[英]Wso2 identity server connection configuration with Microsoft active directory
Following error is received at wso2 identity server console while connection to Microsoft Active Directory 连接到Microsoft Active Directory时,在wso2身份服务器控制台上收到以下错误
Error obtaining connection. 获取连接时出错。 [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580] [LDAP:错误代码49-80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v2580] javax.naming.AuthenticationException:[LDAP:错误代码49-80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v2580]
where following user-mgt.xml configuration is 以下user-mgt.xml配置是
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://10.10.4.145:389</Property>
<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
<Property name="ConnectionPassword">root.123</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=Users,dc=prc,dc=com</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute" />
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=prc,dc=com</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">prc.com</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout" />
<Property name="RetryAttempts" />
</UserStoreManager>
"error code 49" indicates bad credentials (the credentials you are using to try to connect). “错误代码49”指示错误的凭据(您用于尝试连接的凭据)。
I assume that's this: 我认为是这样的:
<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
According to the documentation , this property should be "the DN (Distinguish Name) of the admin user in LDAP". 根据文档 ,此属性应为“ LDAP中的admin用户的DN(专有名称)”。 But your distinguished name is incorrect for two reasons: 但是您的专有名称不正确有两个原因:
uid
in a distinguished name (the example uses uid
, but that doesn't work with Active Directory). 不能使用uid
在一个专有名称(示例中使用uid
,但是,这并不与Active Directory工作)。 It should start with CN=
. 它应该以CN=
开头。 So it should look something more like this (but you will have to verify it is correct): 因此,它看起来应该更像这样(但您必须确认它是正确的):
<Property name="ConnectionName">cn=wso2admin,ou=Users,dc=prc,dc=com</Property>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.