Hi Maduranga,
Yes, I have created a role with admin permission in R/W user store and
assigned to relevant user (here role name: rolekavirw ; user name:
userkavirw2). check the debug log[1]
[1]
[2015-10-14 12:33:08,494] DEBUG
{org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - SELECT * FROM
UM_USER WHERE UM_USER_NAME=? AND UM_TENANT_ID=?
[2015-10-14 12:33:08,501] DEBUG
{org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - User userkavirw2
login attempt. Login success :: false
[2015-10-14 12:33:08,501] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
Authenticating user userkavirw2
[2015-10-14 12:33:08,501] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace
escape characters configured to: true
[2015-10-14 12:33:08,514] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Searching
for user with SearchFilter: (&(objectClass=person)(uid=userkavirw2)) in
SearchBase:
[2015-10-14 12:33:08,514] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Replace
escape characters configured to: true
[2015-10-14 12:33:12,270] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Name in
space for userkavirw2 is
uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
[2015-10-14 12:33:12,271] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
Authenticating with
uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
[2015-10-14 12:33:12,302] DEBUG
{org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
uid=userkavirw2,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
authnticated: true
[2015-10-14 12:33:12,303] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
Authorization cache miss for username : roldap.com/userkavirw2 resource
/permission/admin/login action : ui.execute
[2015-10-14 12:33:12,303] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
Allowed roles for the ResourceID: /permission/admin/login Action:
ui.execute
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
apach.com/role_kavi
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
admin
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
rw2/rolekavirw3
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
rwldap.com/chalitharole
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
rwldap.com/rolekavirw
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - role:
secondrole1
[2015-10-14 12:33:12,304] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Roles
which have permission for resource : /permission/admin/login action :
ui.execute
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: apach.com/role_kavi
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: admin
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: rw2/rolekavirw3
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: rwldap.com/chalitharole
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: rwldap.com/rolekavirw
[2015-10-14 12:33:12,305] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} - Role
: secondrole1
[2015-10-14 12:33:12,306] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : apach.com/role_kavi
[2015-10-14 12:33:12,306] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : admin
[2015-10-14 12:33:12,307] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : rw2/rolekavirw3
[2015-10-14 12:33:12,307] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : rwldap.com/chalitharole
[2015-10-14 12:33:12,307] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : rwldap.com/rolekavirw
[2015-10-14 12:33:12,308] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
ROLDAP.COM/userkavirw2 user is not in role : secondrole1
[2015-10-14 12:33:12,308] DEBUG
{org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
roldap.com/userkavirw2 user is not Authorized to perform ui.execute on
/permission/admin/login
[2015-10-14 12:33:12,308] WARN
{org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
Administrator login attempt 'ROLDAP.COM/userkavirw2[-1234]' at [2015-10-14
12:33:12,308+0530]
Thanks & Kind regards,
On Wed, Oct 14, 2015 at 11:55 AM, Maduranga Siriwardena <[email protected]>
wrote:
> Hi Kavitha,
>
> Have you assigned login permission to the user?
>
> Thanks,
> Maduranga.
>
> On Wed, Oct 14, 2015 at 10:09 AM, Kavitha Subramaniyam <[email protected]>
> wrote:
>
>> Hi IS team,
>>
>> I have configured both R/W and Read only LDAP secondary user store
>> manager by using same ldap connection and I could not be able to login via
>> user created under RW ldap user store. But note that I could view the same
>> user under both secondary store's domain (Users & Roles -> List -> select
>> each domain and search).
>>
>> I want to check with you whether the above behavior is expected or not,
>> please clarify..
>>
>> Steps followed:
>> - Configure R/W secondary user store - ReadWriteLDAPUserStoreManager -
>> using open ldap connectoin 1
>> - Configure Read only secondary user store - ReadOnlyLDAPUserStoreManager
>> - using open ldap connectoin 1
>> - Create a user1 under R/W ldap domain
>> - Login by user1
>>
>> When try to login without domain, log shows as below:
>>
>> ----------------------------------------------------------------------------
>> [2015-10-13 16:32:55,232] DEBUG
>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - SELECT * FROM
>> UM_USER WHERE UM_USER_NAME=? AND UM_TENANT_ID=?
>> [2015-10-13 16:32:55,241] DEBUG
>> {org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager} - User userkavirw3
>> login attempt. Login success :: false
>> [2015-10-13 16:32:55,241] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>> Authenticating user userkavirw3
>> [2015-10-13 16:32:55,241] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache hit.
>> Using DN uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>> [2015-10-13 16:32:55,252] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>> authnticated: true
>> [2015-10-13 16:32:55,253] DEBUG
>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>> Authorization cache hit. roldap.com/userkavirw3 user is not Authorized
>> to perform ui.execute on /permission/admin/login
>> [2015-10-13 16:32:55,253] WARN
>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
>> Administrator login attempt 'ROLDAP.COM/userkavirw3[-1234]
>> <http://ROLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>> 16:32:55,253+0530]
>>
>>
>> When try to login with domain, log shows as below:
>>
>> ---------------------------------------------------------------------------
>> [2015-10-13 16:33:14,424] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} -
>> Authenticating user userkavirw3
>> [2015-10-13 16:33:14,425] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - Cache hit.
>> Using DN uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl
>> [2015-10-13 16:33:14,458] DEBUG
>> {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - User:
>> uid=userkavirw3,ou=People,ou=WSO2,o=Opensource,dc=ITIndustry,dc=sl is
>> authnticated: true
>> [2015-10-13 16:33:14,463] DEBUG
>> {org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager} -
>> Authorization cache hit. rwldap.com/userkavirw3 user is not Authorized
>> to perform ui.execute on /permission/admin/login
>> [2015-10-13 16:33:14,463] WARN
>> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed
>> Administrator login attempt 'RWLDAP.COM/userkavirw3[-1234]
>> <http://RWLDAP.COM/userkavirw3%5B-1234%5D>' at [2015-10-13
>> 16:33:14,463+0530]
>>
>>
>> Thanks & Kind regards,
>> --
>> Kavitha.S
>> *Software Engineer -QA*
>> Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
>> [email protected] <[email protected]>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Maduranga Siriwardena
> Software Engineer
> WSO2 Inc.
>
> email: [email protected]
> mobile: +94718990591
>
--
Kavitha.S
*Software Engineer -QA*
Mobile : +94 (0) 771538811 <%2B94%20%280%29%20773%20451194>
[email protected] <[email protected]>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
