WSO2用户管理API示例和Active Directory

时间:2015-08-27 20:44:49

标签: wso2is wso2-am

如果我使用默认用户存储,我的示例代码可以正常工作。

使用AD作为用户存储,我可以使用WSO2管理控制台添加用户,但某些API调用失败。

API确实创建了角色,看起来它部分地创建了用户,但随后它就崩溃了。

以下是服务器日志的相关部分:

[2015-08-27 20:36:44,306] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  wso2_admin user has permitted role :  admin
[2015-08-27 20:36:44,307]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'WSO2_Admin@carbon.super [-1234]' logged in at [2015-08-27 20:36:44,307+0000]
[2015-08-27 20:36:44,458] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Authorization cache miss for username : wso2_admin resource /permission/admin/configure/security action : ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Allowed roles for the ResourceID: /permission/admin/configure/security Action: ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  role: admin
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Roles which have permission for resource : /permission/admin/configure/security action : ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  Role :  admin
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -  wso2_admin user has permitted role :  admin
[2015-08-27 20:36:44,460] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: localhost
[2015-08-27 20:36:44,460] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:44,680] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:44,686] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: localhost exist: false
[2015-08-27 20:36:44,753] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: localhost
[2015-08-27 20:36:44,754] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:44,982] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:44,983] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: localhost exist: false
[2015-08-27 20:36:45,326] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user WSO2_Testuser_7
[2015-08-27 20:36:45,552] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:45,553] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:45,554] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:45,623] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user WSO2_Testuser_7
[2015-08-27 20:36:45,832] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:45,833] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: localhost
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:46,035] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: localhost exist: true
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: loginOnly
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=loginOnly))
[2015-08-27 20:36:46,254] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:46,256] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: loginOnly exist: true
[2015-08-27 20:36:46,257] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user WSO2_Testuser_7
[2015-08-27 20:36:46,484] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:46,486] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:46,486] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} -  AttributeName: sn AttributeValue: Powell
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} -  AttributeName: mail AttributeValue: andy.powell@outlook.com
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} -  AttributeName: givenName AttributeValue: Andrew
[2015-08-27 20:36:46,955] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:46,957] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Name in space for WSO2_Testuser_7 is CN=WSO2_Testuser_7,OU=IAM,DC=local
[2015-08-27 20:36:47,176] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: localhost
[2015-08-27 20:36:47,176] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:47,376] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:47,378] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: localhost exist: true
[2015-08-27 20:36:47,379] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  Modifying role: CN=localhost with type: 1 user: CN=WSO2_Testuser_7,OU=IAM,DC=local in search base: OU=IAM,DC=local
[2015-08-27 20:36:47,642] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  User: CN=WSO2_Testuser_7,OU=IAM,DC=local was successfully modified in LDAP group: CN=localhost
[2015-08-27 20:36:47,643] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching for role: loginOnly
[2015-08-27 20:36:47,643] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Using search filter: (&(objectcategory=group)(cn=loginOnly))
[2015-08-27 20:36:47,925] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Searching in OU=IAM,DC=local
[2015-08-27 20:36:47,927] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -  Is role: loginOnly exist: true
[2015-08-27 20:36:47,929] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  Modifying role: CN=loginOnly with type: 1 user: CN=WSO2_Testuser_7,OU=IAM,DC=local in search base: OU=IAM,DC=local
[2015-08-27 20:36:48,145] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} -  User: CN=WSO2_Testuser_7,OU=IAM,DC=local was successfully modified in LDAP group: CN=loginOnly


NOTE: WSO2_Testuser_7 was not actually created in AD.

Here is the Eclipse Console message:

org.wso2.carbon.user.core.UserStoreException: Error while enabling the user account. Please check password policy at DC
    at org.wso2.carbon.um.ws.api.WSUserStoreManager.handleException(WSUserStoreManager.java:485)
    at org.wso2.carbon.um.ws.api.WSUserStoreManager.addUser(WSUserStoreManager.java:139)
    at org.wso2.identity.um.sample.IdentityServerClient.main(IdentityServerClient.java:99)
Caused by: org.apache.axis2.AxisFault: Error while enabling the user account. Please check password policy at DC
    at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
    at org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)
    at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
    at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub.addUser(RemoteUserStoreManagerServiceStub.java:2276)
    at org.wso2.carbon.um.ws.api.WSUserStoreManager.addUser(WSUserStoreManager.java:136)
    ... 1 more

1 个答案:

答案 0 :(得分:0)

也许尝试检查user-mgt.xml密码参数regex。

https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store

作为一个想法(可能没有错)我会认为这些日志消息应该来自org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager,而不是org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager。您的user-mgt.xml设置为使用该类,是吗?

相关问题
最新问题