0

我是 OpenAM 的新手,我在我的机器中配置了 AD LDS,它有用户列表。我正在尝试将 ADAM 作为数据存储添加到 OpenAM。即使我从 OpenAM https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+Active+Directory+for+Authentication+and+DataStore遵循了这个文档

在我按照上述说明进行操作后,但当尝试使用 OPEN AM 的 AD 用户登录时,我得到“身份验证失败”。

**有人可以帮我吗?

**LDRepo Error:****

ERROR: An error occurred while executing persistent search
org.forgerock.opendj.ldap.ReferralException: Referral: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: ‘wealthcetera.local’



**Authenication Log Error:**

amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
LoginState: getIdentity performing IdRepo search to obtain AMIdentity
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: user
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: agent
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
result is :[]
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
URL is :
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
tempDefaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultFailureURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::submitRequirements end
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Status at the end of submitRequirements() : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::hasMoreRequirements()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthREST:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Authentication failed – destroying new session
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Error Code is.. : 102
4

1 回答 1

0

我假设您正在使用 Active Directory 身份验证模块。如果是这样,您对“用于检索用户配置文件的属性”有什么价值?您是否启用或禁用了“将用户 DN 返回到 DataStore”?

此外,在您的数据存储配置中,您使用什么作为“身份验证命名属性”?

看起来身份验证成功,但 OpenAM 之后无法在 IdRepo(数据存储)中找到用户。

于 2016-01-19T15:45:27.930 回答