[英]Unable to login with users in Active Directory in wso2 api manager
I've configured the wso2 api manager
with external LDAP ie Microsoft Active Directory.
我已经使用外部LDAP(即
Microsoft Active Directory.
配置了wso2 api manager
Microsoft Active Directory.
Connectivity is set up and I'm able to see all the users in WSO2 apim user store which are present in AD. 设置了连通性后,我可以看到AD中存在的WSO2 API用户存储中的所有用户。 I have
4
following users in AD 我在AD中有
4
关注用户
Users : WSo2 Admin, WSO2 User1, WSO2 User2
But I'm able to login with just one user which I'm assigning the admin
role in configuration file like below snippet. 但是我只能用一个用户登录,该用户将在配置文件中分配
admin
角色,如下面的代码片段所示。
<AdminUser> <UserName>Wso2 Admin</UserName> <Password>abcdef@01</Password> </AdminUser>
Now I'll be only able to login with WSo2 Admin
only, same happens for other users if I assign admin role in config file I'll be able to login. 现在,我只能使用
WSo2 Admin
进行登录,如果我在配置文件中分配了admin角色就可以登录,其他用户也会遇到同样的情况。
But i want to login with every user which are present in AD ie WSo2 Admin, WSO2 User1, WSO2 User2
但是我想用AD中存在的每个用户登录,即
WSo2 Admin, WSO2 User1, WSO2 User2
Here is my configuration file: 这是我的配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<UserManager>
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>Wso2 Admin</UserName>
<Password>abcdef@01</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://test.xxxx.com:389</Property>
<Property name="ConnectionName">CN=Wso2 Admin,OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="ConnectionPassword">abcdef@01</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MembershipAttributeRange">1500</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">true</Property>
</AuthorizationManager>
</Realm>
</UserManager>
To the administrative console only admins (members of the admin group) are allowed to log in. 只有管理员(管理员组的成员)才能登录到管理控制台。
If you want any user to log in, you may try to find role Internal/everyone
and add a permission Login
to the role. 如果要让任何用户登录,则可以尝试查找“
Internal/everyone
”角色并向该角色添加权限“ Login
”。
However the users by default will be able only to change their password (even that's not true until you use ldaps connection instead of ldap) 但是,默认情况下,用户将只能更改其密码(即使在您使用ldaps连接而不是ldap之前,这都是不正确的)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.