WSO2 加密主要 LDAP 用户存储凭据 [英] WSO2 Encrypt the primary LDAP userstore credentials
问题描述
使用 WSO2AM-2.6.0,我们正在尝试加密主要 LDAP 用户存储管理器的用户存储凭据.加密凭据适用于领域配置凭据(管理员密码)、jndi 属性、api-manager.xml、数据源凭据.
Using WSO2AM-2.6.0, we are trying to encrypt userstore credentials for a primary LDAP userstore manager. Encrypting credentials well works for the realm config credentials (admin password), jndi properties, api-manager.xml, datasource credentials.
我们遇到的问题是主要的用户存储 LDAP 连接凭据(因为用户也是管理员用户)
What we have issue with is the primary userstore LDAP connection credentials (as the user is as well an admin user)
理论上有全面的指南以及一些较旧的问题,例如这里 如何在 WSO2 中的 usr-mgt.xml 中加密 LDAP UserStore 密码?
In theory there are comprehensive guides as well some older questions such as here How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?
当使用 LDAP 作为辅助用户存储时,ConnectionPassword 被正确加密并用于用户存储定义 XML.但是,当用作主要用户存储管理器 (user-mgt.xml) 时,我们总是会收到 AuthenticationError LDAP 响应(锁定连接用户).
When using LDAP as a secondary userstore, the ConnectionPassword gets properly encryped and used in the userstore definition XML. However when used as a primary userstore manager (user-mgt.xml) we always get AuthenticationError LDAP response (locking out the connection user).
经过一些调试,我发现无论使用 ConnectionPassword 元素内容
After some debugging I found that the ConnectionPassword element content is used regardless
- 在属性上使用 encrypted=true 将加密的密码传递给 LDAP 连接
- using the encrypted=true on the property pass the encrypted password to the LDAP connection
eyJjIj .....................EEtMSJ9
- 使用密码工具加密属性,提供
password占位符
<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>
我们是否需要做任何特定的事情来获取被识别为加密的 LDAP 用户存储凭证?根据 Carbon 文档,它应该可以正常工作
Do we need to do anything specific to take the LDAP Userstore crendetials recognized as encrypted? According to the Carbon documentation it should simply work
推荐答案
为了加密连接密码,您需要使用别名作为
In order to encrypt Connection password, You need to use the alias as
UserManager.Configuration.Property.ConnectionPassword
对于 UserStore Manager 属性,您可以使用 UserManager.Configuration.Property 在属性名称前添加别名.
for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.
这篇关于WSO2 加密主要 LDAP 用户存储凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
