Chernikov, Pavel
2014-11-14 04:59:53 UTC
Hi. I'm trying to set up Archiva Active Directory authentication and group mapping.
Running into 2 problems -
1) I'm getting [[LDAP: error code 4 - Sizelimit Exceeded]] error - some kind of LDAP paging limitation, and I'm only getting 1000 users back, and that's all I see under USERS -> Manage. Does Archiva support LDAP paging? If not, any suggestions on how to proceed?
2) There aren't any groups under "LDAP Groups" in LDAP/Roles Mapping.
* I have LDAP User Manager under UserManager(s) chosen
* I have LDAP RBac Manager under RbacManager(s) chosen
Archiva.xml ldap section is as following:
<ldap>
<config>
<groups>
<member>member</member>
<class>group</class>
</groups>
<max>
<result>
<count>2000</count>
</result>
</max>
<mapper>
<attribute>
<fullname>cn</fullname>
<user>
<object>
<class>user</class>
</object>
<id>sAMAccountName</id>
</user>
<email>mail</email>
<password>unicodePwd</password>
</attribute>
</mapper>
<user>
<attribute>sAMAccountName</attribute>
</user>
</config>
<bind>
<authenticator>
<allowEmptyPasswords>false</allowEmptyPasswords>
</authenticator>
</bind>
</ldap>
<ldapConfiguration>
<ssl>false</ssl>
<bindAuthenticatorEnabled>false</bindAuthenticatorEnabled>
<writable>false</writable>
<useRoleNameAsGroup>false</useRoleNameAsGroup>
<hostName>XYZ</hostName>
<port>389</port>
<baseDn>OU=User Accounts</baseDn>
<baseGroupsDn>dc=corp</baseGroupsDn>
<contextFactory>com.sun.jndi.ldap.LdapCtxFactory</contextFactory>
<bindDn>CN=XYZ </bindDn>
<bindDn>OU=XYZ</bindDn>
<bindDn>OU=XYZ</bindDn>
<bindDn>DC=XYZ</bindDn>
<password>XYZ</password>
<authenticationMethod>simple</authenticationMethod>
<bindDn>DC=XYZ</bindDn>
<bindDn>DC=XYZ</bindDn>
<baseGroupsDn>dc=XYZ</baseGroupsDn>
<baseGroupsDn>dc=XYZ</baseGroupsDn>
<baseDn>OU=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
</ldapConfiguration>
Any ideas / suggestions are appreciated.
Thanks,
-Pavel
Running into 2 problems -
1) I'm getting [[LDAP: error code 4 - Sizelimit Exceeded]] error - some kind of LDAP paging limitation, and I'm only getting 1000 users back, and that's all I see under USERS -> Manage. Does Archiva support LDAP paging? If not, any suggestions on how to proceed?
2) There aren't any groups under "LDAP Groups" in LDAP/Roles Mapping.
* I have LDAP User Manager under UserManager(s) chosen
* I have LDAP RBac Manager under RbacManager(s) chosen
Archiva.xml ldap section is as following:
<ldap>
<config>
<groups>
<member>member</member>
<class>group</class>
</groups>
<max>
<result>
<count>2000</count>
</result>
</max>
<mapper>
<attribute>
<fullname>cn</fullname>
<user>
<object>
<class>user</class>
</object>
<id>sAMAccountName</id>
</user>
<email>mail</email>
<password>unicodePwd</password>
</attribute>
</mapper>
<user>
<attribute>sAMAccountName</attribute>
</user>
</config>
<bind>
<authenticator>
<allowEmptyPasswords>false</allowEmptyPasswords>
</authenticator>
</bind>
</ldap>
<ldapConfiguration>
<ssl>false</ssl>
<bindAuthenticatorEnabled>false</bindAuthenticatorEnabled>
<writable>false</writable>
<useRoleNameAsGroup>false</useRoleNameAsGroup>
<hostName>XYZ</hostName>
<port>389</port>
<baseDn>OU=User Accounts</baseDn>
<baseGroupsDn>dc=corp</baseGroupsDn>
<contextFactory>com.sun.jndi.ldap.LdapCtxFactory</contextFactory>
<bindDn>CN=XYZ </bindDn>
<bindDn>OU=XYZ</bindDn>
<bindDn>OU=XYZ</bindDn>
<bindDn>DC=XYZ</bindDn>
<password>XYZ</password>
<authenticationMethod>simple</authenticationMethod>
<bindDn>DC=XYZ</bindDn>
<bindDn>DC=XYZ</bindDn>
<baseGroupsDn>dc=XYZ</baseGroupsDn>
<baseGroupsDn>dc=XYZ</baseGroupsDn>
<baseDn>OU=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
<baseDn>DC=XYZ</baseDn>
</ldapConfiguration>
Any ideas / suggestions are appreciated.
Thanks,
-Pavel