Question

使用默认的WSO2-IS 5.3.0用户存储配置时，admin可以成功登录管理控制台。在将外部LDAP配置为主用户存储时，admin不再能够在mc登录。

此帖与wso2IS login issue after configuring with external LDAP server类似不幸的是，我当前的平台声誉状态不允许对给定答案进行评论和后续探索。此外，所述答案说明＆＃34;您的主存储应该是此实例中的JDBC存储，因为您正在禁用嵌入式LDAP＆＃34;彻底困惑我。

我读过外部LDAP可以用作主用户存储，并且没有注意到对外部LDAP的JDBC要求的任何引用。至少，我不需要改变或编辑。

配置参考：

1）https://medium.com/@gdrdabarera/how-to-configure-open-ldap-with-wso2-identity-server-5-4-0-3a76bf240001

2）https://docs.wso2.com/display/IS530/Configuring+a+Read-write+LDAP+User+Store

＆＃34; ConnectionName＆＃34;价值类型在两者之间有所不同。只有在第一次参考结果后才能成功启动wso2-is。在启动消息期间1）禁用嵌入式LDAP并且2）显示在读写模式下成功创建的LDAP连接，因此我有一些希望。

USR-mgt.xml

<UserManager>
<Realm>
    <Configuration>
    <AddAdmin>true</AddAdmin>
        <AdminRole>admin</AdminRole>
        <AdminUser>
            <UserName>admin</UserName>
            <Password>admin</Password>
        </AdminUser>
        <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
        <Property name="isCascadeDeleteEnabled">true</Property>
        <Property name="initializeNewClaimManager">true</Property>
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
    </Configuration>



    <!-- Following user manager is used by Identity Server (IS) as its default user manager.
         IS will do token replacement when building the product. Therefore do not change the syntax.
         If "kdcEnabled" parameter is true, IS will allow service principle management.
         Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and
         service password formats. In case if user core cache domain is needed to identify uniquely set property
         <Property name="UserCoreCacheIdentifier">domain</Property>
    -->
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
        <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
        <Property name="ConnectionURL">ldap://localhost:389</Property>
        <Property name="ConnectionName">cn=admin,dc=wso2,dc=org</Property>
        <Property name="ConnectionPassword">admin</Property>
        <Property name="AnonymousBind">false</Property>
        <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
        <Property name="UserEntryObjectClass">identityPerson</Property>
        <Property name="UserNameAttribute">uid</Property>
        <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="DisplayNameAttribute"/>
        <Property name="ReadGroups">true</Property>
        <Property name="WriteGroups">true</Property>
        <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
        <Property name="GroupEntryObjectClass">groupOfNames</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="BackLinksEnabled">false</Property>
        <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
        <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
        <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
        <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
        <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
        <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
        <Property name="SCIMEnabled">true</Property>
        <Property name="IsBulkImportSupported">false</Property>
        <Property name="EmptyRolesAllowed">false</Property>
        <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
        <Property name="MultiAttributeSeparator">,</Property>
        <Property name="MaxUserNameListLength">100</Property>
        <Property name="MaxRoleNameListLength">100</Property>
        <Property name="kdcEnabled">false</Property>
        <Property name="defaultRealmName">WSO2.ORG</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="ConnectionPoolingEnabled">false</Property>
        <Property name="LDAPConnectionTimeout">5000</Property>
        <Property name="ReadTimeout"/>
        <Property name="RetryAttempts"/>
    </UserStoreManager>

    <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        <Property name="AdminRoleManagementPermissions">/permission</Property>
        <Property name="AuthorizationCacheEnabled">true</Property>
        <Property name="GetAllRolesOfUserEnabled">false</Property>
    </AuthorizationManager>
</Realm>

非常感谢任何见解。

配置新的主LDAP用户存储后，管理员无法访问WSO2-IS管理控制台

0 个答案: