使用 /identity/create 服务时,默认 OpenAM 架构需要 sn 和 cn 属性。即使我在请求中指定了它们,我在后端收到一个错误,说 sn 丢失......还有其他人让创建身份端点工作吗?
我将 OpenDS 用于支持 ldap,将 9.5.4 版用于 OpenAM。所有其他端点(身份验证、注销、isValidToken、更新)都可以正常工作。
要求:
http://openam:8080/openam/identity/create?admin={token}&identity_type=user&identity_name=jdoe&identity_realm=/&identity_attribute_names=userpassword&identity_attribute_values_userpassword=changeme&identity_attribute_names=givenname&identity_attributes_values_givenname=tbd&identity_attribute_names=sn&identity_attributes_values_sn=tbd&identity_attribute_names=cn&identity_attributes_values_cn=tbd
例外:
exception.name=com.sun.identity.idsvcs.GeneralFailure Plug-in com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo encountered an ldap exception. LDAP Error 65: The requested operation will add or change data so that the data no longer complies with the schema.
OpenDS 错误:
ADD RES conn=82 op=20 msgID=33882 result=65 message="Entry uid=jdoe,ou=people,dc=company,dc=com violates the Directory Server schema configuration because it is missing attribute sn which is required by objectclass person" etime=0
更新:
看起来当它到达 LDAPv3Repo 时,sn 和 cn 属性已被删除:
LDAPv3Repo:07/02/2012 05:52:17:986 PM PDT: Thread[http-bio-8080-exec-2,5,main]
exit addAttrMapping: attrMap = {mail=[], sn=[], cn=[], inetuserstatus=[Active], givenname=[], userpassword=xxx..., dn=[]}
调试日志中没有其他看起来有帮助的东西。