WSO2 Identity Server and Active Directory with OUs
Question
I'm trying to use WSO2IS with an Active Directory LDS.
Using the store to display and read users is no problem. However when editing a user, there's a hiccup.
The users are situated in OUs in the AD and in the synced AD LDS. (We use the AD LDS to add user attributes without changing the original AD.)
When I edit a user it will be moved by the IS to the UserSearchBase. IS is still able to show the user - for now.
When the AD LDS is synced with the AD, the user will be moved back to its original OU.
The IS will not be able to find the user, because it is still looking for the user in the "new" location in the UserSearchBase root.
Only if I restart the IS, the user will be found again.
I tried to recreate the behaviour by hand:
- Create user in an OU situated in the UserSearchBase
- Edit the user with IS
- Move the user back to its original location in the OU in the AD
- IS throws error
Is there a way to tell the IS to leave the user DN/location as is?
Is there a way to disable caching? (Without impact on performance?)
Regards, Mat
1 answers
solution1
0 ACCPTED 2017-10-07 05:30:22
This looks like a known issue with Cache Expiry Bug 6471 . Please see if the description matches your exception trace.
There is a fix going on for the above. That will be available on future release.
You can also build from the public repository once the fix is done, if this is the case.
Workaround
You can edit and save the user store, if his user store is configured with the UI. You do not need to change any value. This will cause a new instance to be created, thus re-creating the cache.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.