0
我正在配置帶有讀寫外部LDAP的Wso2。 我正在使用Wso2提供的SOAP Api來管理用戶n組。Wso2無法在外部LDAP中寫入組
但是,當試圖將用戶添加到內部組一切正常,但當我嘗試將用戶添加到外部LDAP組時,我得到該角色不存在。這很奇怪,因爲我可以在Wso2中看到角色。我甚至可以將用戶添加到外部組,但在添加之後,它不會顯示爲已添加,即使它實際上已添加到LDAP中。
這是LDAP連接配置
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldaps://some-url:636</Property>
<Property name="ConnectionName">cn=admin,ou=adminGroups,dc=userstore,dc=gk</Property>
<Property name="ConnectionPassword">someAdminPass</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">ou=users,dc=userstore,dc=gk</Property>
<Property name="UserEntryObjectClass">inetOrgPerson</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=posixAccount)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=posixAccount)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=userstore,dc=gk</Property>
<Property name="GroupEntryObjectClass">posixGroup</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=posixGroup)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=posixGroup)</Property>
<Property name="MembershipAttribute">memberOf</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">someregex stuff</Property>
<Property name="UsernameJavaScriptRegEx">someregex stuff</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">someregex stuff</Property>
<Property name="PasswordJavaScriptRegEx">someregex stuff</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">someregex stuff</Property>
<Property name="RolenameJavaScriptRegEx">someregex stuff</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
我使用SOAPUI來製造具有此調用此請求主體
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
<soap:Header/>
<soap:Body>
<ser:updateRoleListOfUser>
<!--Optional:-->
<ser:userName>username</ser:userName>
<!--Zero or more repetitions:-->
<ser:deletedRoles>?</ser:deletedRoles>
<!--Zero or more repetitions:-->
<ser:newRoles>Users</ser:newRoles>
</ser:updateRoleListOfUser>
</soap:Body>
</soap:Envelope>
似乎有些配置已經wrong.Is有一些特殊的配置需要到那個?
你可以在wso2中發佈你的ldap配置和你在ws中使用的請求嗎? –
希望更新help.Thanks !!! – nickGR
wso2工具和端點url? –