Thx for your response. > You can try to keep the default guest user as 'guest' and change the filter > for the ldap query to exclude the > guest user. But I'm not sure, if this works. I think we'll just stay with the configuration and ignore the message for the time being.
> Regarding the 1000 results: > Do you have Active Directory as LDAP server running? As I know AD has a > server limit for the returned results > per query ... Yes, our company uses Active Directory as the LDAP query. > So sorry, that I cannot provide more useful help Your help was useful enough for our needs. > Feel free to create a JIRA ticket for both (or a pull request). I'll consider it. I'd like to investigate further into the cause of them before making a JIRA issue (and afterwards maybe a pull request). Unfortunately i've not yet been able to decipher how the archiva application works exactly, let alone create a possible fix/workaround. Regards, Stefaan Dutry 2017-11-01 16:31 GMT+01:00 Martin <marti...@apache.org>: > Hi Stefaan, > > the cause seems to be plausible. That could explain, why the user was updated. > Regarding your questions, unfortunately I think I cannot provide a proper > solution: > > I know that there are certain parts in the code that use "guest" for the name > of the guest user and as I > know it cannot be fixed in a few lines of code. > You can try to keep the default guest user as 'guest' and change the filter > for the ldap query to exclude the > guest user. But I'm not sure, if this works. > > Regarding the 1000 results: > Do you have Active Directory as LDAP server running? As I know AD has a > server limit for the returned results > per query. The only workaround on the client would be to use paged ldap > queries. But currently paged queries are not implemented > by archiva, so there is no configuration entry to increase the result size. > > So sorry, that I cannot provide more useful help. Feel free to create a JIRA > ticket for both (or a pull request). > > Greetings > > Martin > > > Am Dienstag, 31. Oktober 2017, 09:19:13 CET schrieb stefaan.du...@roularta.be: >> Hello, >> >> Sorry for my late response. (vacation followed by other priorities at work) >> After we finaly went back to configuring the archiva instance, it no longer >> started. >> >> We re-did the configuration. >> Currently we have a setup as follows: >> * UserManager(s) chosen >> * LDAP User Manager >> * Database User Manager >> * RbacManager(s) chosen >> * LDAP RBac Manager >> * Database RBac Manager >> >> As additional configuration we changed the property "redback.default.guest" >> to "archivaguest" instead of "guest" >> After this change, we no longer have the problem of the guest user being >> updated. >> We assume the problem was caused because our LDAP had a user named "guest" >> which caused it to overwrite the config we had for the guestuser. >> >> We were able to assign roles to LDAP groups. >> >> There are still a few minor issues that we have: >> >> * when starting the application when not logged on: "Unable to find >> principal archivaguest" >> This is probably caused because we changed the redback.default.guest >> property. >> Is there a configuration we can do to prevent this message. >> >> * when trying to find a user, it only loads exactly 1000 users from our LDAP >> system. When the user is not among those 1000, you can't go to the user to >> check the effective roles of the user. Is this a hard maximum or is this a >> setting that can be changed? (applying the LDAP group to a user not in this >> list still works) >> >> Regards, >> Stefaan Dutry >> >> -----Oorspronkelijk bericht----- >> Van: Martin [mailto:marti...@apache.org] >> Verzonden: maandag 28 augustus 2017 21:42 >> Aan: users@archiva.apache.org >> Onderwerp: Re: Need help configuring Archiva LDAP configuration with >> anonymous snapshot deploy >> >> Hi, >> >> it would be helpful, if you could provide some logs. >> The removal of the roles from the guest user seems a bit strange. You are >> running a single instance only, not in a clustered environment? >> >> By the way, the CSRF prevention that has been introduced with version 2.2.3 >> can be deactivated, if you think the security risk is acceptable. Please >> look at the release notes. >> >> Greetings >> >> Martin >> >> Am Dienstag, 22. August 2017, 11:50:48 CEST schrieb Stefaan Dutry: >> > In our current setup we only use the LDAP configuration to >> > authenticate and not for authorisation. >> > >> > We would like to switch to using LDAP group membership to configure >> > group membership. >> > >> > Reasons: >> > -) Archiva is not able to find all LDAP users in the Users -> Manage >> > section. >> > -) The dirty workaround we used to configure user - role management >> > for those we couldn't find, no longer works with version 2.2.3 >> > (abusing the REST-API) >> > >> > What we managed to do so far: >> > -) We managed to connect to LDAP successfully >> > -) We managed to set up the groups in LDAP and configure the >> > LDAP/Roles Mappings >> > -) We switched to only LDAP User Manager and only LDAP RBac Manager >> > (Users -> Users Runtime Configuration) >> > >> > Problems we are having: >> > -) We are no longer able to upload an artifact to the snapshot >> > repository. We need this because we are using jenkins to start builds >> > and create snapshots automatically >> > -) We tried adding the roles to the Guest user, but they seem to be >> > automatically removed after a certain amount of time (15 min or so) >> > -) Archiva tends to log me out randomly, even when i'm active. >> > >> > Version: 2.2.3 >> > >> > Can someone help me find what settings are incorrect. >> > >> > >> >> >> > >
