OpenLDAP作为Wso2is 5.8.0的主要外部用户存储设置的问题:添加新用户时,获取与createTimestamp属性相关的“错误21”

时间:2019-06-27 14:20:26

标签: docker-compose ldap wso2 wso2is openldap

我在下面的问题中讨论的问题几乎相同,但是在声明配置步骤中出现错误:

Unable to setup OpenLDAP as primary user store for wso2is 5.6.0: LDAP Error 65 when adding a new user in management console

我想使用OpenLDAP作为主要用户存储来设置Wso2is-5.8.0,并使用Docker-Compose文件进行部署。

Identity Server和Openldap之间的连接步骤成功结束,我已经将所有LDAP用户添加到IS中,并且已将admin用户添加到LDAP中。现在,我正在配置索赔参数。

我定义了:

urn:ietf:params:scim:schemas:core:2.0:meta.resourceType = http://wso2.org/claims/userType

我得到“ err = 17 text = userType:属性类型未定义” 所以我定义了userType如下:

http://wso2.org/claims/userType =用户(与OpenLDAP中的“ ou”值有关)

然后我得到“ err = 17 text = createdDate:属性类型未定义” 所以我定义了createdDate,如下所示:

http://wso2.org/claims/created = createTimestamp(作为OpenLDAP中的属性名称)

现在我得到了:

5d14d9a9 conn=1168 op=2 ADD dn="uid=usertest,ou=Users,dc=example,dc=org"
5d15dd6e conn=1340 op=2 RESULT tag=105 err=21 text=createTimestamp: value #0 invalid per syntax

我尝试检查“创建时间”声明配置中的“只读”,但存在相同的错误。

有人能解决这个问题吗?

我附在我的user-mgt.xml文件下面。

提前谢谢

<UserManager>
  <Realm>
    <Configuration>
    <AddAdmin>true</AddAdmin>
    <AdminRole>admin</AdminRole>
    <AdminUser>
        <UserName>admin</UserName>
        <Password>admin</Password>
    </AdminUser>
    <EveryOneRoleName>everyone</EveryOneRoleName>
    <!-- By default users in this role sees the registry root -->
    <!-- Enable username claim retrieve from the UM_USER_NAME in JDBC datasources-->
        <OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
    <Property name="isCascadeDeleteEnabled">true</Property>
    <Property name="initializeNewClaimManager">true</Property>
    <Property name="dataSource">jdbc/WSO2IdentityDS</Property>
    </Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
      <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
      <Property name="ConnectionURL">ldap://192.168.1.10:389</Property>
      <Property name="ConnectionName">cn=admin,dc=example,dc=org</Property>
      <Property name="ConnectionPassword">admin</Property>
      <Property name="AnonymousBind">false</Property>
      <Property name="UserSearchBase">ou=Users,dc=example,dc=org</Property>
      <Property name="UserEntryObjectClass">inetOrgPerson</Property>
      <Property name="UserNameAttribute">uid</Property>
      <Property name="UserNameSearchFilter">(&amp;(objectClass=inetOrgPerson)(uid=?))</Property>
      <Property name="UserNameListFilter">(objectClass=inetOrgPerson)</Property>
      <Property name="DisplayNameAttribute"/>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,dc=example,dc=org</Property>
      <Property name="GroupEntryObjectClass">posixGroup</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&amp;(objectClass=posixGroup)(=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=posixGroup)</Property>
      <Property name="MembershipAttribute">memberUid</Property>
      <Property name="BackLinksEnabled">false</Property>
      <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
      <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
      <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
      <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="SCIMEnabled">true</Property>
      <Property name="IsBulkImportSupported">false</Property>
      <Property name="EmptyRolesAllowed">true</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="kdcEnabled">false</Property>
      <Property name="defaultRealmName">WSO2.ORG</Property>
      <Property name="UserRolesCacheEnabled">true</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout"/>
      <Property name="RetryAttempts"/>
      <Property name="StartTLSEnabled">false</Property>
    </UserStoreManager>
    <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
      <Property name="AdminRoleManagementPermissions">/permission</Property>
      <Property name="AuthorizationCacheEnabled">true</Property>
      <Property name="GetAllRolesOfUserEnabled">false</Property>
    </AuthorizationManager>
    <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
      <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
      <Property name="dataSource">jdbc/WSO2UM_DB</Property>
      <Property name="ReadOnly">false</Property>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="UsernameJavaRegEx">^[\S]{3,30}$</Property>
      <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
      <Property name="RolenameJavaRegEx">^[\S]{3,30}$</Property>
      <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="CaseInsensitiveUsername">false</Property>
      <Property name="SCIMEnabled">false</Property>
      <Property name="IsBulkImportSupported">false</Property>
      <Property name="PasswordDigest">SHA-256</Property>
      <Property name="StoreSaltedPassword">true</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="UserRolesCacheEnabled">true</Property>
      <Property name="UserNameUniqueAcrossTenants">false</Property>
      <Property name="LeadingOrTrailingSpaceAllowedInUserName">false</Property>
    </UserStoreManager>
  </Realm>
</UserManager>

2 个答案:

答案 0 :(得分:0)

请在重新启动后尝试尝试

  1. 启动身份服务器后,转到“主页”->“身份”->“声明” ->列表。

  2. 选择“ urn:ietf:params:scim:schemas:core:2.0”,然后单击“ urn:ietf:params:scim:schemas:core:2.0:meta.resourceType”上的编辑。

  3. 对于“映射的本地声明”,请选择一个您想映射到的适当声明。例如:http://wso2.org/claims/userType和 点击更新。

您可以在https://medium.com/@gdrdabarera/how-to-configure-open-ldap-with-wso2-identity-server-5-4-0-3a76bf240001

中阅读有关使用WSO2 IS配置OpenLDAP的更多信息。

答案 1 :(得分:0)

此resourceType声明在IS-5.4.0中引入。从此开始,在用于表示resourceType的WSO2 IS中,我们已映射了一个名为“ ref”的LDAP属性,但似乎“ ref”是OpenLDAP中保留的用于引用的属性。作为此问题的解决方法,“ urn:ietf:params:scim:schemas:core:2.0:meta.resourceType”已映射到此问题Unable to setup OpenLDAP as primary user store for wso2is 5.6.0: LDAP Error 65 when adding a new user in management console中的userType声明。该问题是基于IS 5.6.0提出的,从IS 5.4.0起我们就可以观察到此问题。

但是,此问题已在最新发行的Identity Server 5.8.0中作为此问题https://github.com/wso2/product-is/issues/4807的修复程序进行了修复。在最新版本中,http://wso2.org/claims/resourceType声明已映射到“ resourceType”属性。您可以在目录/ repository / conf /中的Claim-config.xml文件中进行检查。因此,您无需将“ urn:ietf:params:scim:schemas:core:2.0:meta.resourceType”映射到任何本地声明,例如“ http://wso2.org/claims/userType”声明。因此,无需更改resourceType声明的映射属性。

相关问题
最新问题