Невозможно войти в магазин API с внешними учетными записями ldap

Question

Невозможно войти в магазин API с внешними учетными записями ldap

Я использую WSO2 API Manager 1.4.0 и настроил вторичное внешнее хранилище пользователей LDAP в дополнение к хранилищу пользователей JDBC по умолчанию. Сервер запускается нормально, и я могу войти в консоль API Manager с учетными записями как из внешнего хранилища LDAP, так и из хранилища по умолчанию. Однако, когда я пытаюсь войти в API Store с учетной записью из внешнего хранилища LDAP, я получаю сообщение об ошибке "Ошибка аутентификации. Неверное имя пользователя или пароль".

Вот журнал:

[2013-09-17 17:06:05,858]  INFO - CarbonAuthenticationUtil 'tacc/jstubbs@carbon.super [-1234]' logged in at [2013-09-17 17:06:05,857-0500]
[2013-09-17 17:06:05,863] ERROR - Class Access Denied. Failed authorization attempt to access service 'UserAdmin' operation 'hasMultipleUserStores' by 'tacc/jstubbs'
[2013-09-17 17:06:05,863] ERROR - AxisEngine Access Denied.
org.apache.axis2.AxisFault: Access Denied.
    at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.doAuthorization(AuthorizationHandler.java:131)
    at org.wso2.carbon.server.admin.module.handler.AuthorizationHandler.invoke(AuthorizationHandler.java:95)
    at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
    at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
    at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
    at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
    at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
    at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
    at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:177)
    at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:161)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
    at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:679)
[2013-09-17 17:06:05,866] ERROR - APIStoreHostObject Error occurred while checking for multiple user stores
[2013-09-17 17:06:06,010]  WARN - CarbonAuthenticationUtil Failed Administrator login attempt 'tacc/jstubbs[-1234]' at [2013-09-17 17:06:06,009-0500]
[2013-09-17 17:06:06,013] ERROR - APIStoreHostObject Authentication failed. Invalid username or password.

Вот мой пользователь-mgt.xml:

  <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
    <Property name="ReadOnly">false</Property>
        <Property name="DomainName">public</Property>
        <Property name="MaxUserNameListLength">100</Property>
        <Property name="IsEmailUserName">false</Property>
        <Property name="DomainCalculation">default</Property>
        <Property name="PasswordDigest">SHA-256</Property>
        <Property name="StoreSaltedPassword">true</Property>
        <Property name="UserNameUniqueAcrossTenants">false</Property>
        <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
        <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
    <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
    <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
    <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
    <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
    <Property name="maxFailedLoginAttempt">0</Property>
    </UserStoreManager>

    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
        <Property name="ReadOnly">true</Property>
        <Property name="DomainName">tacc</Property>
    <Property name="MaxUserNameListLength">100</Property>
        <Property name="ConnectionURL">ldaps://auth01.tacc.utexas.edu:636</Property>
        <Property name="ConnectionName">uid=jstubbs,ou=People,dc=tacc,dc=utexas,dc=edu</Property>
        <Property name="ConnectionPassword">Cat on a hot 10 roof</Property>
    <Property name="passwordHashMethod">PLAIN_TEXT</Property>
        <Property name="UserSearchBase">dc=tacc,dc=utexas,dc=edu</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="UserNameAttribute">uid</Property>
        <Property name="ReadLDAPGroups">false</Property>
        <Property name="GroupSearchBase">ou=system</Property>
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
    <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
    <Property name="maxFailedLoginAttempt">0</Property> 
    </UserStoreManager>

Я могу войти в API Store с учетными записями из хранилища пользователей JDBC по умолчанию. Любые предложения будут ценны.

0

wso2 ldap external wso2-api-manager api-manager

Источник

user2789361 18 сен '13 в 15:04

1 ответ

Другие вопросы по тегам wso2 ldap external wso2-api-manager api-manager

user467122 26 ноя '13 в 22:48 2013-11-26 22:48 · Answer 1 · 2013-11-26 22:48

Проверьте последнюю версию API Manger 1.5.0. Я настроил, и он работает отлично, без каких-либо проблем.

1

Источник

user467122 26 ноя '13 в 22:48