On Tue, Jan 3, 2012 at 11:24 PM, Bram Cymet <[email protected]> wrote: > Ok i figured out my problem. > > I was missing the GroupNameListFilter property. Now I am able to log in. > > The next thing I would like to figure out is if I can use my existing > kerberos KDC for authentication?
Hi Bram, Can you elaborate your question bit further ? Are you trying authenticate users in WSO2 server using an external Kerberos KDC OR else are you trying to setup KDC server which comes with embedded LDAP for user authentication ? Thanks AmilaJ > > Thanks, > > Bram > > On 12-01-03 11:28 AM, Bram Cymet wrote: >> Hi Hasini, >> >> Here is my user-mgt.xml file >> >> <UserManager> >> <Realm> >> <Configuration> >> <AdminRole>admin</AdminRole> >> <AdminUser> >> <UserName>bcymet</UserName> >> <Password>XXXXXX</Password> >> </AdminUser> >> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By >> default users in thsi role sees the registry root --> >> <ReadOnly>true</ReadOnly> >> <MaxUserNameListLength>500</MaxUserNameListLength> >> <Property >> name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property> >> <Property name="userName">wso2carbon</Property> >> <Property name="password">wso2carbon</Property> >> <Property name="driverName">org.h2.Driver</Property> >> <Property name="maxActive">50</Property> >> <Property name="maxWait">60000</Property> >> <Property name="minIdle">5</Property> >> </Configuration> >> >> <UserStoreManager >> class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> >> <Property name="ReadOnly">true</Property> >> <Property name="MaxUserNameListLength">100</Property> >> <Property name="ConnectionURL">ldap://localhost:389</Property> >> <Property >> name="ConnectionName">cn=admin,dc=TESTLDAP,dc=CBN</Property> >> <Property name="ConnectionPassword">******</Property> >> <Property >> name="UserSearchBase">ou=people,dc=TESTLDAP,dc=CBN</Property> >> <Property >> name="UserNameListFilter">(objectClass=inetOrgPerson)</Property> >> <Property name="UserNameAttribute">uid</Property> >> <Property name="ReadLDAPGroups">false</Property> >> <Property >> name="GroupSearchBase">ou=groups,dc=TESTLDAP,dc=CBN</Property> >> <Property >> name="GroupSearchFilter">(objectClass=groupOfNames)</Property> >> <Property name="GroupNameAttribute">cn</Property> >> <Property name="MembershipAttribute">member</Property> >> </UserStoreManager> >> >> <AuthorizationManager >> >> class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> >> </AuthorizationManager> >> </Realm> >> </UserManager> >> >> I followed the directions for the read only setup at first. >> >> I thought that the part in the file: >> >> <AdminRole>admin</AdminRole> >> <AdminUser> >> <UserName>bcymet</UserName> >> <Password>XXXXXX</Password> >> </AdminUser> >> >> would give my user permissions that it needed. >> >> I guess I am missing something else. >> >> >> On 12-01-03 11:23 AM, Hasini Gunasinghe wrote: >>> Hi Bram, >>> >>> In order to login, you need to have login permission as well. (i.e only >>> matching user name, password is not sufficient) >>> >>> In the first time login, you should login as the admin user which you >>> specify in the user-mgt.xml. Admin user can then create users, roles and >>> assign users to roles and permissions to those roles. >>> >>> So can you please make sure that you specify the admin user and admin >>> role in user-mgt.xml correctly and also the admin user belongs to the >>> admin role in the LDAP. >>> Also, please make sure that you provided the correct value for the group >>> search base property in user-mgt.xml >>> >>> If you can attach the user-mgt.xml, we might be able to provide more >>> insight. >>> >>> Thanks, >>> Hasini. >>> >>> On Tue, Jan 3, 2012 at 8:45 PM, Bram Cymet <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Hi, >>> >>> I am attempting to setup a wso2 identity server using my existing >>> openldap instance as the userstore. >>> >>> I can see the server connecting to my ldap instance when I attempt to >>> log in so I know the ConnectionURL, Name, and Password are correct. I >>> can even see the server bind to my ldap instance successfully. However I >>> can not log into the identity web interface. >>> >>> In the logs all I get is: >>> >>> [2012-01-03 09:55:11,033] WARN >>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed >>> Administrator login attempt 'bcymet[0]' at [2012-01-03 09:55:11,0032] >>> from IP address 172.20.22.157 >>> >>> Any idea what might be going on or how I can up the logging to get a >>> more detailed message? >>> >>> Thanks, >>> >>> -- >>> Bram Cymet >>> Software Developer >>> Canadian Bank Note Co. Ltd. >>> 613-608-9752 >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] <mailto:[email protected]> >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Bram Cymet > Software Developer > Canadian Bank Note Co. Ltd. > 613-608-9752 > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Mobile : +94773330538 _______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
