我正在使用 Identity Server 4.1.0,并且在 Apache Directory Studio 中运行 ApacheDS。所以我现在想要的是将我的 IS 连接到外部 LDAP。
IS 可以很好地连接到 ldap,只是它会抛出错误,因为缺少属性定义。至少这是我对堆栈跟踪的解释。
我看到其他人也尝试过:
WSO2 external ldap not working
但是我的错误是不同的。
我还看到在这个博客中很好地解释了如何使用 Directory Studio,但它似乎都在 IS 的嵌入式 LDAP 上运行:http:
//www.soasecurity.org/2012/11/multiple-user -store-manager-feature.html
任何帮助表示赞赏!在此先感谢
最好的,约翰内斯
这里的错误:
ERR_04269 OID 身份的 OBJECT_CLASS 不存在!]; com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) 上 com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) 上的剩余名称 'uid=admin'。 jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) 在 com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) 在 com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext. java:277) 在 com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) 在 org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) .. . 30 多个 TID:[0] [IS] [2013-06-26 15:26:00,225] 错误 {org.wso2.carbon.user.core.common.DefaultRealmService} - 无法初始化领域。{org.wso2.carbon.user。addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) ... 27 更多原因:javax.naming.NamingException:[LDAP:错误代码 80 - 其他:MessageType 失败:ADD_REQUEST 消息 ID:5 添加请求:条目 dn[n]:uid=admin,ou=Users,dc=wso2,dc=org objectClass:identityPerson uid:admin sn:admin userPassword:'0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_04269 OBJECT_CLASS for OID identityperson does not exist !]; com.sun.jndi.ldap.LdapCtx 中的剩余名称“uid=admin”。mapErrorCode(LdapCtx.java:3111) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun .jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) 在 com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277) 在 com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind (PartialCompositeDirContext.java:197) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) ... 还有 30 个 TID:[0] [IS] [2013-06-26 15 :26:00,226] 错误 {org.wso2.carbon.user.core.internal.Activator} - 无法启动用户管理器核心包 {org.wso2.carbon.user.core.internal.Activator} org.wso2.carbon.user .core.UserStoreException:无法初始化领域。在 org.wso2.carbon.user。user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) ... 27 更多原因:javax.naming。 NamingException:[LDAP:错误代码 80 - 其他:MessageType 失败:ADD_REQUEST 消息 ID:5 添加请求:条目 dn[n]:uid=admin,ou=Users,dc=wso2,dc=org objectClass:identityPerson uid:admin sn: admin userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl 控制类型 OID: '2.16'0.840.1.1113: 37. ERR_04269 OID 身份的 OBJECT_CLASS 不存在!]; 剩余名称 'uid=admin'
<UserManager>
<Realm>
<Configuration>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<!--Property name="defaultRealmName">EXAMPLE.COM</Property-->
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">secret</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserSearchBase">ou=system</Property>
<!--Property name="UserSearchBase">ou=Users,dc=example,dc=com</Property-->
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=system</Property>
<!--Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property-->
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<!-- added by joe -->
<!--Property name="UserDNPattern">uid={0},ou=Users,dc=example,dc=com</Property-->
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>