WSO2更新AD中的用户
[英]WSO2 update users in AD
问题描述
we try to connect to active directory as secondary store, we retrieved the data from AD successfully, but when we try to update user Info from user profile we get the following Message : 
我们尝试连接到作为辅助存储的活动目录,我们成功从AD检索了数据,但是当我们尝试从用户个人资料更新用户信息时,会收到以下消息:
when we look to log we found the follwing problem : 当我们查看日志时,发现以下问题:
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090EC7, comment: Error in attribute conversion operation, data 0, v3839 ]; javax.naming.directory.NoSuchAttributeException:[LDAP:错误代码16-00000057:LdapErr:DSID-0C090EC7,注释:属性转换操作中的错误,数据0,v3839]; remaining name 'CN=mhejazi' 剩余名称“ CN = mhejazi”
the secondry store config is : 二级存储配置为:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="ConnectionURL">ldap://10.3.5.33:389</Property>
<Property name="ConnectionName">CN=mhejazi,CN=Users,DC=devdc,DC=sure,DC=Com,DC=sa</Property>
<Property encrypted="true" name="ConnectionPassword">kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg=</Property>
<Property name="UserSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(sAMAccountName=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="DomainName">devdc.sure.com.sa</Property>
<Property name="Description">Sue Dev
</Property>
1 个解决方案
解决方案1
0 2017-12-24 15:50:29
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D50, comment: Error in attribute conversion operation, data 0, v3839
This error occurs when the claim mapping is not properly configured against the AD attributes via Claim Management UI. 当未通过声明管理UI针对AD属性正确配置声明映射时,会发生此错误。
You need to make sure that all the attributes mapped are valid and existing in Active Directory. 您需要确保所有映射的属性都是有效的,并且存在于Active Directory中。 Different user stores uses different attributes. 不同的用户存储区使用不同的属性。 In [2] you can find a reference to the set of attributes supported by active directory. 在[2]中,您可以找到对活动目录支持的属性集的引用。 The default WSO2 claims are mapped to some generic attributes, the Firstname is mapped to the nickname attribute but active directory does not have a nickname attribute. 默认的WSO2声明已映射到某些常规属性,“名字”已映射到昵称属性,但活动目录没有昵称属性。 The Full Name is mapped to the cn attribute, in active directory cn has other semantic meanings. 全名映射到cn属性,在活动目录cn中具有其他语义。
Similarly in your claim configuration you need to make sure that all the attributes defined there are supported by Active Directory. 同样,在您的声明配置中,您需要确保Active Directory支持其中定义的所有属性。 If it is not supported you can add an additional mapped attribute in claim configuration for the local claim that is supported by AD. 如果不支持,则可以在声明配置中为AD支持的本地声明添加其他映射属性。 Sample configuration is as follows. 示例配置如下。
Refer [3] for more information regarding this. 有关更多信息,请参见[3]。
[ 1] https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes [1] https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
[2] http://www.kouti.com/tables/userattributes.htm [2] http://www.kouti.com/tables/userattributes.htm
[3] https://docs.wso2.com/display/IS540/Managing+User+Attributes [3] https://docs.wso2.com/display/IS540/Managing+User+Attributes
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.