我是OpenAM的新手,我在我的机器中配置了AD LDS,它有用户列表。我正在尝试将ADAM作为数据存储添加到OpenAM。甚至我都遵循OpenAM https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+Active+Directory+for+Authentication+and+DataStore
中的这些文档在我按照提到的说明操作后,但是当我尝试使用OPEN AM的AD用户登录时,我会收到“身份验证失败”。
**有人可以帮我吗?
**LDRepo Error:****
ERROR: An error occurred while executing persistent search
org.forgerock.opendj.ldap.ReferralException: Referral: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: ‘wealthcetera.local’
**Authenication Log Error:**
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
LoginState: getIdentity performing IdRepo search to obtain AMIdentity
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: user
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: agent
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
result is :[]
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
URL is :
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
tempDefaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultFailureURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::submitRequirements end
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Status at the end of submitRequirements() : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::hasMoreRequirements()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthREST:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Authentication failed – destroying new session
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Error Code is.. : 102
答案 0 :(得分:0)
我假设您正在使用Active Directory身份验证模块。如果是这样,您对用于检索用户配置文件的属性有什么价值?#34;?你有"将用户DN返回给DataStore"启用还是禁用?
此外,在您的数据存储配置中,您使用什么作为"身份验证命名属性"?
看起来认证成功但是之后OpenAM无法在IdRepo(数据存储)中找到用户。