如果我使用默认用户存储,我的示例代码可以正常工作。
使用AD作为用户存储,我可以使用WSO2管理控制台添加用户,但某些API调用失败。
API确实创建了角色,看起来它部分地创建了用户,但随后它就崩溃了。
以下是服务器日志的相关部分:
[2015-08-27 20:36:44,306] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - wso2_admin user has permitted role : admin
[2015-08-27 20:36:44,307] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'WSO2_Admin@carbon.super [-1234]' logged in at [2015-08-27 20:36:44,307+0000]
[2015-08-27 20:36:44,458] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Authorization cache miss for username : wso2_admin resource /permission/admin/configure/security action : ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Allowed roles for the ResourceID: /permission/admin/configure/security Action: ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role: admin
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Roles which have permission for resource : /permission/admin/configure/security action : ui.execute
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role : admin
[2015-08-27 20:36:44,459] DEBUG {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - wso2_admin user has permitted role : admin
[2015-08-27 20:36:44,460] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: localhost
[2015-08-27 20:36:44,460] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:44,680] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:44,686] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: localhost exist: false
[2015-08-27 20:36:44,753] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: localhost
[2015-08-27 20:36:44,754] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:44,982] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:44,983] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: localhost exist: false
[2015-08-27 20:36:45,326] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user WSO2_Testuser_7
[2015-08-27 20:36:45,552] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:45,553] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:45,554] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:45,623] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user WSO2_Testuser_7
[2015-08-27 20:36:45,832] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:45,833] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: localhost
[2015-08-27 20:36:45,834] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:46,035] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: localhost exist: true
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: loginOnly
[2015-08-27 20:36:46,037] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=loginOnly))
[2015-08-27 20:36:46,254] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:46,256] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: loginOnly exist: true
[2015-08-27 20:36:46,257] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user WSO2_Testuser_7
[2015-08-27 20:36:46,484] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:46,486] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for WSO2_Testuser_7 is null
[2015-08-27 20:36:46,486] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User: WSO2_Testuser_7 exist: false
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} - AttributeName: sn AttributeValue: Powell
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} - AttributeName: mail AttributeValue: andy.powell@outlook.com
[2015-08-27 20:36:46,699] DEBUG {org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager} - AttributeName: givenName AttributeValue: Andrew
[2015-08-27 20:36:46,955] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for user with SearchFilter: (&(objectClass=user)(cn=WSO2_Testuser_7)) in SearchBase:
[2015-08-27 20:36:46,957] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in space for WSO2_Testuser_7 is CN=WSO2_Testuser_7,OU=IAM,DC=local
[2015-08-27 20:36:47,176] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: localhost
[2015-08-27 20:36:47,176] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=localhost))
[2015-08-27 20:36:47,376] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:47,378] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: localhost exist: true
[2015-08-27 20:36:47,379] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - Modifying role: CN=localhost with type: 1 user: CN=WSO2_Testuser_7,OU=IAM,DC=local in search base: OU=IAM,DC=local
[2015-08-27 20:36:47,642] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - User: CN=WSO2_Testuser_7,OU=IAM,DC=local was successfully modified in LDAP group: CN=localhost
[2015-08-27 20:36:47,643] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching for role: loginOnly
[2015-08-27 20:36:47,643] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Using search filter: (&(objectcategory=group)(cn=loginOnly))
[2015-08-27 20:36:47,925] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching in OU=IAM,DC=local
[2015-08-27 20:36:47,927] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Is role: loginOnly exist: true
[2015-08-27 20:36:47,929] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - Modifying role: CN=loginOnly with type: 1 user: CN=WSO2_Testuser_7,OU=IAM,DC=local in search base: OU=IAM,DC=local
[2015-08-27 20:36:48,145] DEBUG {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - User: CN=WSO2_Testuser_7,OU=IAM,DC=local was successfully modified in LDAP group: CN=loginOnly
NOTE: WSO2_Testuser_7 was not actually created in AD.
Here is the Eclipse Console message:
org.wso2.carbon.user.core.UserStoreException: Error while enabling the user account. Please check password policy at DC
at org.wso2.carbon.um.ws.api.WSUserStoreManager.handleException(WSUserStoreManager.java:485)
at org.wso2.carbon.um.ws.api.WSUserStoreManager.addUser(WSUserStoreManager.java:139)
at org.wso2.identity.um.sample.IdentityServerClient.main(IdentityServerClient.java:99)
Caused by: org.apache.axis2.AxisFault: Error while enabling the user account. Please check password policy at DC
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.um.ws.api.stub.RemoteUserStoreManagerServiceStub.addUser(RemoteUserStoreManagerServiceStub.java:2276)
at org.wso2.carbon.um.ws.api.WSUserStoreManager.addUser(WSUserStoreManager.java:136)
... 1 more
答案 0 :(得分:0)
也许尝试检查user-mgt.xml密码参数regex。
https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store
作为一个想法(可能没有错)我会认为这些日志消息应该来自org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
,而不是org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
。您的user-mgt.xml设置为使用该类,是吗?