我在Websphere Liberty配置文件的server.xml中进行了LDAP配置,如下所示。
<ldapRegistry baseDN="dc=mydc,dc=myroot,dc=myorg" bindDN="cn=myname,OU=Users,OU=myou,DC=mydc,DC=myroot,DC=myorg" bindPassword="xxxx" host="mycompanyldap" id="ldap" ignoreCase="true" ldapType="Microsoft Active Directory" port="389" realm="LdapRegistry" sslEnabled="false">
<activedFilters groupMemberIdMap="memberof:member" />
<activedFilters groupMemberIdMap="memberOf:member" />
</ldapRegistry>
我的login.jsp里面有这个调用..
<form name="frmLogin" action="j_security_check" method="POST">
<table width="100%">
<tr>
<td align="center">
<table id="loginPanel">
<thead>
<th id="titleRow" colspan="2">Media Inquiries</th>
</thead>
<tbody>
<tr id="firstRow">
<td class="label">LAN ID:</td>
<td class="field"><input type="text" id="j_username" name="j_username" maxlength="20" style="width: 150;"></td>
</tr>
<tr>
<td class="label"> Password: </td>
<td class="field"><input type="password" id="j_password" name="j_password" maxlength="20" style="width: 150;"></td>
</tr>
<tr>
<td id="submitRow" colspan="2">
<input type="submit" id="btnSubmit" value="Logon" onclick="return submitPage()">
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</table>
我在web.xml中定义了以下内容
<!-- ========== Begin Authentication ========== -->
<security-constraint>
<display-name>All Users Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Pages</web-resource-name>
<url-pattern>*.htm</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>All Users Authorization Constraint</description>
<role-name>All Users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>LdapRegistry</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?loginFailed=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>All Users</role-name>
</security-role>
<!-- ========== End Authentication ========== -->
<!-- Declare Spring Security filter -->
<!-- Add a DelegatingFilterProxy -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Add a springSecurityFilterChain mapping -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>*.htm</url-pattern>
</filter-mapping>
当我使用表单登录进行登录时,前端没有任何反应。 我检查日志,有这条消息。
[2/9/16 11:42:27:593 CST] 00000054 com.ibm.ws.logging.internal.impl.IncidentImpl I FFDC1015I: An FFDC Incident has been created: "com.ibm.ws.security.registry.RegistryException: CWIML0515E: The user registry operation could not be completed. The CN=myname,OU=Users,OU=myou,DC=mydc,DC=myroot,DC=myorg entity is not in the scope of the defined realm. Specify an entity that is in the scope of the configured realm in the server.xml file. com.ibm.ws.security.authentication.jaas.modules.UsernameAndPasswordLoginModule 93" at ffdc_16.02.09_11.42.27.0.log
WebSphere文档显示了这个..这是我收到的确切消息,但我不清楚我需要做些什么来修复我的server.xml。
CWIML0515E: The user registry operation could not be completed. The {0} entity is not in the scope of the {1} realm. Specify an entity that is in the scope of the configured realm in the server.xml file.
**Explanation** The operation cannot be performed because the specified entity is not in the scope of the realm.
**Action** Ensure that the unique name of the entity is specified correctly. If a realm name is specified in the Context object of the input object, ensure that the name is spelt correctly.
有人可以帮助我做我需要做的事情才能使我的LDAP正常运行我的登录。我需要在server.xml中更改什么内容?
由于 Dhiren
答案 0 :(得分:0)
这是解决方案。 这需要添加到Web应用程序或耳朵中。 请注意,ldap的领域应该是您设置的LdapRealm。
<application-bnd>
<security-role name="All Users">
<special-subject id="group:LdapRegistry/cn=yourCN,OU=Users,OU=,DC=,DC=,DC=" type="ALL_AUTHENTICATED_USERS"/>
<special-subject id="user:LdapRegistry/cn=yourCN,OU=Users,OU=,DC=,DC=,DC=" type="ALL_AUTHENTICATED_USERS"/>
</security-role>
</application-bnd>
一旦你设置好了。战争和耳朵可以与LDAP通信