如何更改 WSO2 IS 4.5.0 的主 LDAP 域 [英] How to change primary LDAP domain of WSO2 IS 4.5.0
问题描述
我想修改主用户存储的域(基于LDAP),但我无法成功.
I would like modify the domain of the primary user storage (based on LDAP), but i can not get successfully.
user-mgt.xml
中的当前域是 dc=wso2,dc=org
我想更改为 dc=foobar,dc=com
The current domain in user-mgt.xml
is dc=wso2,dc=org
and I would like to change to dc=foobar,dc=com
我修改的user-mgt.xml
是:
...
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="defaultRealmName">FOOBAR.COM</Property>
<Property name="kdcEnabled">false</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=foobar,dc=com</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\S]{2,30}/[\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=foobar,dc=com</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=foobar,dc=com</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserDNPattern">uid={0},ou=Users,dc=foobar,dc=com</Property>
<Property name="RoleDNPattern">cn={0},ou=Groups,dc=foobar,dc=com</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
</UserStoreManager>
...
启动WSO2 IS时的错误是:
The error when starting WSO2 IS is:
Caused by: org.wso2.carbon.user.core.UserStoreException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest
baseDn : 'ou=Groups,dc=foobar,dc=com'
filter : '(&(2.5.4.0=groupofnames)(2.5.4.3=*))'
scope : whole subtree
typesOnly : false
Size Limit : 100
Time Limit : 11
Deref Aliases : deref Always
attributes : 'cn'
: ERR_268 Cannot find a partition for ou=Groups,dc=foobar,dc=com]
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleNames(ReadOnlyLDAPUserStoreManager.java:1024)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetRoleNames(ReadOnlyLDAPUserStoreManager.java:1134)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2485)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2382)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2375)
at org.wso2.carbon.event.core.internal.subscription.registry.RegistrySubscriptionManager.<init>(RegistrySubscriptionManager.java:91)
... 65 more
我应该错过什么?
推荐答案
解决了!
我已经替换了以下文件中的旧域和 defaultRealmName
:
I have replaced older domain and defaultRealmName
in the following files:
IS_HOME/repository/conf/user-mgt.xml
IS_HOME/repository/conf/tenant-mgt.xml
IS_HOME/repository/conf/embedded-ldap.xml
我已将 dc=wso2,dc=org
替换为 dc=foobar,dc=com
并将 defaultRealmName=WSO2.ORG
替换为 FOOBAR.COM
,然后我删除了 IS_HOME/repository/data/org.wso2.carbon.directory
中名为 root
的目录.. 所以重新启动时将再次创建一个新的默认分区.
I have replaced dc=wso2,dc=org
for dc=foobar,dc=com
and defaultRealmName=WSO2.ORG
for FOOBAR.COM
, then I deleted the directory named root
located in the IS_HOME/repository/data/org.wso2.carbon.directory
.. so a fresh default partition will be created again at the restart.
现在,如果您使用任何 LDAP 客户端连接到 WSO2IS 的嵌入式 LDAP(10389 端口),您将看到新域 FOOBAR.COM
而不是 WSO2.ORG
.
Now, if you connect to WSO2IS' embedded LDAP (10389 port) using any LDAP client, you will see the new domain FOOBAR.COM
instead of WSO2.ORG
.
希望对你有用.
这篇关于如何更改 WSO2 IS 4.5.0 的主 LDAP 域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!