How to change primary LDAP domain of WSO2 IS 4.5.0

2019-04-15 18:56发布

站内问答 / 移动开发
1417 2 4

I would like modify the domain of the primary user storage (based on LDAP), but i can not get successfully.

The current domain in user-mgt.xml is dc=wso2,dc=org and I would like to change to dc=foobar,dc=com

My modified user-mgt.xml is:

...
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>

            <Property name="defaultRealmName">FOOBAR.COM</Property>

            <Property name="kdcEnabled">false</Property>
            <Property name="Disabled">false</Property>                                   
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserEntryObjectClass">identityPerson</Property>

            <Property name="UserSearchBase">ou=Users,dc=foobar,dc=com</Property>

            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
            <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="EmptyRolesAllowed">true</Property>

            <Property name="GroupSearchBase">ou=Groups,dc=foobar,dc=com</Property>

            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>

            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=foobar,dc=com</Property>

            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>

            <Property name="UserDNPattern">uid={0},ou=Users,dc=foobar,dc=com</Property>
            <Property name="RoleDNPattern">cn={0},ou=Groups,dc=foobar,dc=com</Property>

            <Property name="SCIMEnabled">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
        </UserStoreManager>
...

The error when starting WSO2 IS is:

Caused by: org.wso2.carbon.user.core.UserStoreException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for     SearchRequest
        baseDn : 'ou=Groups,dc=foobar,dc=com'
        filter : '(&(2.5.4.0=groupofnames)(2.5.4.3=*))'
        scope : whole subtree
        typesOnly : false
        Size Limit : 100
        Time Limit : 11
        Deref Aliases : deref Always
        attributes : 'cn'
: ERR_268 Cannot find a partition for ou=Groups,dc=foobar,dc=com]
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleNames(ReadOnlyLDAPUserStoreManager.java:1024)
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetRoleNames(ReadOnlyLDAPUserStoreManager.java:1134)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2485)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2382)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2375)
    at org.wso2.carbon.event.core.internal.subscription.registry.RegistrySubscriptionManager.<init>(RegistrySubscriptionManager.java:91)
    ... 65 more

What should I be missing?

2条回答
【Aperson】
2楼-- · 2019-04-15 19:24

Solved !

I have replaced older domain and defaultRealmName in the following files:

  1. IS_HOME/repository/conf/user-mgt.xml
  2. IS_HOME/repository/conf/tenant-mgt.xml
  3. IS_HOME/repository/conf/embedded-ldap.xml

I have replaced dc=wso2,dc=org for dc=foobar,dc=com and defaultRealmName=WSO2.ORG for FOOBAR.COM, then I deleted the directory named root located in the IS_HOME/repository/data/org.wso2.carbon.directory .. so a fresh default partition will be created again at the restart.

Now, if you connect to WSO2IS' embedded LDAP (10389 port) using any LDAP client, you will see the new domain FOOBAR.COM instead of WSO2.ORG.

I hope that be useful.

查看更多
0人赞 添加讨论(0) 举报
兄弟一词,经得起流年.
3楼-- · 2019-04-15 19:27

I guess, you are trying to change the "dc=wso2,dc=org" value. You can not change it using user-mgt.xml file. user-mgt.xml file is used to connect WSO2IS with LDAP or AD or JDBC user stores. It means there can be LDAP running externally and you need to configure user-mgt.xml file to connect that LDAP using proper configurations. By default WSO2IS is shipped with embedded LDAP server and by default user-mgt.xml file has been configured to point to that embedded LDAP server. This embedded LDAP is created with "dc=wso2,dc=org" value. You can find the configurations of this embedded LDAP in the "embedded-ldap.xml" file. But there is no parameter to configure the domain ""dc=wso2,dc=org". It means, we can not configure it. But you can still create your own LDAP server using ApacheDS, OpenDJ and OpenLDAP and can point it to WSO2 Identity Server.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)