我正在使用Identity Server 4.1.0,我也在Apache Directory Studio中运行ApacheDS . 所以我现在想要的是将我的IS连接到外部LDAP .
IS正在连接到ldap,只有它会抛出错误,因为缺少属性定义 . 至少这是我对stacktrace的解释 .
我看到其他人也尝试过了:
WSO2 external ldap not working但我的错误是不同的 .
另外,我在本博客中看到了如何使用Directory Studio,但它似乎都在IS的嵌入式LDAP上运行:
http://www.soasecurity.org/2012/11/multiple-user-store-manager-feature.html
任何帮助表示赞赏!提前致谢
最好的,约翰内斯
这里的错误:
TID:[0] [IS] [2013-06-26 15:26:00,220] ERROR - 无法访问目录上下文或用户已存在system javax.naming.NamingException:[LDAP:错误代码80 - OTHER:MessageType失败:ADD_REQUEST消息ID:5添加请求:条目dn [n]:uid = admin,ou = Users,dc = wso2,dc = org objectClass:identityPerson uid:admin sn:admin userPassword:'0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...'cn:admin ManageDsaITImpl控件类型OID:'2.16.840.1.113730.3.4.2'严重性:'false'':ERR_04269 OID标识符的OBJECT_CLASS不存在!];在com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111)的com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)的com.sun中保留名称'uid = admin' . jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400)at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext . java:277)在org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242)的com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) .wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211)位于org.wso2.carbon的org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) .user.core.ldap.ReadWriteLDAPUserStoreManager . (ReadWriteLDAPUserStoreManager.java:142)at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)at sun.reflect.Nat位于org.wso2.carbon.user的java.lang.reflect.Constructor.newInstance(Constructor.java:513)的sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)中的iveConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)位于org.wso2.carbon.user.core.common的org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147)的.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) .defaultRealm.init(DefaultRealm.java:113)位于org.wso2.carbon.user.core.common.DefaultRealmService的org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) . ( DefaultRealmService.java:103)org.wso2.carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:116)org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67 )在org.eclipse.osgi.framework.internal的org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) .core.BundleContextImpl $ 1.run(BundleContextImpl.java:711)位于org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)的java.security.AccessController.doPrivileged(Native Method) org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)位于org.eclipse的org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) . osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389)位于org.eclipse.osgi.framework的org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) . 在org.eclipse.osgi.framework.internal.core的org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)的internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) . 在org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)的StartLevelManager.incFWSL(StartLevelManager.java:457)在在org.eclipse的org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)的org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) . orgi.eclipse.osgi.framework.eventmgr.EventManager上的osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)$ EventThread.run(EventManager.java:340)TID:[0] [IS] [2013- 06-26 15:26:00,223] ERROR - 无法创建org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager {org.wso2.carbon.user . core.common.DefaultRealm} sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)at sun.reflect.NalConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl)中的java.lang.reflect.InvocationTargetException .java:27)在org.wso2.ca的java.lang.reflect.Constructor.newInstance(Constructor.java:513)位于org.wso2.carbon.user的org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147)的rbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) . core.com.DefaultRealm.init(DefaultRealm.java:113)位于org.wso2.carbon.user.core.common的org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) . DefaultRealmService . (DefaultRealmService.java:103)位于org.wso2.carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:116)org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator . java:67)org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)at org.eclipse.osgi.framework.internal.core.BundleContextImpl $ 1.run(BundleContextImpl.java:711 )在org.eclipse.osgi.framework.internal的org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)的java.security.AccessController.doPrivileged(Native Method)中.core.BundleContextImpl.start(BundleContextImpl.java:683)位于org.eclipse.osgi上的org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381).ObstractBundle .resume(AbstractBundle.java:389)org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130)org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager) .java:559)org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) )org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)at org . org.eclipse.osgi.framework.eventmgr.EventManager.dispa中的eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) tchEvent(EventManager.java:230)at or.e.eclipse.osgi.framework.eventmgr.EventManager $ EventThread.run(EventManager.java:340)引起:org.wso2.carbon.user.core.UserStoreException:无法访问目录上下文或用户已存在于org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:251)org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager)的系统中.java:211)org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805)at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager . (ReadWriteLDAPUserStoreManager.java:142) ... 27更多引起:javax.naming.NamingException:[LDAP:错误代码80 - OTHER:MessageType失败:ADD_REQUEST消息ID:5添加请求:条目dn [n]:uid = admin,ou = Users,dc = wso2,dc = org objectClass:identityPerson uid:admin sn:admin userPassword:'0x7B 0x53 0x48 0x41 0x7D 0x30 0x4 4 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...'cn:admin ManageDsaITImpl控制类型OID:'2.16.840.1.113730.3.4.2'严重性:'false'':ERR_04269 OID标识符的OBJECT_CLASS不存在!];在com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111)的com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)的com.sun中保留名称'uid = admin' . jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400)atcom.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277)位于org.wso2.carbon.user的com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) . core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242)... 30多个TID:[0] [IS] [2013-06-26 15:26:00,225] ERROR - 无法初始化领域 . org.wso2.carbon.user.core.UserStoreException:org.wso2.carbon.user.core.common.DefaultRealm中的nullType类java.lang.reflect.InvocationTargetException位于org.wso2.carbon.user.core.common.DefaultRealm.init的org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147)中的.createObjectWithOptions(DefaultRealm.java:266)(DefaultRealm .java:113)org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)at org.wso2.carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:103) org.wso2.carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:116)位于org.wso2的org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) . carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)位于java.security.AccessControll的org.eclipse.osgi.framework.internal.core.BundleContextImpl $ 1.run(BundleContextImpl.java:711)位于org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java)的org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)中的er.doPrivileged(Native Method) :683)org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389)at at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130)位于org.eclipse的org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) . osg.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)位于org.eclipse.osgi.framework的org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) . or.c.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelMan)中的internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) ager.java:438)org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager $ EventThread.run(EventManager.java:340)由sun.reflect的sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)引起的:java.lang.reflect.InvocationTargetException . NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)位于org.wso2.carbon.user的java.lang.reflect.Constructor.newInstance(Constructor.java:513)的sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) .core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225)... 22更多引起:org.wso2.carbon.user.core.UserStoreException:无法访问目录上下文或org中系统中已存在的用户.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAdd用户(ReadWriteLDAPUserStoreManager.java:251)org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211)at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager . java:1805)at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager . (ReadWriteLDAPUserStoreManager.java:142)... 27更多引起:javax.naming.NamingException:[LDAP:错误代码80 - OTHER:失败对于MessageType:ADD_REQUEST消息ID:5添加请求:条目dn [n]:uid = admin,ou =用户,dc = wso2,dc = org objectClass:identityPerson uid:admin sn:admin userPassword:'0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...'cn:admin ManageDsaITImpl控制类型OID:'2.16.840.1.113730.3.4.2'严重性:'false'':ERR_04269 OID标识符的OBJECT_CLASS不存在!];在com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111)的com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)的剩余名称'uid = admin'atcom.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400)at com.sun.jndi.toolkit.ctx.ComponentDirContext . p_bind(ComponentDirContext.java:277)位于org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java)的com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) 242)... 30多个TID:[0] [IS] [2013-06-26 15:26:00,226]错误 - 无法启动用户管理器核心捆绑 org.wso2.carbon.user.core.UserStoreException:无法初始化域 . org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:227)位于org.wso2的org.wso2.carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:103) . carbon.user.core.common.DefaultRealmService . (DefaultRealmService.java:116)位于org.wso2.carbon.user.core的org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) .internal.BundleCheckActivator.start(BundleCheckActivator.java:61)at org.eclipse.osgi.framework.internal.core.BundleContextImpl $ 1.run(BundleContextImpl.java:711)at java.security.AccessController.doPrivileged(Native Method)at at在org.eclipse的org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)的org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) . 在org.eclip的org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389)的osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)位于org.eclipse.osgi的org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)的se.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) . 在org.eclipse.osgi.framework.internal的org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)的framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) . core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)位于org.eclipse.osgi.framework.internal.core.StartLevelManager的org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) . 在org.eclipse.osgi.framework.eventmgr.EventManager上的org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)中的dispatchEvent(StartLevelManager.java:1)$ EventThread.run(EventManager.java: 340)引起:org.wso2.carbon.user.core.UserStoreException:org.wso中的nullType类java.lang.reflect.InvocationTargetException 2.org.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:266)位于org.wso2.carbon的org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) . user.core.common.DefaultRealm.init(DefaultRealm.java:113)at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)... 19更多引起:java.lang位于sun.reflect.NalConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)的sun.reflect.NativeConstructorAccessorImpl.newInstance0(本地方法)中的.reflect.InvocationTargetException,位于java.lang的sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) .reflect.Constructor.newInstance(Constructor.java:513)at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225)... 22更多引起:org.wso2.carbon . user.core.UserStoreException:无法访问系统中已存在的目录上下文或用户org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:251)位于org.wso2的org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211) .carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805)at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager . (ReadWriteLDAPUserStoreManager.java:142)... 27更多引起:javax .naming.NamingException:[LDAP:错误代码80 - OTHER:MessageType失败:ADD_REQUEST消息ID:5添加请求:条目dn [n]:uid = admin,ou = Users,dc = wso2,dc = org objectClass:identityPerson uid:admin sn:admin userPassword:'0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...'cn:adminManageDsaITImpl控件类型OID:'2.16.840.1.113730.3.4.2'严重性:'false'':ERR_04269 OID标识符的OBJECT_CLASS不存在!];在com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111)的com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)的com.sun中保留名称'uid = admin' . jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400)at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext . java:277)在com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197)org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242)..还有30多个
<UserManager>
<Realm>
<Configuration>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<!--Property name="defaultRealmName">EXAMPLE.COM</Property-->
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">secret</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserSearchBase">ou=system</Property>
<!--Property name="UserSearchBase">ou=Users,dc=example,dc=com</Property-->
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=system</Property>
<!--Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property-->
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<!-- added by joe -->
<!--Property name="UserDNPattern">uid={0},ou=Users,dc=example,dc=com</Property-->
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
1 回答
这是因为WSO2 IS使用一组自定义对象类来实现某些任务,例如SCIM . 由于您使用的是外部LDAP,您可以更改LDAP的架构,也可以使用声明映射映射这些属性 .
由于您使用的是ApacheDS,因此可以使用LDIF来更改LDAP的架构 . 你可以在/repository/data/org.wso2.carbon.directory/schema/ou=schema下找到ldif文件 .
如果您不希望更改架构,那么简单的方法就是更改声明 . 例如,您有一个错误,说'accountlock'不存在 . 这意味着IS尝试在LDAP中向属性插入一些值 . 属性名称是“accountlock” . 这是通过声明映射控制的(主页>配置> IS中的声明管理) . 在那里,您可以找到一组声明方言 .
如果你使用这些方言,你可以找到一套声明 . 我以accountlock属性为例 . 在http://wso2.org/claims方言下,你可以找到'Account Locked'属性 . 您可以将该声明的值(映射属性)更改为您的LDAP中的现有属性 . 此现有属性必须是字符串类型属性 . 可以针对每个缺失属性重复此过程 .
希望这可以帮助