在管理控制台中添加新用户时,无法将OpenLDAP设置为wso2is 5.6.0的主要用户存储:LDAP错误65 [英] Unable to setup OpenLDAP as primary user store for wso2is 5.6.0: LDAP Error 65 when adding a new user in management console

查看:154
本文介绍了在管理控制台中添加新用户时,无法将OpenLDAP设置为wso2is 5.6.0的主要用户存储:LDAP错误65的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我无法使用OpenLDAP将WSO2 Identity Server v5.6.0设置为主外部用户存储. Identity Server将按预期启动(控制台中没有错误),并且管理员用户帐户也已自动创建.但是,如果我尝试在每个管理控制台中添加一个新用户,则Identity Server会引发以下错误:

I am unable to setup WSO2 Identity Server v5.6.0 with OpenLDAP as primary, external user store. The Identity Server is starting as expected (no errors in the console) and the admin user account has been created automatically, too. But if I try to add A new User per management console, the Identity Server throws the following error:

无法添加用户PRIMARY/johndoe@gmail.com.错误:无法访问目录上下文,或者用户:johndoe@gmail.com在系统中已经存在该用户

Could not add user PRIMARY/johndoe@gmail.com. Error: Cannot access the directory context or user already exists in the system for user :johndoe@gmail.com

在LDAP控制台中,您可以看到wso2is试图添加具有ref-attribute的用户:

In the LDAP Console you can see that wso2is is trying to add the user with a ref-attribute:

5b7589c9 conn = 1022 op = 2添加dn ="mail = johndoe @ gmail.com,ou = Users,dc = wso2,dc = org" 5b7589c9 conn = 1022 op = 2 RESULT标签= 105 err = 65 text =属性"ref"仅在引荐中允许

5b7589c9 conn=1022 op=2 ADD dn="mail=johndoe@gmail.com,ou=Users,dc=wso2,dc=org" 5b7589c9 conn=1022 op=2 RESULT tag=105 err=65 text=attribute "ref" only allowed in the referral

我不知道为什么wso2is正这样做. Referral-Option已禁用&已导入WSO2特定的ldif文件.如何解决这个问题?

I don't know why exactly wso2is is doing that. The Referral-Option is disabled & The WSO2 specific ldif files has been imported. How can is solve this issue?

下面,我的user-mgt.xml配置: 

<UserManager>
  <Realm>
   <Configuration>
    <AddAdmin>true</AddAdmin>
      <AdminRole>admin</AdminRole>
      <AdminUser>
        <UserName>admin@wso2.com</UserName>
        <Password>admin</Password>
      </AdminUser>
      <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
      <Property name="isCascadeDeleteEnabled">true</Property>
      <Property name="initializeNewClaimManager">true</Property>
      <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
    </Configuration>    
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
      <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
      <Property name="ConnectionURL">ldap://ldap:389</Property>
      <Property name="ConnectionName">cn=admin,dc=wso2,dc=org</Property>
      <Property name="ConnectionPassword">admin</Property>
      <Property name="AnonymousBind">false</Property>
      <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
      <Property name="UserEntryObjectClass">identityPerson</Property>
      <Property name="UserNameAttribute">mail</Property>
      <Property name="UserNameSearchFilter">(&amp;(objectClass=identityPerson)(mail=?))</Property>
      <Property name="UserNameListFilter">(&amp;(objectClass=identityPerson)(mail=*))</Property>
      <Property name="UserDNPattern">mail={0},ou=Users,dc=wso2,dc=org</Property>
      <Property name="DisplayNameAttribute"/>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
      <Property name="GroupEntryObjectClass">groupOfNames</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
      <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property>
      <Property name="MembershipAttribute">member</Property>
      <Property name="BackLinksEnabled">false</Property>
      <Property name="UsernameJavaRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
      <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
      <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,40}$</Property>
      <Property name="RolenameJavaScriptRegEx">^[\S]{3,40}$</Property>
      <Property name="SCIMEnabled">true</Property>
      <Property name="IsBulkImportSupported">false</Property>
      <Property name="EmptyRolesAllowed">false</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="kdcEnabled">false</Property>
      <Property name="defaultRealmName">WSO2.ORG</Property>
      <Property name="UserRolesCacheEnabled">true</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout"/>
      <Property name="RetryAttempts"/>
    </UserStoreManager>

    <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
      <Property name="AdminRoleManagementPermissions">/permission</Property>
      <Property name="AuthorizationCacheEnabled">true</Property>
      <Property name="GetAllRolesOfUserEnabled">false</Property>
    </AuthorizationManager>
  </Realm>
</UserManager>

推荐答案

发生上述错误的原因是,在WSO2 IS中,为了表示resourceType,我们已映射了一个名为"ref"的ldap属性,但似乎"ref"是OpenLdap中保留的用于引用的属性.因此,我们看到了以上错误.

The reason for the above error is, in WSO2 IS for representing the resourceType we have mapped a ldap attribute called "ref", but it seems "ref" is a attribute that's reserved in OpenLdap for referrals. Hence we are seeing the above error.

要解决此问题,您可以按照以下说明进行操作,

To get around this you could follow the instructions below,

  1. 启动身份服务器后,转到首页"->身份"->声明"->列表".
  2. 选择"urn:ietf:params:scim:schemas:core:2.0",然后单击"urn:ietf:params:scim:schemas:core:2.0:meta.resourceType"上的编辑.
  3. 对于映射的本地声明",请选择一个您想要映射到的适当声明.例如: http://wso2.org/claims/userType ,然后单击更新.
  1. After starting the Identity server go to Home -> Identity -> Claims -> List.
  2. Select "urn:ietf:params:scim:schemas:core:2.0" and then click edit on "urn:ietf:params:scim:schemas:core:2.0:meta.resourceType".
  3. For "Mapped Local Claim" select a appropriate claim you would like to map to this. For e.g : http://wso2.org/claims/userType and click update.

  1. 现在尝试通过管理控制台创建用户.

这篇关于在管理控制台中添加新用户时,无法将OpenLDAP设置为wso2is 5.6.0的主要用户存储:LDAP错误65的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆