Search code examples
ldaparchiva

Unable to get Apache Archiva working with LDAP

I have uncommented the LDAP and UserMapper connectors in application.xml

I know my LDAP credentials (binddn, hostname, etc) are all working, because I use LDAP authentication and authorization for other apps on my server.

All I've done, is make the changes to application.xml and security.properties. Is there something else I'm supposed to do?

When I try to login with a user from LDAP, it is unsuccessful. Is there a log file I can check to see what's going wrong? I find the archiva documentation to be sparse and laconic.

Here is my security.properties file - some values have been altered, maybe someone can verify the structure is in-tact:

# LDAP
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
security.policy.password.expiration.enabled=false

ldap.config.hostname=localhost
ldap.config.port=389
ldap.config.base.dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=cn=Manager,dc=mydomain,dc=com
ldap.config.password=mypass

ldap.config.mapper.attribute.email=mail
ldap.config.mapper.attribute.fullname=displayName
ldap.config.mapper.attribute.password=userPassword
ldap.config.mapper.attribute.user.id=mail
ldap.config.mapper.attribute.user.base.dn=ou=Users
ldap.config.mapper.attribute.user.object.class=inetOrgPerson
ldap.config.mapper.attribute.user.filter=(objectclass=inetOrgPerson)

Also, the config.mapper.attribute.user.base.dn confuses me. The basedn of my users is here: ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com

So does that mean for base DN I put: domainName=scoresecret.com,o=domains,dc=scoresecret,dc=com

and for config.mapper.attribute.user.base.dn: ou=Users

Let me know if I'm doing something wrong, if I'm forgetting to do something to "switch LDAP on", and if I can find some logs to point me in the right direction. Thanks a ton

Solution

  • Make sure you have configured an admin user that exists in LDAP - at the moment there's no way to use an internal user for that.

    redback.default.admin=admin

    Replace admin with a role account in your LDAP server that can be used for this.

    Here is a configuration template I use which should show the values you'd need to populate: https://github.com/maestrodev/puppet-archiva/blob/master/templates/security.properties.erb

    It seems the main difference could be the user filter being empty?

    (See also thread on users@archiva.apache.org: http://s.apache.org/KDj)