WSO2身份服务器 - LDAP用户存储不工作 [英] WSO2 Identity Server - LDAP user store not working
问题描述
我想配置的Identity Server(4.1.0)对我们的企业Active Directory中。
I'm trying to configure the Identity Server (4.1.0) against our corporate Active Directory.
我现在用的是ReadOnlyLDAPUserStoreManager类。下面是用户存储的配置:
I am using the ReadOnlyLDAPUserStoreManager class. Here is the configuration for the user store:
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="ReadOnly">true</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://host</Property>
<Property name="ConnectionName">ommitted</Property>
<Property name="ConnectionPassword">xxxxxx</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserSearchBase">searchbase</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="GroupSearchBase">groupbase</Property>
<Property name="GroupNameListFilter">(objectClass=group)</Property>
<Property name="GroupNameAttribute">sAMAccountName</Property>
<Property name="MembershipAttribute">memberOf</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
我已经删除特定连接的细节和UserSearchBase和GroupSearchBase。 IS启动成功,我可以看到用户和角色列出。
I've removed specific connection details and UserSearchBase and GroupSearchBase. IS starts up successfully, and I can see users and roles listed.
我遇到了以下问题:
- 在身份认证服务器无法正确分配角色映射到用户。虽然我的广告使用的memberOf属性来定义组成员,身份认证服务器没有任何分配给特定用户
-
我不能够登录到Identity服务器管理界面与我的LDAP存储的用户。当我配置域/配置以下列方式:
- The Identity server does not correctly map assigned roles to users. Even though my AD uses the 'memberOf' attribute to define group membership, Identity server does not have any assigned to a particular user
I am not able to log in to the Identity server admin UI with a user from my LDAP store. When I configure Realm/Configuration in the following way:
管理员 AD_user_name 管理员 大家 JDBC / WSO2CarbonDB org.wso2.carbon.user.core.config.multitenancy.CommonLDA prealmConfigBuilder org.wso2.carbon.user.core.config.multitenancy.CommonLDA prealmConfigBuilder&LT; /属性 - >
admin AD_user_name admin everyone jdbc/WSO2CarbonDB org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property-->
有没有人有任何建议与一个只读的LDAP存储中的Active Directory集成?
Does anyone have any suggestion for integrating with a readonly LDAP store that is ACtive directory?
更新 与WSO2的支持工作,我会建议大家等到尝试这一特定用例之前4.1.1。旧版本的产品根本就不能很好地工作。我会更新,因为我知道更多。
Update Working with WSO2 support, I would advise everyone to wait until IS 4.1.1 before attempting this particular use case. Older versions of the product simply do not work very well. I will update as I know more.
推荐答案
更新:
我可以证实,WSO2 IS 4.1.1解决了问题,这按预期工作。我得出的结论产品4.1.0平出不工作。
I can confirm that the WSO2 IS 4.1.1 resolves the issue and this works as expected. I've come to the conclusion the product 4.1.0 flat out doesn't work.
开发团队有固定的问题,这些功能和它的最新版本。
The dev team has fixed the issues in those features and it's in the latest release.
祝你好运。
这篇关于WSO2身份服务器 - LDAP用户存储不工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
