Re: [Carbon-dev] identity with openldap problems

Tue, 03 Jan 2012 08:29:21 -0800 

Hi Hasini,

Here is my user-mgt.xml file

<UserManager>
    <Realm>
        <Configuration>
                <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>bcymet</UserName>
                     <Password>XXXXXX</Password>
                </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By
default users in thsi role sees the registry root -->
            <ReadOnly>true</ReadOnly>
            <MaxUserNameListLength>500</MaxUserNameListLength>
            <Property
name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property>
            <Property name="userName">wso2carbon</Property>
            <Property name="password">wso2carbon</Property>
            <Property name="driverName">org.h2.Driver</Property>
            <Property name="maxActive">50</Property>
            <Property name="maxWait">60000</Property>
            <Property name="minIdle">5</Property>
        </Configuration>

        <UserStoreManager
class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager">
            <Property name="ReadOnly">true</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="ConnectionURL">ldap://localhost:389</Property>
            <Property
name="ConnectionName">cn=admin,dc=TESTLDAP,dc=CBN</Property>
            <Property name="ConnectionPassword">******</Property>
            <Property
name="UserSearchBase">ou=people,dc=TESTLDAP,dc=CBN</Property>
            <Property
name="UserNameListFilter">(objectClass=inetOrgPerson)</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="ReadLDAPGroups">false</Property>
            <Property
name="GroupSearchBase">ou=groups,dc=TESTLDAP,dc=CBN</Property>
            <Property
name="GroupSearchFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="MembershipAttribute">member</Property>
        </UserStoreManager>

        <AuthorizationManager

class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        </AuthorizationManager>
    </Realm>
</UserManager>

I followed the directions for the read only setup at first.

I thought that the part in the file:

<AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>bcymet</UserName>
                     <Password>XXXXXX</Password>
                </AdminUser>

would give my user permissions that it needed.

I guess I am missing something else.


On 12-01-03 11:23 AM, Hasini Gunasinghe wrote:
> Hi Bram,
> 
> In order to login, you need to have login permission as well. (i.e only
> matching user name, password is not sufficient)
> 
> In the first time login, you should login as the admin user which you
> specify in the user-mgt.xml. Admin user can then create users, roles and
> assign users to roles and permissions to those roles.
> 
> So can you please make sure that you specify the admin user and admin
> role in user-mgt.xml correctly and also the admin user belongs to the
> admin role in the LDAP.
> Also, please make sure that you provided the correct value for the group
> search base property in user-mgt.xml
> 
> If you can attach the user-mgt.xml, we might be able to provide more
> insight.
> 
> Thanks,
> Hasini.
> 
> On Tue, Jan 3, 2012 at 8:45 PM, Bram Cymet <[email protected]
> <mailto:[email protected]>> wrote:
> 
>     Hi,
> 
>     I am attempting to setup a wso2 identity server using my existing
>     openldap instance as the userstore.
> 
>     I can see the server connecting to my ldap instance when I attempt to
>     log in so I know the ConnectionURL, Name, and Password are correct. I
>     can even see the server bind to my ldap instance successfully. However I
>     can not log into the identity web interface.
> 
>     In the logs all I get is:
> 
>     [2012-01-03 09:55:11,033]  WARN
>     {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  Failed
>     Administrator login attempt 'bcymet[0]' at [2012-01-03 09:55:11,0032]
>     from IP address 172.20.22.157
> 
>     Any idea what might be going on or how I can up the logging to get a
>     more detailed message?
> 
>     Thanks,
> 
>     --
>     Bram Cymet
>     Software Developer
>     Canadian Bank Note Co. Ltd.
>     613-608-9752
>     _______________________________________________
>     Carbon-dev mailing list
>     [email protected] <mailto:[email protected]>
>     http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> 
> 
> 
> 
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev


-- 
Bram Cymet
Software Developer
Canadian Bank Note Co. Ltd.
613-608-9752
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev

Reply via email to