Add LDAP snippet

git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@682713 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
index 0a387cfc03785c345e0973ca7ef6647e796d14e9..22ad7d1ac2067e0971cf3890d5e027b0526c475f 100644 (file)
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/plexus/application.xml
@@ -219,6 +219,171 @@
         </requirement>
       </requirements>
     </component>
+
+    <!-- START SNIPPET: ldap -->
+    <!-- 
+       Ldap Authentication can be enabled by setting enabling these components and setting the following configuration options in your security.properties file
+
+       ============================================================
+       user.manager.impl=ldap
+       ldap.bind.authenticator.enabled=true
+       redback.default.admin=admin
+       redback.default.guest=guest
+       security.policy.password.expiration.enabled=false
+
+       ldap.config.hostname=ldap.hostname
+       ldap.config.port=389
+       ldap.config.base.dn=o=com
+       ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
+       ldap.config.bind.dn=uid=myusername,o=com
+       ldap.config.password=s3cr3t
+       #ldap.config.authentication.method=
+       ============================================================
+
+       * ldap.config.hostname - The hostname of the ldap server
+       * ldap.config.port - The port of the ldap server
+       * ldap.config.base.dn - The baseDn of the ldap system
+       * ldap.config.context.factory - context factory for ldap connections
+       * ldap.config.bind.dn - the core user used for authentication the ldap server, must be able to perform the necessary searches, etc.
+       * ldap.config.password - password for the bindDn for the root ldap connection
+
+       until this process is better documented, the following is the document for configuration ldap with redback
+      
+       http://redback.codehaus.org/integration/ldap.html
+    -->
+
+    <!--
+    
+    this component manages the connection to the ldap server
+     -->
+
+    <!-- component>
+      <role>org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</role>
+      <role-hint>configurable</role-hint>
+      <implementation>org.codehaus.plexus.redback.common.ldap.connection.ConfigurableLdapConnectionFactory</implementation>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
+        </requirement>
+      </requirements>
+    </component-->
+    
+    <!-- 
+    
+    this component manages the mapping of attributes in ldap to user information in redback. To configure the mapping, you can add the following properties in your security.properties
+
+       ============================================================
+       ldap.config.mapper.attribute.email=mail
+       ldap.config.mapper.attribute.fullname=givenName
+       ldap.config.mapper.attribute.password=userPassword
+       ldap.config.mapper.attribute.user.id=cn
+       ldap.config.mapper.attribute.user.base.dn=
+       ldap.config.mapper.attribute.user.object.class=inetOrgPerson
+       ldap.config.mapper.attribute.user.filter=(attributeName=value)
+       ============================================================
+
+
+     * email-attribute - The name of the attribute on a user that contains the email address
+     * full-name-attribute - The name of the attribute on a user that contains the users fullName
+     * password-attribute - The name of the attribute containing the users password, used for the authentiction using the user manager and not the ldap bind authenticator
+     * user-id-attribute - The name of the attribute containing the users userId, most commonly cn or sn.
+     * user-base-dn - The base dn that will be subtree searched for users.
+     * user-object-class - the objectClass used in the ldap server for indentifying users, most commonly inetOrgPerson.
+     -->
+    
+    <!-- component>
+      <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
+      <role-hint>ldap</role-hint>
+      <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation>
+      <configuration>
+        <email-attribute>email</email-attribute>
+        <full-name-attribute>givenName</full-name-attribute>
+        <password-attribute>userPassword</password-attribute>
+        <user-id-attribute>cn</user-id-attribute>
+        <user-base-dn>o=com</user-base-dn>
+        <user-object-class>inetOrgPerson</user-object-class>
+      </configuration>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
+        </requirement>
+      </requirements>
+    </component-->
+    
+    <!--
+     
+    If caching is desired to improve performance then make uncomment this and make sure the following configuration parameter is in the security.properties
+     
+    user.manager.impl=cached
+    -->
+     
+    <!-- component>
+      <role>org.codehaus.plexus.redback.users.UserManager</role>
+      <role-hint>cached</role-hint>
+      <implementation>org.codehaus.plexus.redback.users.cached.CachedUserManager</implementation>
+      <description>CachedUserManager</description>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.redback.users.UserManager</role>
+          <role-hint>ldap</role-hint>
+          <field-name>userImpl</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.ehcache.EhcacheComponent</role>
+          <role-hint>users</role-hint>
+          <field-name>usersCache</field-name>
+        </requirement>
+      </requirements>
+    </component-->
+    
+    <!-- 
+    
+    if using the user manager authenticator to authenticate the user and not the ldap bind authenticator make sure
+    this definition has the correct password encoder
+    
+    Note: you should probably just use the ldap bind authenticator which is enabled by putting
+    
+    ldap.bind.authenticator.enabled=true
+    
+    in the security.properties
+    -->
+    
+    <!-- component>
+      <role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
+      <role-hint>default</role-hint>
+      <implementation>org.codehaus.plexus.redback.policy.DefaultUserSecurityPolicy</implementation>
+      <description>User Security Policy.</description>
+      <requirements>
+        <requirement>
+          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
+          <field-name>config</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.redback.policy.PasswordEncoder</role>
+          <role-hint>sha1</role-hint>
+          <field-name>passwordEncoder</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.redback.policy.UserValidationSettings</role>
+          <field-name>userValidationSettings</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.redback.policy.CookieSettings</role>
+          <role-hint>rememberMe</role-hint>
+          <field-name>rememberMeCookieSettings</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.redback.policy.CookieSettings</role>
+          <role-hint>signon</role-hint>
+          <field-name>signonCookieSettings</field-name>
+        </requirement>
+        <requirement>
+          <role>org.codehaus.plexus.redback.policy.PasswordRule</role>
+          <field-name>rules</field-name>
+        </requirement>
+      </requirements>
+    </component-->
+    <!-- END SNIPPET: ldap -->
   </components>
 
   <lifecycle-handler-manager implementation="org.codehaus.plexus.lifecycle.DefaultLifecycleHandlerManager">