be helpful, if you could provide some logs.
The removal of the roles from the guest user seems a bit strange. You are
running a single instance only, not in a clustered environment?
By the way, the CSRF prevention that has been introduced with version 2.2.3 can
be deactivated, if you think the security risk is acceptable. Please look at
the release notes.
Greetings
Martin
Am Dienstag, 22. August 2017, 11:50:48 CEST schrieb Stefaan Dutry:
> In our current setup we only use the LDAP configuration to
> authenticate and not for authorisation.
>
> We would like to switch to using LDAP group membership to configure
> group membership.
>
> Reasons:
> -) Archiva is not able to find all LDAP users in the Users -> Manage
> section.
> -) The dirty workaround we used to configure user - role management
> for those we couldn't find, no longer works with version 2.2.3
> (abusing the REST-API)
>
> What we managed to do so far:
> -) We managed to connect to LDAP successfully
> -) We managed to set up the groups in LDAP and configure the
> LDAP/Roles Mappings
> -) We switched to only LDAP User Manager and only LDAP RBac Manager
> (Users -> Users Runtime Configuration)
>
> Problems we are having:
> -) We are no longer able to upload an artifact to the snapshot
> repository. We need this because we are using jenkins to start builds
> and create snapshots automatically
> -) We tried adding the roles to the Guest user, but they seem to be
> automatically removed after a certain amount of time (15 min or so)
> -) Archiva tends to log me out randomly, even when i'm active.
>
> Version: 2.2.3
>
> Can someone help me find what settings are incorrect.
>
>
