Hi,
I connected an ESB instance to an Active Directory instance, created a
tenant but the tenant login fails. Below are the steps that I followed.
1. Configured user-mgt.xml with relevant information
<UserManager>
<Realm>
<Configuration>
<AdminRole>administrator123</AdminRole>
<AdminUser>
<UserName>admin123</UserName>
<Password>administrator123@</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<Property name="dataSource">jdbc/WSO2UserStoreDB</Property>
<Property
name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
:
:
:
<UserStoreManager
class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="defaultRealmName">wso2.test</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldaps://11.111.1.111:636
</Property>
<Property
name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
<Property name="ConnectionPassword">pass#word1</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property
name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property
name="UserNameListFilter">(objectClass=person)</Property>
<Property
name="UserNameSearchFilter">(&(objectClass=person)(cn=?))</Property>
<Property
name="UsernameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property>
<Property
name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property
name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
<Property
name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
<Property
name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="WriteLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property
name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property
name="GroupNameListFilter">(objectcategory=group)</Property>
<Property
name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
2. Then I added a tenant-mgt.xml with the below configuration
<!--If the product is using LDAP user store in MT mode, use following
tenant manager.-->
<TenantManager
class="org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager">
<Property name="RootPartition">dc=wso2,dc=test</Property>
<Property name="OrganizationalObjectClass">organizationalUnit</Property>
<Property name="OrganizationalAttribute">ou</Property>
<Property
name="OrganizationalSubContextObjectClass">organizationalUnit</Property>
<Property name="OrganizationalSubContextAttribute">ou</Property>
</TenantManager>
3. Started the server and created a tenant, logged in as the administrator
and it was successful
4. Then tried to login from that tenant and it fails. See below logs.
[2013-06-27 18:24:58,979] DEBUG - ReadOnlyLDAPUserStoreManager Searching
for (&(objectClass=person)(cn=evan))
[2013-06-27 18:24:59,213] DEBUG - DatabaseUtil Total Number of Connections
Created : 30
[2013-06-27 18:24:59,214] DEBUG - DatabaseUtil Total Number of Connections
Closed : 161
[2013-06-27 18:24:59,636] DEBUG - ReadOnlyLDAPUserStoreManager
Authentication failed [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C0903AA, comment: AcceptSecurityContext error, data 533, v1771]
[2013-06-27 18:24:59,636] DEBUG - AbstractUserStoreManager Authentication
failure. Wrong username or password is provided.
[2013-06-27 18:24:59,637] WARN - CarbonAuthenticationUtil Failed
Administrator login attempt '*evan[5]*' at [2013-06-27 18:24:59,637+0530]
from IP address 192.168.4.52
[2013-06-27 18:24:59,638] WARN - AuthenticationHandler Illegal access
attempt at [2013-06-27 18:24:59,0638] from IP address 192.168.4.50 while
trying to authenticate access to service LoggedUserInfoAdmin
[2013-06-27 18:24:59,639] ERROR - AUDIT_LOG Illegal access attempt at
[2013-06-27 18:24:59,0638] from IP address 192.168.4.50 while trying to
authenticate access to service LoggedUserInfoAdmin
Notice whats marked in red above. My tenant name is - [email protected]. But
seems it's dropping the part @shiro.com while trying to login. Is this a
configuration issue? Are there any additional configuration that we need to
do, to sort this issue? If so, do we have any documentation on this?
Regards,
Evanthika
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
