堆栈内存溢出
  简体   繁体   English

具有Microsoft Active Directory的Wso2身份服务器连接配置

[英]Wso2 identity server connection configuration with Microsoft active directory

 原文  2018-03-19 12:34:09       active-directory/ wso2

问题描述

Following error is received at wso2 identity server console while connection to Microsoft Active Directory 连接到Microsoft Active Directory时,在wso2身份服务器控制台上收到以下错误

Error obtaining connection. 获取连接时出错。 [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580] [LDAP:错误代码49-80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v2580] javax.naming.AuthenticationException:[LDAP:错误代码49-80090308:LdapErr:DSID-0C0903C5,注释:AcceptSecurityContext错误,数据52e,v2580]

where following user-mgt.xml configuration is 以下user-mgt.xml配置是 

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
   <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
   <Property name="ConnectionURL">ldap://10.10.4.145:389</Property>
   <Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
   <Property name="ConnectionPassword">root.123</Property>
   <Property name="AnonymousBind">false</Property>
   <Property name="UserSearchBase">ou=Users,dc=prc,dc=com</Property>
   <Property name="UserEntryObjectClass">identityPerson</Property>
   <Property name="UserNameAttribute">uid</Property>
   <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
   <Property name="UserNameListFilter">(objectClass=person)</Property>
   <Property name="DisplayNameAttribute" />
   <Property name="ReadGroups">true</Property>
   <Property name="WriteGroups">true</Property>
   <Property name="GroupSearchBase">ou=Groups,dc=prc,dc=com</Property>
   <Property name="GroupEntryObjectClass">groupOfNames</Property>
   <Property name="GroupNameAttribute">cn</Property>
   <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
   <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
   <Property name="MembershipAttribute">member</Property>
   <Property name="BackLinksEnabled">false</Property>
   <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
   <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
   <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="SCIMEnabled">true</Property>
   <Property name="IsBulkImportSupported">false</Property>
   <Property name="EmptyRolesAllowed">true</Property>
   <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
   <Property name="MultiAttributeSeparator">,</Property>
   <Property name="MaxUserNameListLength">100</Property>
   <Property name="MaxRoleNameListLength">100</Property>
   <Property name="kdcEnabled">false</Property>
   <Property name="defaultRealmName">prc.com</Property>
   <Property name="UserRolesCacheEnabled">true</Property>
   <Property name="ConnectionPoolingEnabled">false</Property>
   <Property name="LDAPConnectionTimeout">5000</Property>
   <Property name="ReadTimeout" />
   <Property name="RetryAttempts" />
</UserStoreManager>

1 个解决方案

解决方案1
 0  2018-03-19 12:46:31

"error code 49" indicates bad credentials (the credentials you are using to try to connect). “错误代码49”指示错误的凭据(您用于尝试连接的凭据)。

I assume that's this: 我认为是这样的: 

<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>

According to the documentation , this property should be "the DN (Distinguish Name) of the admin user in LDAP". 根据文档 ,此属性应为“ LDAP中的admin用户的DN(专有名称)”。 But your distinguished name is incorrect for two reasons: 但是您的专有名称不正确有两个原因:

  1. You cannot use uid in a distinguished name (the example uses uid , but that doesn't work with Active Directory). 不能使用uid在一个专有名称(示例中使用uid ,但是,这并不与Active Directory工作)。 It should start with CN= . 它应该以CN=开头。
  2. You're missing the domain part of the DN, like "dc=prc,dc=com" (I'm assuming that's what it is for your domain" 您缺少DN的域部分,例如“ dc = prc,dc = com”(我假设这就是您的域的名称)

So it should look something more like this (but you will have to verify it is correct): 因此,它看起来应该更像这样(但您必须确认它是正确的): 

<Property name="ConnectionName">cn=wso2admin,ou=Users,dc=prc,dc=com</Property>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WSO2身份服务器和带有OU的Active Directory - WSO2 Identity Server and Active Directory with OUs Active Directory和WSO2 Identity Server辅助用户存储的问题 - Problems with Active Directory and WSO2 Identity Server Secondary User Store WSO2 Identity Server-Active Directory集成-更改密码问题 - WSO2 Identity Server - Active Directory Integration - Change Password Issue WSO2 Identity Server 用户门户和 Active Directory - WSO2 Identity Server User Portal and Active Directory WSO2身份服务器无法管理Active Directory用户 - WSO2 identity server cannot manage Active Directory users WSO2 Identity Server 5.7.0 如何获取 Active Directory 中的所有用户并插入到 Identity Server 用户? - WSO2 Identity Server 5.7.0 How can get all users in An Active Directory and Insert to Identity Server Users? 启动WSO2 Identity Server时将用户添加到Active Directory时出错 - Error while adding the user to the Active Directory when starting WSO2 Identity Server WSO2 Identity Server 5.11.0 我的帐户个人信息不适用于 Active Directory 用户存储 - WSO2 Identity Server 5.11.0 My Account personal info not working with Active Directory userstore WSO2 Intergrator 6.6.0 活动目录登录 - WSO2 Intergrator 6.6.0 active directory login WSO2-访问目录服务错误和活动目录用户名 - WSO2 - ACCESS DIRECTORY SERVICE ERROR & ACTIVE DIRECTORY USERNAMES
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM