与Microsoft Active Directory配置的Wso2身份服务器连接

Question

连接到Microsoft Active Directory时，在wso2身份服务器控制台上收到以下错误

  

获取连接时出错。 [LDAP：错误代码49 - 80090308：LdapErr：DSID-0C0903C5，注释：AcceptSecurityContext错误，数据52e，v2580]   javax.naming.AuthenticationException：[LDAP：错误代码49 - 80090308：LdapErr：DSID-0C0903C5，注释：AcceptSecurityContext错误，数据52e，v2580]

以下user-mgt.xml配置为

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
   <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
   <Property name="ConnectionURL">ldap://10.10.4.145:389</Property>
   <Property name="ConnectionName">uid=wso2admin,ou=Users</Property>
   <Property name="ConnectionPassword">root.123</Property>
   <Property name="AnonymousBind">false</Property>
   <Property name="UserSearchBase">ou=Users,dc=prc,dc=com</Property>
   <Property name="UserEntryObjectClass">identityPerson</Property>
   <Property name="UserNameAttribute">uid</Property>
   <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
   <Property name="UserNameListFilter">(objectClass=person)</Property>
   <Property name="DisplayNameAttribute" />
   <Property name="ReadGroups">true</Property>
   <Property name="WriteGroups">true</Property>
   <Property name="GroupSearchBase">ou=Groups,dc=prc,dc=com</Property>
   <Property name="GroupEntryObjectClass">groupOfNames</Property>
   <Property name="GroupNameAttribute">cn</Property>
   <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
   <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
   <Property name="MembershipAttribute">member</Property>
   <Property name="BackLinksEnabled">false</Property>
   <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
   <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
   <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
   <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
   <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
   <Property name="SCIMEnabled">true</Property>
   <Property name="IsBulkImportSupported">false</Property>
   <Property name="EmptyRolesAllowed">true</Property>
   <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
   <Property name="MultiAttributeSeparator">,</Property>
   <Property name="MaxUserNameListLength">100</Property>
   <Property name="MaxRoleNameListLength">100</Property>
   <Property name="kdcEnabled">false</Property>
   <Property name="defaultRealmName">prc.com</Property>
   <Property name="UserRolesCacheEnabled">true</Property>
   <Property name="ConnectionPoolingEnabled">false</Property>
   <Property name="LDAPConnectionTimeout">5000</Property>
   <Property name="ReadTimeout" />
   <Property name="RetryAttempts" />
</UserStoreManager>

Answer 1

“错误代码49”表示凭据错误（您尝试连接时使用的凭据）。

我认为是这样的：

<Property name="ConnectionName">uid=wso2admin,ou=Users</Property>

根据the documentation，此属性应为“LDAP中管理员用户的DN（区分名称）”。但是您的专有名称不正确有两个原因：

1. 您不能在专有名称中使用uid（该示例使用uid，但这不适用于Active Directory）。它应该以{{1​​}}开头。
2. 您错过了DN的域名部分，例如“dc = prc，dc = com”（我假设这就是您所在域的内容“

所以看起来应该更像这样（但你必须验证它是否正确）：

CN=