我想用WSO2IS建立一个外部LDAP(openldap-2.4.31)服务器,为此我在deployment.toml中修改了一些配置,下面是我的配置示例。
[super_admin]
username = "admin"
password = "password"
create_admin_account = false
[user_store]
class = "org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager"
type = "read_write_ldap_unique_id"
connection_url = "ldap://my.url.com:389"
connection_name = "cn=admin,DC=url,DC=com"
connection_password = "password"
user_search_base = "DC=url,DC=com"
base_dn = "DC=url,DC=com"
read_groups = false
我已经设置了LDAP服务器,并且管理员用户在基础数据库中。
每当我尝试连接到服务器,我得到以下错误信息。
ERROR {org.wso2.carbon.identity.scim.common.internal.SCIMCommonComponent} - Error occurred while setting SCIM attributes for the Admin org.wso2.carbon.user.core.UserStoreException: Error in adding SCIM metadata to the admin in tenant domain: carbon.super
at org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils.setAdminSCIMAttributes(SCIMCommonUtils.java:250)
at org.wso2.carbon.identity.scim.common.internal.SCIMCommonComponent.activate(SCIMCommonComponent.java:79)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
at org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent.activate(IdentityCoreServiceComponent.java:171)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:529)
at org.wso2.carbon.core.init.CarbonServerManager.removePendingItem(CarbonServerManager.java:305)
at org.wso2.carbon.core.init.PreAxis2ConfigItemListener.bundleChanged(PreAxis2ConfigItemListener.java:118)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:973)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: org.wso2.carbon.user.core.UserStoreException: 30007 - UserNotFound: User admin does not exist in: PRIMARY
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:205)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:1548)
at org.wso2.carbon.identity.scim.common.utils.SCIMCommonUtils.setAdminSCIMAttributes(SCIMCommonUtils.java:231)
... 50 more
Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:191)
... 52 more
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:194)
... 54 more
Caused by: org.wso2.carbon.user.core.UserStoreException: 30007 - UserNotFound: User admin does not exist in: PRIMARY
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValue(AbstractUserStoreManager.java:1575)
... 59 more
在出现上述错误之前,我也得到了这个消息。
INFO {org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager} - LDAP connection created successfully in read-write mode
下面是我的user-mgt.xml。
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>password</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
<!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/SHARED_DB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
<Property name="IsBulkImportSupported">true</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="ConnectionPassword">password</Property>
<Property name="DisplayNameAttribute"></Property>
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="UserSearchBase">DC=url,DC=com</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="StartTLSEnabled">false</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserIdSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserIDAttribute">scimId</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="WriteGroups">true</Property>
<Property name="AnonymousBind">false</Property>
<Property name="ConnectionURL">ldap://my.url.com:389</Property>
<Property name="ConnectionName">cn=admin,DC=url,DC=com</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="GroupSearchBase">ou=Groups,DC=url,DC=com</Property>
<Property name="ReadGroups">false</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="ConnectionRetryDelay">120000</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="kdcEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="GetAllRolesOfUserEnabled">false</Property>
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
此外,当我尝试更改[super_admin]配置为:
create_admin_account = true
它也会导致错误。
ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - nullType class java.lang.reflect.InvocationTargetException org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:397)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:224)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:129)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:72)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
at org.eclipse.osgi.container.Module.doStart(Module.java:598)
at org.eclipse.osgi.container.Module.start(Module.java:462)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:351)
... 25 more
Caused by: java.lang.NullPointerException
at org.wso2.carbon.user.core.util.UserCoreUtil.addDomainToName(UserCoreUtil.java:561)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addToUserNameCache(AbstractUserStoreManager.java:11877)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNameFromUserID(AbstractUserStoreManager.java:11842)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNamesFromUserIDs(AbstractUserStoreManager.java:11916)
at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.doAddRoleWithID(UniqueIDReadWriteLDAPUserStoreManager.java:1270)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:8410)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:246)
at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.<init>(UniqueIDReadOnlyLDAPUserStoreManager.java:148)
at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.<init>(UniqueIDReadWriteLDAPUserStoreManager.java:122)
... 30 more
ERROR {org.wso2.carbon.user.core.internal.Activator} - Cannot start User Manager Core bundle org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:286)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:72)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
at org.eclipse.osgi.container.Module.doStart(Module.java:598)
at org.eclipse.osgi.container.Module.start(Module.java:462)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:318)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:129)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
... 22 more
Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:397)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:224)
... 24 more
Caused by: java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:351)
... 25 more
Caused by: java.lang.NullPointerException
at org.wso2.carbon.user.core.util.UserCoreUtil.addDomainToName(UserCoreUtil.java:561)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addToUserNameCache(AbstractUserStoreManager.java:11877)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNameFromUserID(AbstractUserStoreManager.java:11842)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserNamesFromUserIDs(AbstractUserStoreManager.java:11916)
at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.doAddRoleWithID(UniqueIDReadWriteLDAPUserStoreManager.java:1270)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:8410)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:246)
at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.<init>(UniqueIDReadOnlyLDAPUserStoreManager.java:148)
at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.<init>(UniqueIDReadWriteLDAPUserStoreManager.java:122)
... 30 more
根据你的user-mgt.xml文件,UserIDAttribute被设置为scimId。我想openLdap没有一个名为scimId的属性。
把它改成open leap中支持的唯一用户属性。
<Property name="UserIDAttribute">scimId</Property>
关于如何使用deployment.toml文件配置属性,可以参考[1]。
[1] https:/is.docs.wso2.comen5.10.0setupconfiguring-a-read-write-ldap-user-store。
干杯,伊苏拉。