如何更改 WSO2 IS 4.5.0 的主 LDAP 域 [英] How to change primary LDAP domain of WSO2 IS 4.5.0
问题描述
我想修改主用户存储的域(基于LDAP),但我无法成功.
I would like modify the domain of the primary user storage (based on LDAP), but i can not get successfully.
user-mgt.xml 中的当前域是 dc=wso2,dc=org 我想更改为 dc=foobar,dc=com
The current domain in user-mgt.xml is dc=wso2,dc=org and I would like to change to dc=foobar,dc=com
我修改的user-mgt.xml是:
...
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="defaultRealmName">FOOBAR.COM</Property>
<Property name="kdcEnabled">false</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=foobar,dc=com</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\S]{2,30}/[\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=foobar,dc=com</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=foobar,dc=com</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserDNPattern">uid={0},ou=Users,dc=foobar,dc=com</Property>
<Property name="RoleDNPattern">cn={0},ou=Groups,dc=foobar,dc=com</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
</UserStoreManager>
...
启动WSO2 IS时的错误是:
The error when starting WSO2 IS is:
Caused by: org.wso2.carbon.user.core.UserStoreException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest
baseDn : 'ou=Groups,dc=foobar,dc=com'
filter : '(&(2.5.4.0=groupofnames)(2.5.4.3=*))'
scope : whole subtree
typesOnly : false
Size Limit : 100
Time Limit : 11
Deref Aliases : deref Always
attributes : 'cn'
: ERR_268 Cannot find a partition for ou=Groups,dc=foobar,dc=com]
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleNames(ReadOnlyLDAPUserStoreManager.java:1024)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetRoleNames(ReadOnlyLDAPUserStoreManager.java:1134)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2485)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2382)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2375)
at org.wso2.carbon.event.core.internal.subscription.registry.RegistrySubscriptionManager.<init>(RegistrySubscriptionManager.java:91)
... 65 more
我应该错过什么?
推荐答案
解决了!
我已经替换了以下文件中的旧域和 defaultRealmName:
I have replaced older domain and defaultRealmName in the following files:
IS_HOME/repository/conf/user-mgt.xmlIS_HOME/repository/conf/tenant-mgt.xmlIS_HOME/repository/conf/embedded-ldap.xml
我已将 dc=wso2,dc=org 替换为 dc=foobar,dc=com 并将 defaultRealmName=WSO2.ORG 替换为 FOOBAR.COM,然后我删除了 IS_HOME/repository/data/org.wso2.carbon.directory 中名为 root 的目录.. 所以重新启动时将再次创建一个新的默认分区.
I have replaced dc=wso2,dc=org for dc=foobar,dc=com and defaultRealmName=WSO2.ORG for FOOBAR.COM, then I deleted the directory named root located in the IS_HOME/repository/data/org.wso2.carbon.directory
.. so a fresh default partition will be created again at the restart.
现在,如果您使用任何 LDAP 客户端连接到 WSO2IS 的嵌入式 LDAP(10389 端口),您将看到新域 FOOBAR.COM 而不是 WSO2.ORG.
Now, if you connect to WSO2IS' embedded LDAP (10389 port) using any LDAP client, you will see the new domain FOOBAR.COM instead of WSO2.ORG.
希望对你有用.
这篇关于如何更改 WSO2 IS 4.5.0 的主 LDAP 域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
