我在下面的问题中几乎有同样的问题,但是我在索赔配置步骤中会出现错误:
无法将OpenLDAP设置为WSO2IS 5.6.0的主要用户存储:LDAP错误65在管理控制台中添加新用户时
我想将WSO2IS-5.8.0设置为OpenLDAP作为主要用户存储,并且我使用Docker-Compose文件进行部署。
Identity Server和OpenLDAP之间的连接步骤结束了成功,我将所有的LDAP用户都添加到IS中,并且Admin用户已添加到LDAP中。现在我正在配置索赔参数。
我定义:
urn:ietf:params:scim:schemas:core:2.0:meta.resourcetype = http://wso2.org/claims/usertype
i获得" err = 17 text = usertype:属性类型undefined"因此,我定义了用如下:
http://wso2.org/claims/usertype =用户(与OpenDAP中的" OU"值有关(
然后我得到" err = 17 text = createDate:属性类型undefined"因此,我定义了createDate如下:
http://wso2.org/claims/created = createTimestamp(as openldap中的属性名称(
现在我得到了:
5d14d9a9 conn=1168 op=2 ADD dn="uid=usertest,ou=Users,dc=example,dc=org"
5d15dd6e conn=1340 op=2 RESULT tag=105 err=21 text=createTimestamp: value #0 invalid per syntax
我尝试仅在"创建时间"声明配置中检查读取,但同样的错误。
有人有办法解决这个问题吗?
我附加了我的用户mgt.xml文件。
预先感谢您
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<!-- By default users in this role sees the registry root -->
<!-- Enable username claim retrieve from the UM_USER_NAME in JDBC datasources-->
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2IdentityDS</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://192.168.1.10:389</Property>
<Property name="ConnectionName">cn=admin,dc=example,dc=org</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=Users,dc=example,dc=org</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=inetOrgPerson)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=inetOrgPerson)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=example,dc=org</Property>
<Property name="GroupEntryObjectClass">posixGroup</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=posixGroup)(=?))</Property>
<Property name="GroupNameListFilter">(objectClass=posixGroup)</Property>
<Property name="MembershipAttribute">memberUid</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
<Property name="StartTLSEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">false</Property>
</AuthorizationManager>
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
<Property name="dataSource">jdbc/WSO2UM_DB</Property>
<Property name="ReadOnly">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="UsernameJavaRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">^[S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="CaseInsensitiveUsername">false</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="LeadingOrTrailingSpaceAllowedInUserName">false</Property>
</UserStoreManager>
</Realm>
</UserManager>
重新启动后请尝试这样的尝试,
-
启动身份服务器后转到家 ->身份 ->索赔 ->列表。
-
选择" urn:ietf:params:scim:scim:schemas:core:2.0",然后单击" urn:ietf:ietf:carams:scim:scim:scim:scim:core:2.0:meta.resourcetype"。
-
对于"映射本地索赔",请选择一个适当的索赔,您想映射到此。例如:http://wso2.org/claims/usertype和单击更新。
您可以阅读有关使用WSO2配置OpenDap的更多信息
此ResousceType声明在IS-5.4.0中介绍。从此开始,在WSO2中,用于表示我们已经映射了一个称为" ref"的LDAP属性的ResousceType,但是看来" ref"是一个保留在openldap中的属性。作为此问题的解决方法," urn:ietf:params:scim:scim:scim:core:2.0:meta.resourcetype"被映射到USERTYPE索赔中,无法将其设置为WSO2IS 5.6.0的主要用户存储,for WSO2IS 5.6.0:LDAP错误65在管理控制台中添加新用户时。根据5.6.0提出了这个问题,我们能够从5.4.0开始观察此问题。
但是,此问题已在最新发布的身份服务器5.8.0中解决,以解决此问题https://github.com/wso2/product-is/issues/4807。在最新版本中,http://wso2.org/claims/resourcetype索赔映射到" ResourceType"属性。您可以在位于目录/存储库/conf/的索赔config.xml文件中检查此文件。因此,您无需将" urn:ietf:params:scim:scim:scim:core:2.0:meta.resourcetype"映射到任何本地索赔,例如" http://wso2.org/claims/usertype"索赔。因此,无需更改ResourceType声明的映射属性。