我正在使用读写外部LDAP配置Wso2 . 我使用Wso2提供的SOAP Api来管理用户n组 .
但是,当尝试将用户添加到内部组时,一切正常,但是当我尝试将用户添加到外部LDAP组时,我得到该角色不存在 . 这是奇怪的原因,我可以看到Wso2中的角色 . 我甚至可以从那里将用户添加到外部组,但是在添加后,它显示为未添加,即使它实际上已添加到LDAP中 .
这是ldap连接配置
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldaps://some-url:636</Property>
<Property name="ConnectionName">cn=admin,ou=adminGroups,dc=userstore,dc=gk</Property>
<Property name="ConnectionPassword">someAdminPass</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=users,dc=userstore,dc=gk</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=posixAccount)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=posixAccount)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=userstore,dc=gk</Property>
<Property name="GroupEntryObjectClass">posixGroup</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=posixGroup)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=posixGroup)</Property>
<Property name="MembershipAttribute">memberOf</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">someregex stuff</Property>
<Property name="UsernameJavaScriptRegEx">someregex stuff</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">someregex stuff</Property>
<Property name="PasswordJavaScriptRegEx">someregex stuff</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">someregex stuff</Property>
<Property name="RolenameJavaScriptRegEx">someregex stuff</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
我正在使用SoapUi来调用此请求正文
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soap:Header/>
<soap:Body>
<ser:updateRoleListOfUser>
<!--Optional:-->
<ser:userName>username</ser:userName>
<!--Zero or more repetitions:-->
<ser:deletedRoles>?</ser:deletedRoles>
<!--Zero or more repetitions:-->
<ser:newRoles>Users</ser:newRoles>
</ser:updateRoleListOfUser>
</soap:Body>
</soap:Envelope>
似乎某些配置出错了 . 是否需要一些特殊配置?
1 回答
这是一个愚蠢的错误 . 我正在传递
<ser:deletedRoles>?</ser:deletedRoles>,这实际上是在抛出错误,说该组不存在 .关于我说的部分
这与我在LDAP服务器中使用的不同设置有关 . 我为此配置问题创建了一个额外的thread .