WSO2 身份服务器 - LDAP 用户存储不起作用 [英] WSO2 Identity Server - LDAP user store not working

问题描述

I'm trying to configure the Identity Server (4.1.0) against our corporate Active Directory.

I am using the ReadOnlyLDAPUserStoreManager class. Here is the configuration for the user store:

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
            <Property name="ReadOnly">true</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="ConnectionURL">ldap://host</Property>
            <Property name="ConnectionName">ommitted</Property>
            <Property name="ConnectionPassword">xxxxxx</Property>
            <Property name="passwordHashMethod">PLAIN_TEXT</Property>
            <Property name="UserSearchBase">searchbase</Property>
            <Property name="UserNameListFilter">(objectClass=user)</Property>
            <Property name="UserNameAttribute">sAMAccountName</Property>
            <Property name="ReadLDAPGroups">true</Property>
            <Property name="GroupSearchBase">groupbase</Property>
            <Property name="GroupNameListFilter">(objectClass=group)</Property>
            <Property name="GroupNameAttribute">sAMAccountName</Property>
            <Property name="MembershipAttribute">memberOf</Property>
            <Property name="UserRolesCacheEnabled">false</Property>
            <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
            <Property name="maxFailedLoginAttempt">0</Property> 
        </UserStoreManager>

I've removed specific connection details and UserSearchBase and GroupSearchBase. IS starts up successfully, and I can see users and roles listed.

I'm encountering the following issues:

• The Identity server does not correctly map assigned roles to users. Even though my AD uses the 'memberOf' attribute to define group membership, Identity server does not have any assigned to a particular user

• I am not able to log in to the Identity server admin UI with a user from my LDAP store. When I configure Realm/Configuration in the following way:

  admin AD_user_name admin everyone jdbc/WSO2CarbonDB org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property-->

Does anyone have any suggestion for integrating with a readonly LDAP store that is ACtive directory?

Update Working with WSO2 support, I would advise everyone to wait until IS 4.1.1 before attempting this particular use case. Older versions of the product simply do not work very well. I will update as I know more.

解决方案

Update:

I can confirm that the WSO2 IS 4.1.1 resolves the issue and this works as expected. I've come to the conclusion the product 4.1.0 flat out doesn't work.

The dev team has fixed the issues in those features and it's in the latest release.

Good luck.

这篇关于WSO2 身份服务器 - LDAP 用户存储不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！