我是wso2的新手,我使用wso2 Identity Server对我的项目进行身份验证和授权。但我有一个问题是将ApacheDSUserStoreManager配置为wso2身份服务器中的外部ldap用户管理器。请有人能为我提供正确的方法。我的配置如下。
配置文件
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager">
<Property name="defaultRealmName">sample.com</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="ConnectionName">uid=rpurimitla,ou=manage,dc=sample,dc=com</Property>
<Property name="ConnectionPassword">sample</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserSearchBase">ou=manage,dc=sample,dc=com</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="isADLDSRole">true</Property>
<Property name="userAccountControl">512</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-]{3,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=manage,dc=sample,dc=com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="BackLinksEnabled">true</Property>
</UserStoreManager>
2013-07-26 17:57:47,781] INFO {org.wso2.carbon.databridge.agent.thrift.AgentHolder} - 创建了代理! [2013-07-26 17:57:47,859] INFO {org.wso2.carbon.databridge.agent.thrift.internal.AgentDS} - 已成功部署的代理客户端 [2013-07-26 17:57:48,000] INFO {org.wso2.carbon.identity.authenticator.iwa.ui.internal.Activator} - 在系统中启用集成Windows身份验证器 [2013-07-26 17:57:48,234] INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - 禁用嵌入式LDAP。 [2013-07-26 17:57:49,781] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - 无法创建org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager java.lang.ClassNotFoundException:org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:513) 在org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:429) 在org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:417) 在org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:169) 在org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:215) 在org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) 在org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113) 在org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) 在org.wso2.carbon.user.core.common.DefaultRealmService。(DefaultRealmService.java:103) 在org.wso2.carbon.user.core.common.DefaultRealmService。(DefaultRealmService.java:116) 在org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) 在org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) 在org.eclipse.osgi.framework.internal.core.BundleContextImpl $ 1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method)
=============================================== =================================
答案 0 :(得分:0)
如果您使用的是IS 4.0.0或更高版本,则已从这些版本中删除了ApacheDSUserStoreManager类。您需要根据您的版本更改配置。
您需要从user-mgt.xml取消注释以下部分并相应地更改配置。
<!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">secret</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserSearchBase">ou=system</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager-->
以下链接[1]中存在相关问题。
[1] WSO2 Identity Server external LDAP throws OBJECT_CLASS for OID identityperson does not exist
希望这有用。