堆栈内存溢出
  简体   繁体   English

Worklight 应用程序中心 - Active Directory 集成

[英]Worklight Application Center - Active Directory integration

 原文  2014-10-24 07:49:53       ibm-mobilefirst/ worklight-appcenter

问题描述

I'm trying to integrate IBM Worklight Application Center with AD.我正在尝试将 IBM Worklight Application Center 与 AD 集成。 It's deployed on Websphere Liberty Profile on Windows Server 2008 R2 Enterprise VM.它部署在 Windows Server 2008 R2 Enterprise VM 上的 Websphere Liberty Profile 上。 I'm using documentation from this link: IBM Knowledgebase我正在使用此链接中的文档: IBM 知识库

I managed to connect with AD for authentication purposes with this config in server.xml:我设法使用 server.xml 中的此配置与 AD 连接以进行身份​​验证:

<ldapRegistry id="ldap" realm="SampleLdapADRealm" 
                host="ad.btb.hr" port="389" ignoreCase="true" 
                baseDN="ou=BTB,dc=btb,dc=hr" 
                bindDN="<myBindDN>" 
                bindPassword="<myBindPW>"
                ldapType="Microsoft Active Directory" 
                sslEnabled="false"> 
    <activedFilters userFilter="(&amp;(sAMAccountName=%v)(objectClass=user))"
                    groupFilter="(&amp;(cn=%v)(objectcategory=group))" 
                    userIdMap="user:sAMAccountName" 
                    groupIdMap="*:cn" 
                    groupMemberIdMap="memberOf:member">
    </activedFilters>
    <contextPool enabled="true" initialSize="1" maxSize="0" timeout="0s" waitTime="3000ms" preferredSize="3"/>
    <ldapCache>
        <attributesCache size="4000" timeout="1200s" enabled="true" sizeLimit="2000"/>
        <searchResultsCache size="2000" timeout="600s" enabled="true" resultsSizeLimit="1000"/>
    </ldapCache>
</ldapRegistry>

<!-- Begin of configuration added by IBM Worklight installer. -->

<!-- Declare the IBM Application Center Console application. -->
<application id="appcenterconsole" name="appcenterconsole" location="appcenterconsole.war" type="war">
    <application-bnd>
        <security-role name="appcenteradmin">
            <group name="worklight-administrators"/>
        </security-role>
        <security-role name="appcenteruser">
            <group name="worklight-users"/>
        </security-role>
    </application-bnd>
</application>

<!-- Declare the IBM Application Center Services application. -->
<application id="applicationcenter" name="applicationcenter" location="applicationcenter.war" type="war">
    <application-bnd>
        <security-role name="appcenteradmin">
            <!-- <group name="appcentergroup"/> -->
            <group name="worklight-administrators"/>
        </security-role>
        <security-role name="appcenteruser">
            <group name="worklight-users"/>
        </security-role>
    </application-bnd>
    <classloader delegation="parentLast">
        <commonLibrary>
            <fileset dir="${wlp.install.dir}/lib" includes="com.ibm.ws.crypto.passwordutil_1.0.1.jar"/>
        </commonLibrary>
    </classloader>
</application>

Then I tried configuring ACL so I can pull in users and groups into "User and Group Management" part of App Center using this configuration:然后我尝试配置 ACL,以便我可以使用以下配置将用户和组拉入 App Center 的“用户和组管理”部分:

<jndiEntry jndiName="ibm.appcenter.ldap.active" value="true"/>
<jndiEntry jndiName="ibm.appcenter.ldap.connectionURL" value="ldap://ad.btb.hr"/>
<jndiEntry jndiName="ibm.appcenter.ldap.user.loginName" value="sAMAccountName"/>
<jndiEntry jndiName="ibm.appcenter.ldap.security.binddn" value="<myBindDN>"/>
<jndiEntry jndiName="ibm.appcenter.ldap.security.bindpwd" value="<myBindPW>"/>
<jndiEntry jndiName="ibm.appcenter.ldap.user.base" value="ou=BTB,dc=btb,dc=hr"/>
<jndiEntry jndiName="ibm.appcenter.ldap.group.base" value="ou=BTB,dc=btb,dc=hr"/>
<jndiEntry jndiName="ibm.appcenter.ldap.user.displayName" value="displayName"/>
<jndiEntry jndiName="ibm.appcenter.ldap.group.name" value="cn"/>
<jndiEntry jndiName="ibm.appcenter.ldap.group.uniquemember" value="member"/>
<jndiEntry jndiName="ibm.appcenter.ldap.user.groupmembership" value="memberOf"/>
<jndiEntry jndiName="ibm.appcenter.ldap.cache.expiration.seconds" value="43200"/>
<jndiEntry jndiName="ibm.appcenter.ldap.user.filter" value='"(&amp;(sAMAccountName=%v)(objectClass=user))"'/>
<jndiEntry jndiName="ibm.appcenter.ldap.group.filter" value='"(&amp;(cn=%v)(objectcategory=group))"'/>

Now, I'm getting this error when accessing Users/Groups link in App Center:现在,我在 App Center 中访问用户/组链接时收到此错误:

[24.10.14. [24.10.14. 09:14:24:379 CEST] 0000001b com.ibm.puremeap.services.MobileServices E { "id": "5b5c3b4c-cb1d-4094-8e84-b1fee1b31b35", "message": "FWLAC0004E: The LDAP server cannot be accessed.", "productVersion": "6.2.0.00-20140613-0730" } 09:14:24:379 CEST] 0000001b com.ibm.puremeap.services.MobileServices E { "id": "5b5c3b4c-cb1d-4094-8e84-b1fee1b31b35", "message": "FWLAC0004 无法访问 LDAP 服务器.", "productVersion": "6.2.0.00-20140613-0730" }

What have I missed?我错过了什么?

3 个解决方案

解决方案1
 0  2014-10-24 08:46:27

You are using a very old version of Worklight 6.2;您使用的是非常旧版本的 Worklight 6.2; update your setup to use the latest.更新您的设置以使用最新版本。
You can get the latest Worklight Studio from Eclipse > Help > Eclipse Marketplace.您可以从 Eclipse > 帮助 > Eclipse Marketplace 获取最新的 Worklight Studio。 For server artifacts, visit the IBM Fix Central website.对于服务器工件,请访问 IBM Fix Central 网站。

Additionally, the above contains a fix for a bug that may be yours.此外,以上内容包含对可能属于您的错误的修复。 PI24446 CONNECTING TO APPCENTER WITH A LOG-IN NAME DIFFERENT BY CASE SENSETIVE FROM THE LOG IN NAME DEFINED IN LDAP RESULT IN ERROR PI24446 使用与 LDAP 中定义的登录名称不同的登录名称连接到 APPCENTER 导致错误

解决方案2
 0  2014-10-24 10:06:51

The JNDI entry ibm.appcenter.ldap.user.displayName.filter is missing.缺少 JNDI 条目 ibm.appcenter.ldap.user.displayName.filter。 Try by setting it.设置一下试试。

解决方案3
 0  2020-10-30 14:42:04

I had a similar issue fixed by adding/modifying these two lines.我通过添加/修改这两行解决了类似的问题。

In my case it's uid not sAMAccountName就我而言,它是uid而不是sAMAccountName

jndiEntry jndiName="ibm.appcenter.ldap.user.loginName" value="uid"

jndiEntry jndiName="ibm.appcenter.ldap.user.filter" value='"(&amp;(sAMAccountName=%v)(objectClass=person))"'

I used "person" as object class since the same mentioned in my LDAP registry configuration.我使用“person”作为对象类,因为在我的 LDAP 注册表配置中提到过。

jndiEntry jndiName="ibm.appcenter.ldap.user.displayName.filter" value='"(&amp;(cn=%v)(objectclass=person))"'

Group filter should be correct as I am using Objectcategory=group组过滤器应该是正确的,因为我使用的是Objectcategory=group

jndiEntry jndiName="ibm.appcenter.ldap.group.filter" value='"(&amp;(cn=%v)(objectcategory=group))"'/>

All LDAP related info can be verified from AD server.可以从 AD 服务器验证所有 LDAP 相关信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 IBM Worklight 6.0.0.2应用程序中心 - IBM Worklight 6.0.0.2 Application Center Worklight应用程序中心上载文件失败 - worklight application center upload file failed Worklight应用程序中心中的默认用户名和密码 - Default username and password in Worklight Application Center 打开Worklight应用程序中心时出错 - Error while opening worklight application center 配置Worklight Application Center下载/安装 - Configuring Worklight Application Center download/install Worklight 6.1 Application Center在Windows Phone 8上不起作用 - Worklight 6.1 Application Center not working on Windows Phone 8 Worklight Application Center只是不断重新加载 - Worklight Application Center just keeps reloading IBM Worklight 6.0-无法将应用程序发布到Application Center? - IBM Worklight 6.0 - Fail to publish application to Application Center? 如何将Worklight移动客户端应用程序安装到应用程序中心 - How do I install the Worklight mobile client application into the Application Center IBM Worklight 6.0-如何访问Application Center管理控制台 - IBM Worklight 6.0 - How to access the Application Center manangment console
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM