Hi Shani & Godwin, It works now .. J . problem was in different user attributes as shani said. Changed them and now its working good(but still get some more time to login..). Thank you shani and godwin for your instant support.
Regards, Akila From: Shani Ranasinghe [mailto:[email protected]] Sent: 31 October 2014 6:13 PM To: Akila Nimantha [IT/EKO/LOITS] Cc: Dinesh J Weerakkody; Godwin Amila Shrimal; [email protected] Subject: Re: [Dev] integrating IS 5.0 with Active Directory Hi Akila, While going through your configuration, I just noticed that the two properties "UserNameAttribute" and "UserNameSearchFilter" are refering to two different user attributes. Is it done intentionally? Ideally they should refer to the same attribute, for e.g. cn or uid or any attribute that is uniquely identifiable. It is also mentioned in the https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store documentation, point number 3. You can also refer to this http://venurakahawala.blogspot.com/2013/10/usernameattribute-and.html blog for more information. On Fri, Oct 31, 2014 at 4:57 PM, Akila Nimantha [IT/EKO/LOITS] <[email protected]<mailto:[email protected]>> wrote: Hi Dinesh, I have Tried in the local machine where connection can be established to LOLC.COM<http://LOLC.COM> . now it says about invalid username password(because of null username).. Please check the log file attached. Regards, Akila From: Dinesh J Weerakkody [mailto:[email protected]<mailto:[email protected]>] Sent: 31 October 2014 12:55 PM To: Akila Nimantha [IT/EKO/LOITS] Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] integrating IS 5.0 with Active Directory Hi Akila, There is connection issue to your LDAP server (LOLC.COM:389<http://LOLC.COM:389>). Just check whether the connection can be established from the IS server to LDAP using another way (ping or tracert). What I guess is that server cannot find the path to LOLC.COM<http://LOLC.COM>. If you can ping, just give a try using server IP instead of server name. Thanks, On Fri, Oct 31, 2014 at 11:02 AM, Akila Nimantha [IT/EKO/LOITS] <[email protected]<mailto:[email protected]>> wrote: Hi Godwin, Enabled the debug mode and still same here. Please check the attachment for the new log file. Regards, Akila From: Godwin Amila Shrimal [mailto:[email protected]<mailto:[email protected]>] Sent: 29 October 2014 5:59 PM To: Akila Nimantha [IT/EKO/LOITS] Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] integrating IS 5.0 with Active Directory Hi Akila, Can you enable debug mode in Identity Server and recreate the issue and send back the log file. Please see below link for enabling debug. http://soasecurity.org/2014/02/26/how-to-wso2is-troubleshooting-wso2-identity-server-1/ On Wed, Oct 29, 2014 at 5:44 PM, Akila Nimantha [IT/EKO/LOITS] <[email protected]<mailto:[email protected]>> wrote: Hi Godwin, Please check for the attached log file. Regards, Akila From: Godwin Amila Shrimal [mailto:[email protected]<mailto:[email protected]>] Sent: 29 October 2014 5:26 PM To: Akila Nimantha [IT/EKO/LOITS] Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] integrating IS 5.0 with Active Directory Hi Akila, What is there error you are getting when trying to login ? can you send the identity server log ? Thanks Godwin On Wed, Oct 29, 2014 at 5:04 PM, Akila Nimantha [IT/EKO/LOITS] <[email protected]<mailto:[email protected]>> wrote: Hi all, I have a question regarding integrating IS 5.0 with Active Directory.I've setup where i can see all of the AD users and group in IS but I cant login to IS with any of the AD credentials. Also i've registered the travelocity.com<http://travelocity.com> webapp but unable to login through the app WSO2 IS configuration <Configuration> <AddAdmin>false</AddAdmin> <AdminRole>admin</AdminRole> <AdminUser> <UserName>FusionUsr</UserName> <Password>Fu$@1234</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <Property name="dataSource">jdbc/WSO2CarbonDB</Property> </Configuration> <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="defaultRealmName">LOLC.com</Property> <Property name="Disabled">false</Property> <Property name="kdcEnabled">false</Property> <Property name="ConnectionURL">ldap://lolcpdc.lolc.com:389<http://lolcpdc.lolc.com:389></Property> <Property name="ConnectionName">CN=FusionUsr,OU=IT Service Accounts,DC=LOLC,DC=com</Property> <Property name="ConnectionPassword">Fu$@1234</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserSearchBase">DC=LOLC,DC=com</Property> <Property name="UserEntryObjectClass">user</Property> <Property name="UserNameAttribute">sAMAccountName</Property> <Property name="isADLDSRole">false</Property> <Property name="userAccountControl">512</Property> <Property name="UserNameListFilter">(objectClass=user)</Property> <Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">DC=LOLC,DC=com</Property> <Property name="GroupEntryObjectClass">group</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groups</Property> <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="GroupNameListFilter">(objectcategory=group)</Property> <Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="Referral">follow</Property> <Property name="BackLinksEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager> Regards, Akila This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Godwin Amila Shrimal Senior Software Engineer WSO2 Inc.; http://wso2.com<http://wso2.com/> lean.enterprise.middleware mobile: +94772264165<tel:%2B94772264165> linkedin: http://lnkd.in/KUum6D twitter: https://twitter.com/godwinamila This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. -- Godwin Amila Shrimal Senior Software Engineer WSO2 Inc.; http://wso2.com<http://wso2.com/> lean.enterprise.middleware mobile: +94772264165<tel:%2B94772264165> linkedin: http://lnkd.in/KUum6D twitter: https://twitter.com/godwinamila This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Dinesh J. Weerakkody Software Engineer WSO2 Inc. lean | enterprise | middleware M : +94 727 361788<tel:%2B94%20727%20361788> | E : [email protected]<mailto:[email protected]> | W : www.wso2.com<http://www.wso2.com> This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev -- Thanks and Regards, Shani Ranasinghe Software Engineer WSO2 Inc.; http://wso2.com<http://wso2.com/> lean.enterprise.middleware mobile: +94 77 2273555 linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab<http://lk.linkedin.com/pub/shani-ranasinghe/34/111/ab> This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
