At present, there is no connection between LDAP groups and roles in either Archiva or Continuum - they still need to be allocated per user from the UI.
- Brett On 28/07/2011, at 10:20 PM, "Pedro M. Leite \"" <[email protected]> <[email protected]> wrote: > I resolved my problem, now only to improve .. have some form so let users > log in the group that are XXX? > > Another question is whether it has to take that option to change the > password when I enter the first time with the user. > > > > ?????? > > > > 2011/7/27 Pedro M. Leite " <[email protected]> > >> I just discovered what it was .... >> >> By default, the Archive has the line: >> ldap.config.mapper.attribute.user.object.class=inetOrgPerson >> >> Changed to: >> ldap.config.mapper.attribute.user.object.class=simpleSecurityObject >> >> And he proceeded to get UID's. >> >> I resolved my problem, now only to improve .. have some form so let users >> log in the group that are XXX? >> >> Another question is whether it has to take that option to change the >> password when I enter the first time with the user. >> >> >> >> Tks. >> >> -- >> Pedro Macedo Leite" >> 2011/7/27 Pedro M. Leite " <[email protected]> >> >> Of course, >>> >>> In application.xml am using the default unchanged. In login.properties >>> esotu using the following lines: >>> >>> >>> >>> user.manager.impl=ldap >>> ldap.bind.authenticator.enabled=true >>> redback.default.admin=pedro >>> >>> security.policy.password.expiration.enabled=false >>> ldap.config.hostname=IP_Server >>> ldap.config.port=389 >>> ldap.config.base.dn=dc=domain,dc=domain,dc=domain >>> >>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory >>> ldap.config.bind.dn=cn=admin,dc=domain,dc=domain,dc=domain >>> ldap.config.password=xxxxxxxxx >>> ldap.config.mapper.attribute.email=mail >>> ldap.config.mapper.attribute.fullname=givenName >>> ldap.config.mapper.attribute.password=userPassword >>> ldap.config.mapper.attribute.user.id=uid >>> >>> >>> And only with these settings, I can authenticate, since the LDAP user is >>> created >>> as the "User Account", if I create only profile "Simple Object Security", it >>> does not work. >>> The User Account is a more complete description of the user. Within the >>> security.properties get the attribute from the user via "userid" and it >>> works. >>> The Simple Object Security is a registry that includes only user name and >>> password (my current environment used in other systems). I try to get UID >>> via the attribute and I can not. Archive tells the user not found, and >>> there fall into the same problem of creating the admin. >>> >>> Excuse my English, but I'm not native. >>> >>> >>> -- >>> Pedro Macedo Leite" >>> >>> >>> >>> >>> >>> 2011/7/26 Brent Atkinson <[email protected]> >>> >>>> Pedro, >>>> >>>> I am curious, what instructions were you using to configure ldap? >>>> >>>> Brent >>>> >>>> On Tue, Jul 26, 2011 at 3:58 PM, Brent Atkinson <[email protected] >>>>> wrote: >>>> >>>>> Pedro, >>>>> >>>>> Because you are being asked to create the admin user, it suggests that >>>>> there is something wrong with your configuration. Could you give >>>> specifics >>>>> on what you have done to configure ldap? Just be careful not to send >>>> any >>>>> login credentials. >>>>> >>>>> What would be helpful: >>>>> >>>>> * settings.properties >>>>> * application.xml >>>>> >>>>> Brent >>>>> >>>>> >>>>> On Tue, Jul 26, 2011 at 3:40 PM, Pedro M. Leite " < >>>> [email protected]>wrote: >>>>> >>>>>> thanks >>>>>> >>>>>> However it is my ldap openldap. After I sent the email, I got to work >>>> only >>>>>> with the configuration by security.properties. >>>>>> So that is not good, is giving many errors. >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Pedro Macedo Leite" >>>>>> >>>>>> 2011/7/26 Louis Smith <[email protected]> >>>>>> >>>>>>> It is easy, but detailed.... it does work, I have it in several >>>>>>> installations of my own and in client sites for heavy production >>>> usage. >>>>>>> >>>>>>> >>>>>>> In the security.properties file, you must specify the >>>>>> redback.default.admin >>>>>>> - it MUST be an EXISTING account in the LDAP. >>>>>>> >>>>>>> It must be found at the config.base >>>>>>> >>>>>>> All fields MUST be mapped to the correct LDAP entries. >>>>>>> >>>>>>> The security.properties and the application.xml have to match >>>> perfectly >>>>>> in >>>>>>> the definitions... >>>>>>> >>>>>>> This is the security.properties file from my notebook: >>>>>>> >>>>>>> user.manager.impl=ldap >>>>>>> ldap.bind.authenticator.enabled=true >>>>>>> ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory >>>>>>> >>>>>>> # >>>>>>> # BinaryStar LDAP (my dual core notebook) >>>>>>> # >>>>>>> >>>>>>> ldap.config.hostname=localhost >>>>>>> ldap.config.base.dn=ou=External Users,ou=users,dc=locahost,dc=com >>>>>>> ldap.config.port=389 >>>>>>> ldap.config.mapper.attribute.user.id=orclSAMAccountName >>>>>>> ldap.config.mapper.attribute.user.email=orclSAMAccountName >>>>>>> ldap.config.mapper.attribute.user.fullname=givenName >>>>>>> ldap.config.mapper.attribute.user.password=userPassword >>>>>>> [email protected] >>>>>>> redback.default.guest=guest >>>>>>> security.policy.password.expiration.enabled=false >>>>>>> >>>>>>> and this is from the application.xml: >>>>>>> >>>>>>> >>>>>>> <component> >>>>>>> <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role> >>>>>>> <role-hint>ldap</role-hint> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>> <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation> >>>>>>> <configuration> >>>>>>> <email-attribute>orclSAMAccountName</email-attribute> >>>>>>> <full-name-attribute>givenName</full-name-attribute> >>>>>>> <password-attribute>userPassword</password-attribute> >>>>>>> <user-id-attribute>uid</user-id-attribute> >>>>>>> <user-base-dn>ou=External >>>>>>> Users,ou=users,dc=localhost,dc=com</user-base-dn> >>>>>>> <user-object-class>inetOrgPerson</user-object-class> >>>>>>> </configuration> >>>>>>> <requirements> >>>>>>> <requirement> >>>>>>> >>>>>>> >>>>>> >>>> <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role> >>>>>>> </requirement> >>>>>>> </requirements> >>>>>>> </component> >>>>>>> >>>>>>> Triple-check everything. >>>>>>> >>>>>>> And the final hint: Verify that you can connect to the LDAP >>>>>> anonymously, >>>>>>> and that you can search for and find the defined admin userid by DN >>>>>>> >>>>>>> On Tue, Jul 26, 2011 at 1:06 PM, Pedro M. Leite " < >>>>>> [email protected] >>>>>>>> wrote: >>>>>>> >>>>>>>> Hello, I need a help from you. >>>>>>>> >>>>>>>> I'm trying to configure to authenticate to an Archiva ldap I have. >>>> Ja >>>>>>>> followed several posts. >>>>>>>> However various posts led me to a problem. >>>>>>>> When I set up security.properties and / or the application.xml and >>>>>>> restart >>>>>>>> the >>>>>>>> server, it goes without error and put me a screen to create the >>>> admin. >>>>>>>> So far so good, the problem that this creation screen has no time >>>> for >>>>>>>> typing, >>>>>>>> so I can not fill in the fields. >>>>>>>> With this he gave me the information below: >>>>>>>> Create Admin User >>>>>>>> Username: admin >>>>>>>> Full Name is required. >>>>>>>> Full Name: >>>>>>>> Email Address is required. >>>>>>>> Email Address: >>>>>>>> >>>>>>>> Help me please. >>>>>>>> >>>>>>>> -- >>>>>>>> Pedro Macedo Leite " >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dr. Louis Smith, ThD >>>>>>> Chief Technology Officer, Kyra InfoTech >>>>>>> Colonel, Commemorative Air Force >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Pedro Macedo Leite " >>>>>> >>>>> >>>>> >>>> >>> >>> >>> >>> -- >>> Pedro Macedo Leite " >>> >> >> >> >> -- >> Pedro Macedo Leite " >> > > > > -- > Pedro Macedo Leite " -- Brett Porter [email protected] http://brettporter.wordpress.com/ http://au.linkedin.com/in/brettporter
