stackoom
  简体   繁体   中英

Wso2 identity server connection configuration with Microsoft active directory

 原文  2018-03-19 12:34:09       active-directory/ wso2

Question

Following error is received at wso2 identity server console while connection to Microsoft Active Directory

Error obtaining connection. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580]

where following user-mgt.xml configuration is 

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
   <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
   <Property name="ConnectionURL">ldap://10.10.4.145:389</Property>
   <Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
   <Property name="ConnectionPassword">root.123</Property>
   <Property name="AnonymousBind">false</Property>
   <Property name="UserSearchBase">ou=Users,dc=prc,dc=com</Property>
   <Property name="UserEntryObjectClass">identityPerson</Property>
   <Property name="UserNameAttribute">uid</Property>
   <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
   <Property name="UserNameListFilter">(objectClass=person)</Property>
   <Property name="DisplayNameAttribute" />
   <Property name="ReadGroups">true</Property>
   <Property name="WriteGroups">true</Property>
   <Property name="GroupSearchBase">ou=Groups,dc=prc,dc=com</Property>
   <Property name="GroupEntryObjectClass">groupOfNames</Property>
   <Property name="GroupNameAttribute">cn</Property>
   <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
   <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
   <Property name="MembershipAttribute">member</Property>
   <Property name="BackLinksEnabled">false</Property>
   <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
   <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
   <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="SCIMEnabled">true</Property>
   <Property name="IsBulkImportSupported">false</Property>
   <Property name="EmptyRolesAllowed">true</Property>
   <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
   <Property name="MultiAttributeSeparator">,</Property>
   <Property name="MaxUserNameListLength">100</Property>
   <Property name="MaxRoleNameListLength">100</Property>
   <Property name="kdcEnabled">false</Property>
   <Property name="defaultRealmName">prc.com</Property>
   <Property name="UserRolesCacheEnabled">true</Property>
   <Property name="ConnectionPoolingEnabled">false</Property>
   <Property name="LDAPConnectionTimeout">5000</Property>
   <Property name="ReadTimeout" />
   <Property name="RetryAttempts" />
</UserStoreManager>

1 answers

solution1
 0  2018-03-19 12:46:31

"error code 49" indicates bad credentials (the credentials you are using to try to connect).

I assume that's this: 

<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>

According to the documentation , this property should be "the DN (Distinguish Name) of the admin user in LDAP". But your distinguished name is incorrect for two reasons:

  1. You cannot use uid in a distinguished name (the example uses uid , but that doesn't work with Active Directory). It should start with CN= .
  2. You're missing the domain part of the DN, like "dc=prc,dc=com" (I'm assuming that's what it is for your domain"

So it should look something more like this (but you will have to verify it is correct): 

<Property name="ConnectionName">cn=wso2admin,ou=Users,dc=prc,dc=com</Property>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question WSO2 Identity Server and Active Directory with OUs Problems with Active Directory and WSO2 Identity Server Secondary User Store WSO2 Identity Server - Active Directory Integration - Change Password Issue WSO2 Identity Server User Portal and Active Directory WSO2 identity server cannot manage Active Directory users WSO2 Identity Server 5.7.0 How can get all users in An Active Directory and Insert to Identity Server Users? Error while adding the user to the Active Directory when starting WSO2 Identity Server WSO2 Identity Server 5.11.0 My Account personal info not working with Active Directory userstore WSO2 Intergrator 6.6.0 active directory login WSO2 - ACCESS DIRECTORY SERVICE ERROR & ACTIVE DIRECTORY USERNAMES
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM