WSO2 IS错误389DS,找不到admin

时间:2016-04-29 08:15:33

标签: ldap wso2 wso2is

我已将OpenLdap与Identity Server(IS)连接,并且身份验证也成功。现在我正在尝试将389 Directory Server与IS连接。连接成功但我收到错误

Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be created in primary user store. User store is read only. Please pick a user name which is exist in the primary u
ser store as Admin user

我的配置是,

<Configuration>
    <AddAdmin>False</AddAdmin>
        <AdminRole>wsoadmin</AdminRole>
        <AdminUser>
            <UserName>banderson</UserName>
            <Password>*****</Password>
        </AdminUser>
        <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
        <Property name="isCascadeDeleteEnabled">true</Property>
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
    </Configuration>

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
        <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
        <Property name="ConnectionURL">ldap://URL:389/o=NetscapeRoot</Property>
        <Property name="ConnectionName">cn=Directory Manager</Property>
        <Property name="ConnectionPassword">password</Property>
        <Property name="UserSearchBase">ou=People,dc=example,dc=edu</Property>
        <Property name="UserNameAttribute">uid</Property> <!--i even tried "cn" here -->
        <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="DisplayNameAttribute"/>
        <Property name="ReadGroups">true</Property>
        <Property name="GroupSearchBase">ou=system</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="BackLinksEnabled">false</Property>
        <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
        <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="SCIMEnabled">false</Property>
        <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
        <Property name="MultiAttributeSeparator">,</Property>
        <Property name="MaxUserNameListLength">100</Property>
        <Property name="MaxRoleNameListLength">100</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="ConnectionPoolingEnabled">true</Property>
        <Property name="LDAPConnectionTimeout">5000</Property>
        <Property name="ReadTimeout"/>
        <Property name="RetryAttempts"/>
        <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
    </UserStoreManager>

这是我的user.ldif,

dn: cn=admin,dc=example,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator
dn: uid=jsmith,ou=People,dc=example,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Joe
uid: jsmith
sn: Smith
cn: John Smith
userPassword: password
dn: uid=banderson,ou=People,dc=example,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Bob
uid: banderson
sn: Anderson
cn: Bob Anderson
userPassword: password

ds-setup info,

[General]
AdminDomain = example.edu
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = admin
ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
FullMachineName = localhost
ServerRoot = /usr/lib64/dirsrv
SuiteSpotGroup = nobody
SuiteSpotUserID = nobody
[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = admin
ServerIpAddress = 0.0.0.0
SysUser = nobody
[slapd]
AddOrgEntries = Yes
AddSampleEntries = No
InstallLdifFile = suggest
RootDN = cn=Directory Manager
RootDNPwd = password
ServerIdentifier = dir
ServerPort = 389
SlapdConfigForMC = yes
Suffix = dc=example,dc=edu
UseExistingMC = No

Ldap结构, http://prntscr.com/ay7p6r

请帮我调试一下,我已经通过WSO2文档尝试了几种组合,但无法解决这个问题。

由于

--- ---编辑 辅助用户存储配置文件

   <?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
      <Property name="ConnectionURL">ldap://URL:389</Property>
      <Property name="ConnectionName">cn=Directory Manager</Property>
      <Property encrypted="true" name="ConnectionPassword">U57XaWZIJHoj8hyMpGTHriXtOdSwZwEBSPjvHmDM/Td9QPGFo1obCWbW/z6W5ebVAKdsIQ7Tii9sUYtNptW2DH14SfUbPTZO80dIl3W2LPMLlWQVJ8DyDedAJo9WgP8490r56TjoJKHN4J5EdJwApYuQPDZMsuBSj80gaAJlpfk=</Property>
      <Property name="UserSearchBase">ou=People,dc=example,dc=edu</Property>
      <Property name="UserNameAttribute">uid</Property>
      <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
      <Property name="UserNameListFilter">(objectClass=person)</Property>
      <Property name="UserDNPattern"/>
      <Property name="DisplayNameAttribute">uid</Property>
      <Property name="Disabled">false</Property>
      <Property name="ReadGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
      <Property name="RoleDNPattern"/>
      <Property name="MembershipAttribute">member</Property>
      <Property name="MemberOfAttribute"/>
      <Property name="BackLinksEnabled">false</Property>
      <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
      <Property name="SCIMEnabled">false</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="UserRolesCacheEnabled">true</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout">5000</Property>
      <Property name="RetryAttempts">0</Property>
      <Property name="DomainName">389ds.com</Property>
      <Property name="Description">testing 389 DS</Property>
</UserStoreManager>

2 个答案:

答案 0 :(得分:2)

根据您在评论中分享的日志,您将收到以下错误,

<paper-dropdown-menu label="Country"> <paper-listbox class="dropdown-content" [(ngModel)]="selectedCountry" (ngModelChange)="GetAdmin1s($event)"> <paper-item ngFor #country [ngForOf]="countries" value="{{country.Id}}">{{country.Name}}</paper-item> </paper-listbox> </paper-dropdown-menu>

这是因为根据您在user-mgt.xml中指定的配置,在389目录服务器中找不到管理员角色“wsoadmin”。

似乎你的组相关配置在user-mgt.xml中也是错误的。如果您不想从user-mgt.xml中的389目录服务器以下属性中选择组信息, Caused by: org.wso2.carbon.user.core.UserStoreException: Admin role can not be created in primary user store. Add-Admin has been set to false. Please pick a Role name which is exist in the primary user store as Admin Role

上面的属性将无效检查目录服务器上的组信息,并自动从IS内部数据库切换到查找组,创建一个名为“wsoadmin”的内部角色,将admin用户“banderson”分配给角色内部wsoadmin角色并完成启动过程成功。

HTH, DarRay

答案 1 :(得分:0)

在您的用户存储管理器配置中,您有 的 org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager

但是,您可以在类下添加配置后尝试相同的操作 的 org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager

同时设置 true ,这样如果管理员用户不存在,它就会添加。