WSO2在AD中更新用户
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WSO2在AD中更新用户相关的知识,希望对你有一定的参考价值。
我们尝试连接到活动目录作为辅助存储,我们成功从AD检索数据,但是当我们尝试从用户配置文件更新用户信息时,我们收到以下消息:
当我们查看日志时,我们发现了以下问题:
javax.naming.directory.NoSuchAttributeException:[LDAP:错误代码16 - 00000057:LdapErr:DSID-0C090EC7,注释:属性转换操作错误,数据0,v3839];剩下的名字'CN = mhejazi'
辅助源配置是:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="ConnectionURL">ldap://10.3.5.33:389</Property>
<Property name="ConnectionName">CN=mhejazi,CN=Users,DC=devdc,DC=sure,DC=Com,DC=sa</Property>
<Property encrypted="true" name="ConnectionPassword">kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg=</Property>
<Property name="UserSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(sAMAccountName=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNamejavascriptRegEx">^[S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="DomainName">devdc.sure.com.sa</Property>
<Property name="Description">Sue Dev
</Property>
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D50, comment: Error in attribute conversion operation, data 0, v3839
如果未通过声明管理UI针对AD属性正确配置声明映射,则会发生此错误。
您需要确保映射的所有属性都是有效的并且存在于Active Directory中。不同的用户商店使用不同的属性在[2]中,您可以找到对Active Directory支持的属性集的引用。默认的WSO2声明映射到某些通用属性,Firstname映射到nickname属性,但Active Directory没有nickname属性。全名映射到cn属性,在活动目录中cn具有其他语义含义。
同样,在您的声明配置中,您需要确保Active Directory支持其中定义的所有属性。如果不受支持,您可以在AD支持的本地声明的声明配置中添加其他映射属性。样本配置如下。
有关此内容的更多信息,请参阅[3]。
[1] https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
[2] http://www.kouti.com/tables/userattributes.htm
[3] https://docs.wso2.com/display/IS540/Managing+User+Attributes
以上是关于WSO2在AD中更新用户的主要内容,如果未能解决你的问题,请参考以下文章
Android:当用户在导航组件、单活动应用程序中回击片段 B 时更新片段 A
WSO2 IS Facebook 用户在 SAML 响应中的角色