当前位置: 文江博客话题详情

WSO2 APIM 4.0.0 - 组未分配给用户

发布于 2025-01-11 23:56:35 字数 5058 浏览 3 评论 0原文

我正在尝试针对 OpenLDAP 配置 API Manager 4.0.0。

用户和组已从 LDAP 中正确获取,我可以在 Carbon UI 上看到它们。

当我导航到一组的“查看用户”时,我可以看到使用 ldap 的属性“uniqueMember”获取的用户。

但是,当我导航到一个用户的“查看角色”时,仅显示“内部/所有人”。用户的组未分配给他。

仅以一种方式看待关系正常吗?

我的 OpenLDAP 没有“memberOf”属性模式。也许是必需的?

我正在使用 wso4am-4.0.0.zip 一体式全新安装,无需修改。

这是用户存储的配置:

<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
      <Property name="ConnectionURL">ldap://xxx:389</Property>
      <Property name="ConnectionName">cn=admin,dc=mycompany-dev,dc=fr</Property>
      <Property encrypted="true" name="ConnectionPassword">xxx</Property>
      <Property name="UserSearchBase">ou=Users,ou=wso2,dc=mycompany-dev,dc=fr</Property>
      <Property name="UserEntryObjectClass">person</Property>
      <Property name="UserNameAttribute">uid</Property>
      <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
      <Property name="UserNameListFilter">(objectClass=person)</Property>
      <Property name="UserIDAttribute">scimId</Property>
      <Property name="UserIdSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
      <Property name="UserDNPattern"/>
      <Property name="DisplayNameAttribute"/>
      <Property name="Disabled">false</Property>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,ou=wso2,dc=mycompany-dev,dc=fr</Property>
      <Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfUniqueNames)(cn=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
      <Property name="RoleDNPattern"/>
      <Property name="MembershipAttribute">uniqueMember</Property>
      <Property name="MemberOfAttribute"/>
      <Property name="BackLinksEnabled">true</Property>
      <Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
      <Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
      <Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
      <Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
      <Property name="LDAPInitialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</Property>
      <Property name="DateAndTimePattern">Date And Time Pattern</Property>
      <Property name="CaseInsensitiveUsername">true</Property>
      <Property name="BulkImportSupported">true</Property>
      <Property name="EmptyRolesAllowed">true</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="kdcEnabled">false</Property>
      <Property name="defaultRealmName">WSO2.ORG</Property>
      <Property name="UserRolesCacheEnabled">false</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout">5000</Property>
      <Property name="RetryAttempts">0</Property>
      <Property name="CountRetrieverClass"/>
      <Property name="java.naming.ldap.attributes.binary"/>
      <Property name="ClaimOperationsSupported">true</Property>
      <Property name="MembershipAttributeRange">0</Property>
      <Property name="UserCacheExpiryMilliseconds"/>
      <Property name="UserDNCacheEnabled">true</Property>
      <Property name="StartTLSEnabled">false</Property>
      <Property name="ConnectionRetryDelay">120000</Property>
      <Property name="ImmutableAttributes"/>
      <Property name="TimestampAttributes"/>
      <Property name="DomainName">CompanyUsers</Property>
      <Property name="Description"/>
</UserStoreManager>
原文

I'm trying to configure API Manager 4.0.0 against OpenLDAP.

The users and groups are correctly fetched from the ldap and I can see them on carbon UI.

When I navigate to "View Users" of one group, I can see the users that are fetched using the attribute "uniqueMember" of the ldap.

But when I navigate to "View Roles" of one user, only "Internal/everyone" is displayed. The groups of the user are not assigned to him.

Is it normal to see the relationship in one way only ?

My OpenLDAP has no "memberOf" attribute schema. Maybe it is required ?

I am using a fresh install from wso4am-4.0.0.zip all-in-one without modification.

Here is the configuration of the userstore:

<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
      <Property name="ConnectionURL">ldap://xxx:389</Property>
      <Property name="ConnectionName">cn=admin,dc=mycompany-dev,dc=fr</Property>
      <Property encrypted="true" name="ConnectionPassword">xxx</Property>
      <Property name="UserSearchBase">ou=Users,ou=wso2,dc=mycompany-dev,dc=fr</Property>
      <Property name="UserEntryObjectClass">person</Property>
      <Property name="UserNameAttribute">uid</Property>
      <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
      <Property name="UserNameListFilter">(objectClass=person)</Property>
      <Property name="UserIDAttribute">scimId</Property>
      <Property name="UserIdSearchFilter">(&(objectClass=person)(uid=?))</Property>
      <Property name="UserDNPattern"/>
      <Property name="DisplayNameAttribute"/>
      <Property name="Disabled">false</Property>
      <Property name="ReadGroups">true</Property>
      <Property name="WriteGroups">true</Property>
      <Property name="GroupSearchBase">ou=Groups,ou=wso2,dc=mycompany-dev,dc=fr</Property>
      <Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
      <Property name="GroupNameAttribute">cn</Property>
      <Property name="GroupNameSearchFilter">(&(objectClass=groupOfUniqueNames)(cn=?))</Property>
      <Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
      <Property name="RoleDNPattern"/>
      <Property name="MembershipAttribute">uniqueMember</Property>
      <Property name="MemberOfAttribute"/>
      <Property name="BackLinksEnabled">true</Property>
      <Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
lt;/Property>
      <Property name="UserNameJavaScriptRegEx">^[\S]{3,30}
lt;/Property>
      <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
      <Property name="PasswordJavaRegEx">^[\S]{5,30}
lt;/Property>
      <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}
lt;/Property>
      <Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
      <Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}
lt;/Property>
      <Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}
lt;/Property>
      <Property name="LDAPInitialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</Property>
      <Property name="DateAndTimePattern">Date And Time Pattern</Property>
      <Property name="CaseInsensitiveUsername">true</Property>
      <Property name="BulkImportSupported">true</Property>
      <Property name="EmptyRolesAllowed">true</Property>
      <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
      <Property name="MultiAttributeSeparator">,</Property>
      <Property name="MaxUserNameListLength">100</Property>
      <Property name="MaxRoleNameListLength">100</Property>
      <Property name="kdcEnabled">false</Property>
      <Property name="defaultRealmName">WSO2.ORG</Property>
      <Property name="UserRolesCacheEnabled">false</Property>
      <Property name="ConnectionPoolingEnabled">false</Property>
      <Property name="LDAPConnectionTimeout">5000</Property>
      <Property name="ReadTimeout">5000</Property>
      <Property name="RetryAttempts">0</Property>
      <Property name="CountRetrieverClass"/>
      <Property name="java.naming.ldap.attributes.binary"/>
      <Property name="ClaimOperationsSupported">true</Property>
      <Property name="MembershipAttributeRange">0</Property>
      <Property name="UserCacheExpiryMilliseconds"/>
      <Property name="UserDNCacheEnabled">true</Property>
      <Property name="StartTLSEnabled">false</Property>
      <Property name="ConnectionRetryDelay">120000</Property>
      <Property name="ImmutableAttributes"/>
      <Property name="TimestampAttributes"/>
      <Property name="DomainName">CompanyUsers</Property>
      <Property name="Description"/>
</UserStoreManager>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
扫码二维码加入Web技术交流群
发布评论
 
需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
   
评论(1
信仰 2025-01-18 23:56:35
仅供参考,我在激活日志后找到了答案:
调试
{org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager} - 找不到属性的用户 ID:uid,值:user1,域:COMPANYUSERS
由于我的 Ldap 中不存在 scimId,所以错误地获取了用户
<Property name="UserIDAttribute">scimId</Property>

我更改为 uid现在正在发挥作用。
<Property name="UserIDAttribute">uid</Property>

FYI I found the answer after activating logs :
DEBUG
{org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager} - No UserID found for the property: uid, value: user1, in domain: COMPANYUSERS
My user was incorrectly fetched because of scimId not exists in my Ldap
<Property name="UserIDAttribute">scimId</Property>

I changed to uid and it is working now.
<Property name="UserIDAttribute">uid</Property>

 回复 原文 
~没有更多了~
关于作者
 牵你的手,一向走下去
暂无简介
 文章
 评论
819 人气
 发私信
相关话题
更多 
热门标签
操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多 
推荐作者
牛↙奶布丁
文章 0 评论 0
COSO
文章 0 评论 0
落叶
文章 0 评论 0
暗地喜欢
文章 0 评论 0
qq_i8qOEG
文章 0 评论 0
qq_Wl4Sbi
文章 0 评论 0
更多 
友情链接
文江博客
       
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
     
    原文