首页 文章

无法在wso2 api manager中的Active Directory中登录用户

提问于
浏览
1

我已经使用外部LDAP配置 wso2 api manager ,即 Microsoft Active Directory. 已 Build 连接,我可以看到AD中存在的WSO2 apim用户存储中的所有用户 . 我在AD中关注用户 4

Users : WSo2 Admin, WSO2 User1, WSO2 User2

但我_277010_m在配置文件中分配 admin 角色,如下面的代码段 .

<AdminUser> <UserName>Wso2 Admin</UserName> <Password>abcdef@01</Password> </AdminUser>

现在我只能用 WSo2 Admin 登录,如果我在配置文件中分配管理员角色,其他用户也会这样做我将能够登录 .

但我想登录AD中的每个用户,即 WSo2 Admin, WSO2 User1, WSO2 User2

这是我的配置文件:

<?xml version="1.0" encoding="UTF-8"?>
<UserManager>
    <Realm>
        <Configuration>
            <AddAdmin>false</AddAdmin>
            <AdminRole>admin</AdminRole>
            <AdminUser>
                <UserName>Wso2 Admin</UserName>
                <Password>abcdef@01</Password>
            </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName>
            <!-- By default users in this role sees the registry root -->
            <Property name="isCascadeDeleteEnabled">true</Property>
            <Property name="initializeNewClaimManager">true</Property>
            <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ConnectionURL">ldap://test.xxxx.com:389</Property> 
            <Property name="ConnectionName">CN=Wso2 Admin,OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="ConnectionPassword">abcdef@01</Property>
            <Property name="AnonymousBind">false</Property>
            <Property name="UserSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="UserEntryObjectClass">user</Property>
            <Property name="UserNameAttribute">cn</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>
            <Property name="UserNameListFilter">(objectClass=user)</Property>
            <Property name="DisplayNameAttribute"/>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="GroupSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="GroupEntryObjectClass">group</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>
            <Property name="GroupNameListFilter">(objectcategory=group)</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="MemberOfAttribute">memberOf</Property>
            <Property name="BackLinksEnabled">true</Property>
            <Property name="Referral">follow</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="SCIMEnabled">false</Property>
            <Property name="IsBulkImportSupported">true</Property>
            <Property name="EmptyRolesAllowed">true</Property>
            <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
            <Property name="MultiAttributeSeparator">,</Property>
            <Property name="isADLDSRole">false</Property>
            <Property name="userAccountControl">512</Property>
            <Property name="MaxUserNameListLength">100</Property>     
            <Property name="MaxRoleNameListLength">100</Property>                     
            <Property name="MembershipAttributeRange">1500</Property>
            <Property name="kdcEnabled">false</Property>
            <Property name="defaultRealmName">WSO2.ORG</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="ConnectionPoolingEnabled">false</Property>
            <Property name="LDAPConnectionTimeout">5000</Property>
            <Property name="ReadTimeout"/>
            <Property name="RetryAttempts"/>
        </UserStoreManager>

        <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
            <Property name="AdminRoleManagementPermissions">/permission</Property>
            <Property name="AuthorizationCacheEnabled">true</Property>
            <Property name="GetAllRolesOfUserEnabled">true</Property>
        </AuthorizationManager>
    </Realm>
</UserManager>
wso2 wso2is wso2-am wso2carbon

1 回答

  • 2

    对于管理控制台,只允许管理员(管理员组的成员)登录 .

    如果您希望任何用户登录,您可以尝试查找角色 Internal/everyone 并向该角色添加权限 Login .

    但是,默认情况下,用户只能更改密码(即使在使用ldaps连接而不是ldap之前也不是这样)

    回复于

相关问题