Discussion:
unable to get LDAP/Roles Mapping to work in 2.2.0
Wes Wannemacher
2015-05-07 03:28:54 UTC
Permalink
Hello,

I am new to archiva. I have LDAP working so that I can login with LDAP
accounts onto my server. Also, when I am in the LDAP/Roles Mapping
screen, the LDAP groups appear correctly in the LDAP Groups dropdown.
However, if I setup a mapping and click the Save button, the mapping
will be gone by the time I leave the screen and come back.
Additionally, the mapping does not work (members of the LDAP group are
not granted the Role that I mapped). I have tried creating a
security.properties file with the following contents (per the redback
docs):

ldap.config.groups.role.archiva_admin=Archiva System Administrator

However, this does not grant members of the archiva_admin group the
Archiva System Administrator role. Additionally, I added the following
snippet (on a whim) to the archiva.xml file:
<role>
<archiva_admin>Archiva System Administrator</archiva_admin>
</role>

That is added inside the:
<ldap>
<config>
<groups>
section. It does make a property show up in the Properties tab of the
"Users Runtime Configuration" but it has no effect.

The mapping I would like to setup will be permanent, so it does not
need to work properly in the UI. I don't mind adding the configuration
manually into a config file on the server. However, I can't seem to
find any way to make the mapping work.

-Wes
--
Wes Wannemacher
Wes Wannemacher
2015-05-07 20:17:51 UTC
Permalink
I've been trying to troubleshoot this issue and I'm having trouble
following the flow of execution. I've set breakpoints in
DefaultLdapGroupMappingService and DefaultLdapRoleMapperConfiguration.
Neither one of the breakpoints is reached when I try to save the Ldap
Group -> Archiva Role mapping. Could the problem be in the Javascript?
I'm not sure how to troubleshoot issues in the Javascript.

Thanks again for your help.

-Wes
Post by Wes Wannemacher
Hello,
I am new to archiva. I have LDAP working so that I can login with LDAP
accounts onto my server. Also, when I am in the LDAP/Roles Mapping
screen, the LDAP groups appear correctly in the LDAP Groups dropdown.
However, if I setup a mapping and click the Save button, the mapping
will be gone by the time I leave the screen and come back.
Additionally, the mapping does not work (members of the LDAP group are
not granted the Role that I mapped). I have tried creating a
security.properties file with the following contents (per the redback
ldap.config.groups.role.archiva_admin=Archiva System Administrator
However, this does not grant members of the archiva_admin group the
Archiva System Administrator role. Additionally, I added the following
<role>
<archiva_admin>Archiva System Administrator</archiva_admin>
</role>
<ldap>
<config>
<groups>
section. It does make a property show up in the Properties tab of the
"Users Runtime Configuration" but it has no effect.
The mapping I would like to setup will be permanent, so it does not
need to work properly in the UI. I don't mind adding the configuration
manually into a config file on the server. However, I can't seem to
find any way to make the mapping work.
-Wes
--
Wes Wannemacher
--
Wes Wannemacher
Wes Wannemacher
2015-05-08 00:09:40 UTC
Permalink
Still trying to figure out what's going on here... I don't really know
knockout very well, so I'm not sure why this is happening. Anyhow, in
js/archiva/admin/features/generaladmin/main.js lines 1393-1395:
saveModifyLdapGroupMapping=function(){
//save modified ldap group mappings if any
if(self.modifiesLdapGroupMappings().length>0){

That if test fails. Since it fails, it just ignores the LDAP mappings
and moves on back to the main "Users Runtime Configuration" view. The
modifiesLdapGroupMappings is a ko.observableArray, but when the save
button is hit, the array is empty :(.

If I'm heading down the wrong way, please let me know...

-Wes
Post by Wes Wannemacher
I've been trying to troubleshoot this issue and I'm having trouble
following the flow of execution. I've set breakpoints in
DefaultLdapGroupMappingService and DefaultLdapRoleMapperConfiguration.
Neither one of the breakpoints is reached when I try to save the Ldap
Group -> Archiva Role mapping. Could the problem be in the Javascript?
I'm not sure how to troubleshoot issues in the Javascript.
Thanks again for your help.
-Wes
Post by Wes Wannemacher
Hello,
I am new to archiva. I have LDAP working so that I can login with LDAP
accounts onto my server. Also, when I am in the LDAP/Roles Mapping
screen, the LDAP groups appear correctly in the LDAP Groups dropdown.
However, if I setup a mapping and click the Save button, the mapping
will be gone by the time I leave the screen and come back.
Additionally, the mapping does not work (members of the LDAP group are
not granted the Role that I mapped). I have tried creating a
security.properties file with the following contents (per the redback
ldap.config.groups.role.archiva_admin=Archiva System Administrator
However, this does not grant members of the archiva_admin group the
Archiva System Administrator role. Additionally, I added the following
<role>
<archiva_admin>Archiva System Administrator</archiva_admin>
</role>
<ldap>
<config>
<groups>
section. It does make a property show up in the Properties tab of the
"Users Runtime Configuration" but it has no effect.
The mapping I would like to setup will be permanent, so it does not
need to work properly in the UI. I don't mind adding the configuration
manually into a config file on the server. However, I can't seem to
find any way to make the mapping work.
-Wes
--
Wes Wannemacher
--
Wes Wannemacher
--
Wes Wannemacher
Olivier Lamy
2015-05-13 11:10:06 UTC
Permalink
Hi
Post by Wes Wannemacher
Still trying to figure out what's going on here... I don't really know
knockout very well, so I'm not sure why this is happening. Anyhow, in
saveModifyLdapGroupMapping=function(){
//save modified ldap group mappings if any
if(self.modifiesLdapGroupMappings().length>0){
That if test fails. Since it fails, it just ignores the LDAP mappings
and moves on back to the main "Users Runtime Configuration" view. The
modifiesLdapGroupMappings is a ko.observableArray, but when the save
button is hit, the array is empty :(.
You're in the right place.
I think there is a problem in an observable method that should must
populate this array.
You must have look what happen with the function
: this.modifyLdapGroupMapping=function(roleNames,ldapGroupMapping){
especially this one contains some logs when elements are added to the array
Post by Wes Wannemacher
If I'm heading down the wrong way, please let me know...
-Wes
Post by Wes Wannemacher
I've been trying to troubleshoot this issue and I'm having trouble
following the flow of execution. I've set breakpoints in
DefaultLdapGroupMappingService and DefaultLdapRoleMapperConfiguration.
Neither one of the breakpoints is reached when I try to save the Ldap
Group -> Archiva Role mapping. Could the problem be in the Javascript?
I'm not sure how to troubleshoot issues in the Javascript.
Thanks again for your help.
-Wes
Post by Wes Wannemacher
Hello,
I am new to archiva. I have LDAP working so that I can login with LDAP
accounts onto my server. Also, when I am in the LDAP/Roles Mapping
screen, the LDAP groups appear correctly in the LDAP Groups dropdown.
However, if I setup a mapping and click the Save button, the mapping
will be gone by the time I leave the screen and come back.
Additionally, the mapping does not work (members of the LDAP group are
not granted the Role that I mapped). I have tried creating a
security.properties file with the following contents (per the redback
ldap.config.groups.role.archiva_admin=Archiva System Administrator
However, this does not grant members of the archiva_admin group the
Archiva System Administrator role. Additionally, I added the following
<role>
<archiva_admin>Archiva System Administrator</archiva_admin>
</role>
<ldap>
<config>
<groups>
section. It does make a property show up in the Properties tab of the
"Users Runtime Configuration" but it has no effect.
The mapping I would like to setup will be permanent, so it does not
need to work properly in the UI. I don't mind adding the configuration
manually into a config file on the server. However, I can't seem to
find any way to make the mapping work.
-Wes
--
Wes Wannemacher
--
Wes Wannemacher
--
Wes Wannemacher
--
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy
Loading...