Hi Damith, Attached here are the user-mgt.xml files of Greg and IS respectively.
Thanks, Chamalee On Mon, Nov 30, 2015 at 3:16 PM, Damith Senanayake <[email protected]> wrote: > Hi Chamalee, > > It could be that the password digest method is different when creating the > user and later when configuring the user store manager. Could you please > attach the user-mgt.xml? > > On Mon, Nov 30, 2015 at 1:40 PM, Chamalee De Silva <[email protected]> > wrote: > >> + Darshana, Damith >> >> On Mon, Nov 30, 2015 at 1:37 PM, Chamalee De Silva <[email protected]> >> wrote: >> >>> Hi devs, >>> >>> I have created a *read-write LDAP user store* as per [1] and there I >>> have used *admin, admin* as credentials. I could successfully create it >>> and start the server. >>> >>> Then I created a user with the following credentials. >>> >>> username : adminSOA >>> password : 123456 >>> role : admin (default admin role) >>> >>> Then I followed [2] and configured a read-only (not read-write) external >>> user store in Greg 5.1.0 >>> >>> Given the user credentials as per the created user as above. >>> >>> >>> The configuration is as follows in user-mgt.xml in Greg. >>> >>> *<Configuration>* >>> * <AddAdmin>true</AddAdmin>* >>> * <AdminRole>admin</AdminRole>* >>> * <AdminUser>* >>> * <UserName>adminSOA</UserName>* >>> * <Password>123456</Password>* >>> * </AdminUser>* >>> * <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By >>> default users in this role sees the registry root -->* >>> * <Property name="dataSource">jdbc/WSO2USER_DB</Property>* >>> * </Configuration>* >>> >>> *-----------------------------* >>> >>> * <Property name="ConnectionName">uid=adminSOA,ou=system</Property> >>> <Property name="ConnectionPassword">123456</Property> * >>> >>> But when I start Greg it gives the following error. >>> >>> [2015-11-30 13:13:36,823] ERROR >>> {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error obtaining >>> connection. [LDAP: error code 49 - cannot bind the principalDn.] >>> javax.naming.AuthenticationException: [LDAP: error code 49 - cannot bind >>> the principalDn.] >>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) >>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) >>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) >>> at >>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) >>> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) >>> at javax.naming.InitialContext.init(InitialContext.java:242) >>> at javax.naming.InitialContext.<init>(InitialContext.java:216) >>> at >>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:167) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:156) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:100) >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:336) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:203) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:108) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109) >>> at >>> org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68) >>> at >>> org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) >>> at >>> org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390) >>> at >>> org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) >>> [2015-11-30 13:13:36,827] ERROR >>> {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Trying again to >>> get connection. >>> [2015-11-30 13:13:36,829] ERROR >>> {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} - Error obtaining >>> connection for the second time[LDAP: error code 49 - cannot bind the >>> principalDn.] >>> javax.naming.AuthenticationException: [LDAP: error code 49 - cannot bind >>> the principalDn.] >>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) >>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) >>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) >>> at >>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) >>> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) >>> at javax.naming.InitialContext.init(InitialContext.java:242) >>> at javax.naming.InitialContext.<init>(InitialContext.java:216) >>> at >>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:167) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:156) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:100) >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:336) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:203) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:108) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109) >>> at >>> org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68) >>> at >>> org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) >>> at >>> org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390) >>> at >>> org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) >>> [2015-11-30 13:13:36,831] ERROR >>> {org.wso2.carbon.user.core.common.DefaultRealm} - nullType class >>> java.lang.reflect.InvocationTargetException >>> org.wso2.carbon.user.core.UserStoreException: nullType class >>> java.lang.reflect.InvocationTargetException >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:382) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:203) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:108) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109) >>> at >>> org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68) >>> at >>> org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) >>> at >>> org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390) >>> at >>> org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) >>> Caused by: java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:336) >>> ... 22 more >>> Caused by: org.wso2.carbon.user.core.UserStoreException: Cannot create >>> connection to LDAP server. Error message Error obtaining connection. [LDAP: >>> error code 49 - cannot bind the principalDn.] >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:166) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:100) >>> ... 27 more >>> Caused by: org.wso2.carbon.user.core.UserStoreException: Error obtaining >>> connection. [LDAP: error code 49 - cannot bind the principalDn.] >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:177) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:156) >>> ... 28 more >>> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - >>> cannot bind the principalDn.] >>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) >>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) >>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) >>> at >>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) >>> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) >>> at javax.naming.InitialContext.init(InitialContext.java:242) >>> at javax.naming.InitialContext.<init>(InitialContext.java:216) >>> at >>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:167) >>> ... 29 more >>> [2015-11-30 13:13:36,834] ERROR >>> {org.wso2.carbon.user.core.internal.Activator} - Cannot start User Manager >>> Core bundle >>> org.wso2.carbon.user.core.UserStoreException: Cannot initialize the >>> realm. >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:240) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109) >>> at >>> org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68) >>> at >>> org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) >>> at java.security.AccessController.doPrivileged(Native Method) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) >>> at >>> org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) >>> at >>> org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390) >>> at >>> org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) >>> at >>> org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) >>> at >>> org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) >>> Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class >>> java.lang.reflect.InvocationTargetException >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:303) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:108) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230) >>> ... 19 more >>> Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class >>> java.lang.reflect.InvocationTargetException >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:382) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:203) >>> ... 21 more >>> Caused by: java.lang.reflect.InvocationTargetException >>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >>> at >>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) >>> at >>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) >>> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) >>> at >>> org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:336) >>> ... 22 more >>> Caused by: org.wso2.carbon.user.core.UserStoreException: Cannot create >>> connection to LDAP server. Error message Error obtaining connection. [LDAP: >>> error code 49 - cannot bind the principalDn.] >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:166) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:100) >>> ... 27 more >>> Caused by: org.wso2.carbon.user.core.UserStoreException: Error obtaining >>> connection. [LDAP: error code 49 - cannot bind the principalDn.] >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:177) >>> at >>> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:156) >>> ... 28 more >>> Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - >>> cannot bind the principalDn.] >>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) >>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) >>> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) >>> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) >>> at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) >>> at >>> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) >>> at >>> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) >>> at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) >>> at javax.naming.InitialContext.init(InitialContext.java:242) >>> at javax.naming.InitialContext.<init>(InitialContext.java:216) >>> at >>> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) >>> at >>> org.wso2.carbon.user.core.ldap.LDAPConnectionContext.getContext(LDAPConnectionContext.java:167) >>> ... 29 more >>> >>> When I configure the read-only LDAP with *admin, admin* credentials I >>> can start the server without errors. >>> >>> Note : In this setup I have configured a MySQL user db for Greg in >>> user-mgt.xml as *WSO2USER_DB* and in IS it is default *WSO2CarbonDB*. >>> >>> Can anyone explain this situation and point me out what is the correct >>> step to be taken for this ? >>> >>> >>> [1] >>> https://docs.wso2.com/display/IS500/Configuring+a+Read-write+LDAP+User+Store >>> [2] >>> https://docs.wso2.com/display/Governance450/Configuring+an+External+LDAP+User+Store >>> >>> -- >>> Thanks & Regards, >>> >>> *Chamalee De Silva* >>> Software Engineer >>> *WS**O2* Inc. .:http://wso2.com >>> >>> Office :- *+94 11 2145345 <%2B94%2011%202145345>* >>> mobile :- *+94 7 <%2B94%2077%202782039>1 4315942* >>> >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Chamalee De Silva* >> Software Engineer >> *WS**O2* Inc. .:http://wso2.com >> >> Office :- *+94 11 2145345 <%2B94%2011%202145345>* >> mobile :- *+94 7 <%2B94%2077%202782039>1 4315942* >> >> >> > > > -- > > > *-Damith Senanayake-*+94712205272 > -- Thanks & Regards, *Chamalee De Silva* Software Engineer *WS**O2* Inc. .:http://wso2.com Office :- *+94 11 2145345 <%2B94%2011%202145345>* mobile :- *+94 7 <%2B94%2077%202782039>1 4315942*
<!-- ~ Copyright WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <UserManager> <Realm> <Configuration> <AddAdmin>true</AddAdmin> <AdminRole>admin</AdminRole> <AdminUser> <UserName>adminSOA</UserName> <Password>123456</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <Property name="dataSource">jdbc/WSO2USER_DB</Property> </Configuration> <!-- Following is the default user store manager. This user store manager is based on embedded-apacheds LDAP. It reads/writes users and roles into the default apacheds LDAP user store. Descriptions about each of the following properties can be found in user management documentation of the respective product. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="LDAPConnectionTimeout">5000</Property> <Property name="Disabled">false</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">wso2Person</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> <Property name="ConnectionPoolingEnabled">false</Property> <Property name="MultiAttributeSeparator">,</Property> </UserStoreManager--> <!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC. In case if application needs to manage passwords externally set property <Property name="PasswordsExternallyManaged">true</Property>. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>. Furthermore properties, IsEmailUserName and DomainCalculation are readonly properties. Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <!--UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SharedGroupEnabled">false</Property> <Property name="SCIMEnabled">false</Property> <Property name="CaseInsensitiveUsername">true</Property> <Property name="MultiAttributeSeparator">,</Property> </UserStoreManager--> <!-- If product is using an external LDAP as the user store in READ ONLY mode, use following user manager. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ReadOnly">true</Property> <Property name="Disabled">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://localhost:10392</Property> <Property name="ConnectionName">uid=adminSOA,ou=system</Property> <Property name="ConnectionPassword">123456</Property> <Property name="LDAPConnectionTimeout">5000</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadGroups">true</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> <Property name="ConnectionPoolingEnabled">false</Property> <Property name="MultiAttributeSeparator">,</Property> </UserStoreManager> <!-- Active directory configuration is as follows. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> There are few special properties for "Active Directory". They are : 1.Referral - (comment out this property if this feature is not reuired) This enables LDAP referral support. 2.BackLinksEnabled - (Do not comment, set to true or false) In some cases LDAP works with BackLinksEnabled. In which role is stored at user level. Depending on this value we need to change the Search Base within code. 3.isADLDSRole - (Do not comment) Set to true if connecting to an AD LDS instance else set to false. --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="Disabled">false</Property> <Property name="kdcEnabled">false</Property> <Property name="ConnectionURL">ldaps://10.100.1.100:636</Property> <Property name="ConnectionName">CN=admin,CN=Users,DC=WSO2,DC=Com</Property> <Property name="ConnectionPassword">A1b2c3d4</Property> <Property name="LDAPConnectionTimeout">5000</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserSearchBase">CN=Users,DC=WSO2,DC=Com</Property> <Property name="UserEntryObjectClass">user</Property> <Property name="UserNameAttribute">cn</Property> <Property name="isADLDSRole">false</Property> <Property name="userAccountControl">512</Property> <Property name="UserNameListFilter">(objectClass=user)</Property> <Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property> <Property name="GroupEntryObjectClass">group</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groups</Property> <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="GroupNameListFilter">(objectcategory=group)</Property> <Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="Referral">follow</Property> <Property name="BackLinksEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> <Property name="ConnectionPoolingEnabled">false</Property> <Property name="MultiAttributeSeparator">,</Property> </UserStoreManager--> <!-- If product is using an external LDAP as the user store in read/write mode, use following user manager In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ConnectionURL">ldap://localhost:10389</Property> <Property name="Disabled">false</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">secret</Property> <Property name="LDAPConnectionTimeout">5000</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">inetOrgPerson</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">false</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> <Property name="ConnectionPoolingEnabled">false</Property> <Property name="MultiAttributeSeparator">,</Property> </UserStoreManager--> <!-- Following user manager is used by Identity Server (IS) as its default user manager. IS will do token replacement when building the product. Therefore do not change the syntax. If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and service password formats. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <!--ISUserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="kdcEnabled">false</Property> <Property name="Disabled">false</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="LDAPConnectionTimeout">5000</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">identityPerson</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property> <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property> <Property name="SCIMEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionPoolingEnabled">false</Property> <Property name="MultiAttributeSeparator">,</Property> </ISUserStoreManager--> <!-- Following configuration is for the CassandraUserStoreManager. The CassandraUserStoreManager is capable of using a Cassandra database as a user store. This user manager supports multiple credentials for authentication. Credential types can be defined and configured in the following configuration. The CassandraUserStoreManager does not ships with the any of the WSO2 Carbon Servers by default, therefor Cassandra user manager component needs to be installed to the Carbon Server befor using. And if this CassandraUserStoreManager is used as the primary user store with multi tenants, it should also implement a compatible TenantManager and set property <Property name="TenantManager">FULL_QUALIFIED_TENANT_MANAGER_CLASS_NAME</Property>. --> <!--UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager"> <Property name="Keyspace">User_KS3</Property> <Property name="Host">localhost</Property> <Property name="Port">9160</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="AuthenticateWithAnyCredential">true</Property> <Property name="DomainName">multipleCredentialUserStoreDomain</Property> <MultipleCredentials> <Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential> <Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential> <Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential> <Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential> <Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential> </MultipleCredentials> </UserStoreManager--> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> <Property name="AdminRoleManagementPermissions">/permission</Property> <Property name="AuthorizationCacheEnabled">true</Property> <!--Property name="GetAllRolesOfUserEnabled">true</Property--> </AuthorizationManager> </Realm> </UserManager> <!--*******Description of some of the configuration properties used in user-mgt.xml********************************* DomainName - This property must be used by all secondary user store managers in multiple user store configuration. DomainName is a unique identifier given to the user store. Users must provide both the domain name and username at log-in as "DomainName\Username" UserRolesCacheEnabled - This is to indicate whether to cache role list of a user. By default it is set to true. You may need to disable it if user-roles are changed by external means and need to reflect those changes in the carbon product immediately. ReplaceEscapeCharactersAtUserLogin - This is to configure whether escape characters in user name needs to be replaced at user login. Currently the identified escape characters that needs to be replaced are '\' & '\\' UserDNPattern - This property will be used when authenticating users. During authentication we do a bind. But if the user is login with email address or some other property we need to first lookup LDAP and retreive DN for the user. This involves an additional step. If UserDNPattern is specified the DN will be contructed using the pattern specified in this property. Performance of this is much better than looking up DN and binding user. RoleDNPattern - This property will be used when checking whether user has been assigned to a given role. Rather than searching the role in search base, by using this property direct search can be done. passwordHashMethod - This says how the password should be stored. Allowed values are as follows, SHA - Uses SHA digest method MD5 - Uses MD 5 digest method PLAIN_TEXT - Plain text passwords In addition to above this supports all digest methods supported by http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html. DisplayNameAttribute - this is to have a dedicated LDAP attribute to display an entity(User/Role) in UI, in addition to the UserNameAttribute which is used for IS-UserStore interactions. -->
<!-- ~ Copyright WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <UserManager> <Realm> <Configuration> <AddAdmin>true</AddAdmin> <AdminRole>admin</AdminRole> <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <Property name="dataSource">jdbc/WSO2CarbonDB</Property> </Configuration> <!-- Following is the default user store manager. This user store manager is based on embedded-apacheds LDAP. It reads/writes users and roles into the default apacheds LDAP user store. Descriptions about each of the following properties can be found in user management documentation of the respective product. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="Disabled">false</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">wso2Person</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager--> <!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC. In case if application needs to manage passwords externally set property <Property name="PasswordsExternallyManaged">true</Property>. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>. Furthermore properties, IsEmailUserName and DomainCalculation are readonly properties. Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <!--UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SharedGroupEnabled">false</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager--> <!-- If product is using an external LDAP as the user store in READ ONLY mode, use following user manager. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ReadOnly">true</Property> <Property name="Disabled">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://localhost:10389</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadGroups">true</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager--> <!-- Active directory configuration is as follows. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> There are few special properties for "Active Directory". They are : 1.Referral - (comment out this property if this feature is not reuired) This enables LDAP referral support. 2.BackLinksEnabled - (Do not comment, set to true or false) In some cases LDAP works with BackLinksEnabled. In which role is stored at user level. Depending on this value we need to change the Search Base within code. 3.isADLDSRole - (Do not comment) Set to true if connecting to an AD LDS instance else set to false. --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="Disabled">false</Property> <Property name="kdcEnabled">false</Property> <Property name="ConnectionURL">ldaps://10.100.1.100:636</Property> <Property name="ConnectionName">CN=admin,CN=Users,DC=WSO2,DC=Com</Property> <Property name="ConnectionPassword">A1b2c3d4</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserSearchBase">CN=Users,DC=WSO2,DC=Com</Property> <Property name="UserEntryObjectClass">user</Property> <Property name="UserNameAttribute">cn</Property> <Property name="isADLDSRole">false</Property> <Property name="userAccountControl">512</Property> <Property name="UserNameListFilter">(objectClass=user)</Property> <Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property> <Property name="GroupEntryObjectClass">group</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groups</Property> <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="GroupNameListFilter">(objectcategory=group)</Property> <Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="Referral">follow</Property> <Property name="BackLinksEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager--> <!-- If product is using an external LDAP as the user store in read/write mode, use following user manager In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="ConnectionURL">ldap://localhost:10389</Property> <Property name="Disabled">false</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">secret</Property> <Property name="passwordHashMethod">PLAIN_TEXT</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">inetOrgPerson</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">false</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="SCIMEnabled">false</Property> </UserStoreManager--> <!-- Following user manager is used by Identity Server (IS) as its default user manager. IS will do token replacement when building the product. Therefore do not change the syntax. If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and service password formats. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property> --> <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"> <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="kdcEnabled">false</Property> <Property name="Disabled">false</Property> <Property name="ConnectionURL">ldap://localhost:10392</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">identityPerson</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property> <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> <Property name="ReadGroups">true</Property> <Property name="WriteGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="SharedGroupNameAttribute">cn</Property> <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> <Property name="SharedGroupEntryObjectClass">groupOfNames</Property> <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property> <Property name="SharedTenantNameAttribute">ou</Property> <Property name="SharedTenantObjectClass">organizationalUnit</Property> <Property name="MembershipAttribute">member</Property> <Property name="UserRolesCacheEnabled">true</Property> <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property> <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property> <Property name="SCIMEnabled">true</Property> <Property name="MaxRoleNameListLength">100</Property> <Property name="MaxUserNameListLength">100</Property> </UserStoreManager> <!-- Following configuration is for the CassandraUserStoreManager. The CassandraUserStoreManager is capable of using a Cassandra database as a user store. This user manager supports multiple credentials for authentication. Credential types can be defined and configured in the following configuration. The CassandraUserStoreManager does not ships with the any of the WSO2 Carbon Servers by default, therefor Cassandra user manager component needs to be installed to the Carbon Server befor using. And if this CassandraUserStoreManager is used as the primary user store with multi tenants, it should also implement a compatible TenantManager and set property <Property name="TenantManager">FULL_QUALIFIED_TENANT_MANAGER_CLASS_NAME</Property>. --> <!--UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager"> <Property name="Keyspace">User_KS3</Property> <Property name="Host">localhost</Property> <Property name="Port">9160</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="AuthenticateWithAnyCredential">true</Property> <Property name="DomainName">multipleCredentialUserStoreDomain</Property> <MultipleCredentials> <Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential> <Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential> <Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential> <Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential> <Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential> </MultipleCredentials> </UserStoreManager--> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> <Property name="AdminRoleManagementPermissions">/permission</Property> <Property name="AuthorizationCacheEnabled">true</Property> </AuthorizationManager> </Realm> </UserManager> <!--*******Description of some of the configuration properties used in user-mgt.xml********************************* DomainName - This property must be used by all secondary user store managers in multiple user store configuration. DomainName is a unique identifier given to the user store. Users must provide both the domain name and username at log-in as "DomainName\Username" UserRolesCacheEnabled - This is to indicate whether to cache role list of a user. By default it is set to true. You may need to disable it if user-roles are changed by external means and need to reflect those changes in the carbon product immediately. ReplaceEscapeCharactersAtUserLogin - This is to configure whether escape characters in user name needs to be replaced at user login. Currently the identified escape characters that needs to be replaced are '\' & '\\' UserDNPattern - This property will be used when authenticating users. During authentication we do a bind. But if the user is login with email address or some other property we need to first lookup LDAP and retreive DN for the user. This involves an additional step. If UserDNPattern is specified the DN will be contructed using the pattern specified in this property. Performance of this is much better than looking up DN and binding user. RoleDNPattern - This property will be used when checking whether user has been assigned to a given role. Rather than searching the role in search base, by using this property direct search can be done. passwordHashMethod - This says how the password should be stored. Allowed values are as follows, SHA - Uses SHA digest method MD5 - Uses MD 5 digest method PLAIN_TEXT - Plain text passwords In addition to above this supports all digest methods supported by http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html. DisplayNameAttribute - this is to have a dedicated LDAP attribute to display an entity(User/Role) in UI, in addition to the UserNameAttribute which is used for IS-UserStore interactions. -->
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
