我已将OpenLdap与Identity Server(IS)连接,并且身份验证也成功。现在我正在尝试将389 Directory Server与IS连接。连接成功但我收到错误
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be created in primary user store. User store is read only. Please pick a user name which is exist in the primary u
ser store as Admin user
我的配置是,
<Configuration>
<AddAdmin>False</AddAdmin>
<AdminRole>wsoadmin</AdminRole>
<AdminUser>
<UserName>banderson</UserName>
<Password>*****</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://URL:389/o=NetscapeRoot</Property>
<Property name="ConnectionName">cn=Directory Manager</Property>
<Property name="ConnectionPassword">password</Property>
<Property name="UserSearchBase">ou=People,dc=example,dc=edu</Property>
<Property name="UserNameAttribute">uid</Property> <!--i even tried "cn" here -->
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">true</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
</UserStoreManager>
这是我的user.ldif,
dn: cn=admin,dc=example,dc=edu
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
userPassword: password
description: LDAP administrator
dn: uid=jsmith,ou=People,dc=example,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Joe
uid: jsmith
sn: Smith
cn: John Smith
userPassword: password
dn: uid=banderson,ou=People,dc=example,dc=edu
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
givenName: Bob
uid: banderson
sn: Anderson
cn: Bob Anderson
userPassword: password
ds-setup info,
[General]
AdminDomain = example.edu
ConfigDirectoryAdminID = admin
ConfigDirectoryAdminPwd = admin
ConfigDirectoryLdapURL = ldap://localhost:389/o=NetscapeRoot
FullMachineName = localhost
ServerRoot = /usr/lib64/dirsrv
SuiteSpotGroup = nobody
SuiteSpotUserID = nobody
[admin]
Port = 9830
ServerAdminID = admin
ServerAdminPwd = admin
ServerIpAddress = 0.0.0.0
SysUser = nobody
[slapd]
AddOrgEntries = Yes
AddSampleEntries = No
InstallLdifFile = suggest
RootDN = cn=Directory Manager
RootDNPwd = password
ServerIdentifier = dir
ServerPort = 389
SlapdConfigForMC = yes
Suffix = dc=example,dc=edu
UseExistingMC = No
Ldap结构, http://prntscr.com/ay7p6r
请帮我调试一下,我已经通过WSO2文档尝试了几种组合,但无法解决这个问题。
由于
--- ---编辑 辅助用户存储配置文件
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://URL:389</Property>
<Property name="ConnectionName">cn=Directory Manager</Property>
<Property encrypted="true" name="ConnectionPassword">U57XaWZIJHoj8hyMpGTHriXtOdSwZwEBSPjvHmDM/Td9QPGFo1obCWbW/z6W5ebVAKdsIQ7Tii9sUYtNptW2DH14SfUbPTZO80dIl3W2LPMLlWQVJ8DyDedAJo9WgP8490r56TjoJKHN4J5EdJwApYuQPDZMsuBSj80gaAJlpfk=</Property>
<Property name="UserSearchBase">ou=People,dc=example,dc=edu</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute">uid</Property>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">false</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="DomainName">389ds.com</Property>
<Property name="Description">testing 389 DS</Property>
</UserStoreManager>
答案 0 :(得分:2)
根据您在评论中分享的日志,您将收到以下错误,
<paper-dropdown-menu label="Country">
<paper-listbox class="dropdown-content" [(ngModel)]="selectedCountry" (ngModelChange)="GetAdmin1s($event)">
<paper-item ngFor #country [ngForOf]="countries" value="{{country.Id}}">{{country.Name}}</paper-item>
</paper-listbox>
</paper-dropdown-menu>
这是因为根据您在user-mgt.xml中指定的配置,在389目录服务器中找不到管理员角色“wsoadmin”。
似乎你的组相关配置在user-mgt.xml中也是错误的。如果您不想从user-mgt.xml中的389目录服务器以下属性中选择组信息,
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin role can not be created in primary user store. Add-Admin has been set to false. Please pick a Role name which is exist in the primary user store as Admin Role
上面的属性将无效检查目录服务器上的组信息,并自动从IS内部数据库切换到查找组,创建一个名为“wsoadmin”的内部角色,将admin用户“banderson”分配给角色内部wsoadmin角色并完成启动过程成功。
HTH, DarRay
答案 1 :(得分:0)
在您的用户存储管理器配置中,您有 的 org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager 强>
但是,您可以在类下添加配置后尝试相同的操作 的 org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager 强>
同时设置 true ,这样如果管理员用户不存在,它就会添加。