如何使外部ldap作为主要用户存储在wso2身份服务器5.10.0中

时间:2020-05-21 18:24:51

标签: ldap wso2 wso2is apache-directory

我正在尝试在wso2is 5.10.0中将Apache Directory Studio设置为外部ldap(主要用户存储),并在Deployment.toml文件中进行以下配置

[super_admin]
username = "admin"
password = "admin"
#admin_role = "admin"
create_admin_account = true

[user_store]
type = "read_write_ldap_unique_id"
user_entry_object_class = "inetOrgPerson"
connection_url = "ldap://localhost:10390"
connection_name = "uid=admin,ou=system"
connection_password = "secret"
#scim_enabled = "false"
user_id_attribute = "uid"
user_search_base = "ou=users,ou=system"
base_dn = "ou=system"

启动wso2时,ldap连接成功建立

 INFO {org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager} - LDAP connection created successfully in read-write mode

但是我之前在日志中收到以下错误

 ERROR {org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager} - There is no user with the user name: a9fbdaba-ef0a-422c-a3c7-150d8e62bc44,admin to be added to this role.

后来我也得到

 ERROR {org.wso2.carbon.identity.scim.common.internal.SCIMCommonComponent} - Error occurred while setting SCIM attributes for the Admin org.wso2.carbon.user.core.UserStoreException: Error in adding SCIM metadata to the admin in tenant domain: carbon.super
        at org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils.setAdminSCIMAttributes(SCIMCommonUtils.java:250)
        at org.wso2.carbon.identity.scim.common.internal.SCIMCommonComponent.activate(SCIMCommonComponent.java:79)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
        at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
        at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
        at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
        at org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent.activate(IdentityCoreServiceComponent.java:171)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
        at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
        at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
        at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
        at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:529)
        at org.wso2.carbon.core.init.CarbonServerManager.removePendingItem(CarbonServerManager.java:305)
        at org.wso2.carbon.core.init.PreAxis2ConfigItemListener.bundleChanged(PreAxis2ConfigItemListener.java:118)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:973)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
        at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: org.wso2.carbon.user.core.UserStoreException: userName value is null.
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:205)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:1548)
        at org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils.setAdminSCIMAttributes(SCIMCommonUtils.java:231)
        ... 50 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
        at java.security.AccessController.doPrivileged(Native Method)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:191)
        ... 52 more
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:194)
        ... 54 more
Caused by: org.wso2.carbon.user.core.UserStoreException: userName value is null.
        at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getUserPropertyValues(ReadOnlyLDAPUserStoreManager.java:571)
        at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.getUserPropertyValuesWithID(UniqueIDReadOnlyLDAPUserStoreManager.java:640)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doGetUserClaimValuesWithID(AbstractUserStoreManager.java:11346)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:1581)
        ... 59 moreanager.

管理员用户已在ldap中注册,但我无法登录到管理控制台。

我是否缺少任何配置设置,或者还有其他方法可以这样做吗?

编辑:我使用时

user_id_attribute = "scimId"

ldap连接无法建立,并且出现以下错误

ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - nullType class java.lang.reflect.InvocationTargetException org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
        at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:397)
        at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:224)
        at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:129)
        at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
        at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
        at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
        at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:72)
        at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
        at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
        at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
        at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
        at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
        at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
        at org.eclipse.osgi.container.Module.doStart(Module.java:598)
        at org.eclipse.osgi.container.Module.start(Module.java:462)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
        at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
        at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
        at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
        at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:351)
        ... 25 more
Caused by: java.lang.NullPointerException
        at org.wso2.carbon.user.core.util.UserCoreUtil.addDomainToName(UserCoreUtil.java:561)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addToUserNameCache(AbstractUserStoreManager.java:11877)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNameFromUserID(AbstractUserStoreManager.java:11842)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNamesFromUserIDs(AbstractUserStoreManager.java:11916)
        at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.doAddRoleWithID(UniqueIDReadWriteLDAPUserStoreManager.java:1270)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:8410)
        at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:246)
        at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.<init>(UniqueIDReadOnlyLDAPUserStoreManager.java:148)
        at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.<init>(UniqueIDReadWriteLDAPUserStoreManager.java:122)
        ... 30 more

0 个答案:

没有答案