如何使用LDAP配置WSO2标识?

时间:2012-08-20 18:57:27

标签: ldap wso2 identity openldap wso2is

如何使用LDAP配置WSO2身份?

我将user-mgt.xml更改为:

    <UserManager>
    <Realm>
        <Configuration>
            <AdminRole>admin</AdminRole>
            <AdminUser>
            <UserName>admin</UserName>
            <Password>admin</Password>
            </AdminUser>
        <EveryOneRoleName>everyone</EveryOneRoleName>
        <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</Property>
        <Property name="userName">wso2carbon</Property>
        <Property name="password">wso2carbon</Property>
        <Property name="driverName">org.h2.Driver</Property>
        <Property name="maxActive">50</Property>
        <Property name="maxWait">60000</Property>
        <Property name="minIdle">5</Property>
        </Configuration>

        <UserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">
        <Property name="ReadOnly">true</Property>
        <Property name="ConnectionURL">ldap://ldap.curitiba.pr.gov.br:389</Property>
        <Property name="ConnectionName">o=ICI</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="UserEntryObjectClass">wso2Person</Property>
        <Property name="UserSearchBase">ou=users,dc=ICI,ou=domains,o=ICI</Property>
        <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
        <Property name="UserNameAttribute">uid</Property>
        <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property>
        <Property name="UsernameJavaScriptRegEx">[\\S]{3,30}</Property>
        <Property name="UsernameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\&lt;&gt;]{3,30}$</Property>
        <Property name="RolenameJavaScriptRegEx">[\\S]{3,30}</Property>
        <Property name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\&lt;&gt;]{3,30}$</Property>
        <Property name="ReadLDAPGroups">false</Property>
        <Property name="WriteLDAPGroups">false</Property>
        <Property name="EmptyRolesAllowed">false</Property>
        <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupEntryObjectClass">groupOfNames</Property>
        <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
        </UserStoreManager> 
    </Realm>
    </UserManager>

但它不起作用。

以下是日志的内容:

[2012-08-20 18:32:03,209]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Starting WSO2 Carbon...
[2012-08-20 18:32:03,209]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Operating System : Linux 2.6.37.6-smp, i386
[2012-08-20 18:32:03,209]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Java Home        : /usr/lib/java
[2012-08-20 18:32:03,209]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Java Version     : 1.6.0_25
[2012-08-20 18:32:03,210]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Java VM          : Java HotSpot(TM) Server VM 20.0-b11,Sun Microsystems Inc.
[2012-08-20 18:32:03,210]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Carbon Home      : /soa/srvapp/IdentityServer
[2012-08-20 18:32:03,210]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  Java Temp Dir    : /soa/srvapp/IdentityServer/tmp
[2012-08-20 18:32:03,210]  INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} -  User             : root, en-US, America/Sao_Paulo
[2012-08-20 18:32:06,645]  INFO {org.wso2.carbon.ldap.server.configuration.LDAPConfigurationBuilder} -  KDC server is disabled.
[2012-08-20 18:32:06,649]  INFO {org.wso2.carbon.ldap.server.DirectoryActivator} -  Initializing Directory Server with working directory /soa/srvapp/IdentityServer/repository/data/org.wso2.carbon.directory and port 10390
[2012-08-20 18:32:10,665] ERROR {org.wso2.carbon.user.core.internal.Activator} -  Cannot start User Manager Core bundle
java.lang.NullPointerException
        at org.wso2.carbon.user.core.config.RealmConfigXMLProcessor.buildRealmConfiguration(RealmConfigXMLProcessor.java:170)
        at org.wso2.carbon.user.core.common.DefaultRealmService.buildBootStrapRealmConfig(DefaultRealmService.java:150)
        at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:86)
        at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:124)
        at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:64)
        at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:54)
        at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:782)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:773)
        at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:754)
        at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:352)
        at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:370)
        at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1068)
        at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:557)
        at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:464)
        at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:248)
        at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:445)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:220)
        at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:330)

1 个答案:

答案 0 :(得分:0)

这看起来像是完整堆栈跟踪的一部分。无论如何,我在user-mgt.xml中看到一个明显无效的配置。您已使用组织单位对象作为错误的连接名称。

<Property name="ConnectionName">o=ICI</Property>

您必须在OpenLDAP中使用有效用户作为连接名称。例如,

<Property name="ConnectionName">cn=SomeUser,ou=users,dc=ICI,ou=domains,o=ICI</Property>