[英]Wso2 identity server connection configuration with Microsoft active directory
連接到Microsoft Active Directory時,在wso2身份服務器控制台上收到以下錯誤
獲取連接時出錯。 [LDAP:錯誤代碼49-80090308:LdapErr:DSID-0C0903C5,注釋:AcceptSecurityContext錯誤,數據52e,v2580] javax.naming.AuthenticationException:[LDAP:錯誤代碼49-80090308:LdapErr:DSID-0C0903C5,注釋:AcceptSecurityContext錯誤,數據52e,v2580]
以下user-mgt.xml配置是
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://10.10.4.145:389</Property>
<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
<Property name="ConnectionPassword">root.123</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=Users,dc=prc,dc=com</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute" />
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=prc,dc=com</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">prc.com</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout" />
<Property name="RetryAttempts" />
</UserStoreManager>
“錯誤代碼49”指示錯誤的憑據(您用於嘗試連接的憑據)。
我認為是這樣的:
<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
根據文檔 ,此屬性應為“ LDAP中的admin用戶的DN(專有名稱)”。 但是您的專有名稱不正確有兩個原因:
uid
在一個專有名稱(示例中使用uid
,但是,這並不與Active Directory工作)。 它應該以CN=
開頭。 因此,它看起來應該更像這樣(但您必須確認它是正確的):
<Property name="ConnectionName">cn=wso2admin,ou=Users,dc=prc,dc=com</Property>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.