简体   繁体   English

在管理控制台中添加新用户时,无法将OpenLDAP设置为wso2is 5.6.0的主要用户存储:LDAP错误65

[英]Unable to setup OpenLDAP as primary user store for wso2is 5.6.0: LDAP Error 65 when adding a new user in management console

I am unable to setup WSO2 Identity Server v5.6.0 with OpenLDAP as primary, external user store. 我无法使用OpenLDAP将WSO2 Identity Server v5.6.0设置为主外部用户存储。 The Identity Server is starting as expected (no errors in the console) and the admin user account has been created automatically, too. Identity Server将按预期方式启动(控制台中没有错误),并且也自动创建了管理员用户帐户。 But if I try to add A new User per management console, the Identity Server throws the following error: 但是,如果尝试在每个管理控制台中添加新用户,则Identity Server会引发以下错误:

Could not add user PRIMARY/johndoe@gmail.com. 无法添加用户PRIMARY/johndoe@gmail.com。 Error: Cannot access the directory context or user already exists in the system for user :johndoe@gmail.com 错误:无法访问目录上下文或用户:johndoe@gmail.com在系统中已经存在用户

In the LDAP Console you can see that wso2is is trying to add the user with a ref-attribute: 在LDAP控制台中,您可以看到wso2is试图添加具有ref属性的用户:

5b7589c9 conn=1022 op=2 ADD dn="mail=johndoe@gmail.com,ou=Users,dc=wso2,dc=org" 5b7589c9 conn=1022 op=2 RESULT tag=105 err=65 text=attribute "ref" only allowed in the referral 5b7589c9 conn = 1022 op = 2添加dn =“ mail = johndoe @ gmail.com,ou = Users,dc = wso2,dc = org” 5b7589c9 conn = 1022 op = 2 RESULT tag = 105 err = 65 text = attribute“ ref “仅在引荐中允许

I don't know why exactly wso2is is doing that. 我不知道为什么wso2is正这样做。 The Referral-Option is disabled & The WSO2 specific ldif files has been imported. Referral-Option已禁用,并且已导入WSO2特定的ldif文件。 How can is solve this issue? 如何解决这个问题?

Below, my user-mgt.xml configuration: 下面是我的user-mgt.xml配置:

<UserManager>
  <Realm>
   <Configuration>
    <AddAdmin>true</AddAdmin>
      <AdminRole>admin</AdminRole>
      <AdminUser>
        <UserName>admin@wso2.com</UserName>
        <Password>admin</Password>
      </AdminUser>
      <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
      <Property name="isCascadeDeleteEnabled">true</Property>
      <Property name="initializeNewClaimManager">true</Property>
      <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
    </Configuration>    
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
      <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
      <Property name="ConnectionURL">ldap://ldap:389</Property>
      <Property name="ConnectionName">cn=admin,dc=wso2,dc=org</Property>
      <Property name="ConnectionPassword">admin</Property>
      <Property name="AnonymousBind">false</Property>
      <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
      <Property name="UserEntryObjectClass">identityPerson</Property>
      <Property name="UserNameAttribute">mail</Property>
      <Property name="UserNameSearchFilter">(&amp;(objectClass=identityPerson)(mail=?))</Property>
      <Property name="UserNameListFilter">(&amp;(objectClass=identityPerson)(mail=*))</Property>
      <Property name="UserDNPattern">mail={0},ou=Users,dc=wso2,dc=org</Property>
      <Property name="DisplayNameAttribute"/>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
      <Property name="GroupEntryObjectClass">groupOfNames</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
      <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property>
      <Property name="MembershipAttribute">member</Property>
      <Property name="BackLinksEnabled">false</Property>
      <Property name="UsernameJavaRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
      <Property name="UsernameJavaScriptRegEx">^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$</Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
      <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,40}$</Property>
      <Property name="RolenameJavaScriptRegEx">^[\S]{3,40}$</Property>
      <Property name="SCIMEnabled">true</Property>
      <Property name="IsBulkImportSupported">false</Property>
      <Property name="EmptyRolesAllowed">false</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="kdcEnabled">false</Property>
      <Property name="defaultRealmName">WSO2.ORG</Property>
      <Property name="UserRolesCacheEnabled">true</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout"/>
      <Property name="RetryAttempts"/>
    </UserStoreManager>

    <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
      <Property name="AdminRoleManagementPermissions">/permission</Property>
      <Property name="AuthorizationCacheEnabled">true</Property>
      <Property name="GetAllRolesOfUserEnabled">false</Property>
    </AuthorizationManager>
  </Realm>
</UserManager>

The reason for the above error is, in WSO2 IS for representing the resourceType we have mapped a ldap attribute called "ref", but it seems "ref" is a attribute that's reserved in OpenLdap for referrals. 发生上述错误的原因是,在WSO2 IS中,为了表示resourceType,我们已映射了一个名为“ ref”的ldap属性,但似乎“ ref”是OpenLdap中保留的用于引用的属性。 Hence we are seeing the above error. 因此,我们看到上述错误。

To get around this you could follow the instructions below, 要解决此问题,您可以按照以下说明进行操作,

  1. After starting the Identity server go to Home -> Identity -> Claims -> List. 启动身份服务器后,转到主页->身份->声明->列表。
  2. Select "urn:ietf:params:scim:schemas:core:2.0" and then click edit on "urn:ietf:params:scim:schemas:core:2.0:meta.resourceType". 选择“ urn:ietf:params:scim:schemas:core:2.0”,然后单击“ urn:ietf:params:scim:schemas:core:2.0:meta.resourceType”上的编辑。
  3. For "Mapped Local Claim" select a appropriate claim you would like to map to this. 对于“映射的本地声明”,选择一个您想要映射到此的合适声明。 For eg : http://wso2.org/claims/userType and click update. 例如: http : //wso2.org/claims/userType ,然后单击更新。

在此处输入图片说明

  1. Now try creating a user through management console. 现在尝试通过管理控制台创建用户。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM