Ok i figured out my problem. I was missing the GroupNameListFilter property. Now I am able to log in.
The next thing I would like to figure out is if I can use my existing kerberos KDC for authentication? Thanks, Bram On 12-01-03 11:28 AM, Bram Cymet wrote: > Hi Hasini, > > Here is my user-mgt.xml file > > <UserManager> > <Realm> > <Configuration> > <AdminRole>admin</AdminRole> > <AdminUser> > <UserName>bcymet</UserName> > <Password>XXXXXX</Password> > </AdminUser> > <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By > default users in thsi role sees the registry root --> > <ReadOnly>true</ReadOnly> > <MaxUserNameListLength>500</MaxUserNameListLength> > <Property > name="url">jdbc:h2:repository/database/WSO2CARBON_DB</Property> > <Property name="userName">wso2carbon</Property> > <Property name="password">wso2carbon</Property> > <Property name="driverName">org.h2.Driver</Property> > <Property name="maxActive">50</Property> > <Property name="maxWait">60000</Property> > <Property name="minIdle">5</Property> > </Configuration> > > <UserStoreManager > class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> > <Property name="ReadOnly">true</Property> > <Property name="MaxUserNameListLength">100</Property> > <Property name="ConnectionURL">ldap://localhost:389</Property> > <Property > name="ConnectionName">cn=admin,dc=TESTLDAP,dc=CBN</Property> > <Property name="ConnectionPassword">******</Property> > <Property > name="UserSearchBase">ou=people,dc=TESTLDAP,dc=CBN</Property> > <Property > name="UserNameListFilter">(objectClass=inetOrgPerson)</Property> > <Property name="UserNameAttribute">uid</Property> > <Property name="ReadLDAPGroups">false</Property> > <Property > name="GroupSearchBase">ou=groups,dc=TESTLDAP,dc=CBN</Property> > <Property > name="GroupSearchFilter">(objectClass=groupOfNames)</Property> > <Property name="GroupNameAttribute">cn</Property> > <Property name="MembershipAttribute">member</Property> > </UserStoreManager> > > <AuthorizationManager > > class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> > </AuthorizationManager> > </Realm> > </UserManager> > > I followed the directions for the read only setup at first. > > I thought that the part in the file: > > <AdminRole>admin</AdminRole> > <AdminUser> > <UserName>bcymet</UserName> > <Password>XXXXXX</Password> > </AdminUser> > > would give my user permissions that it needed. > > I guess I am missing something else. > > > On 12-01-03 11:23 AM, Hasini Gunasinghe wrote: >> Hi Bram, >> >> In order to login, you need to have login permission as well. (i.e only >> matching user name, password is not sufficient) >> >> In the first time login, you should login as the admin user which you >> specify in the user-mgt.xml. Admin user can then create users, roles and >> assign users to roles and permissions to those roles. >> >> So can you please make sure that you specify the admin user and admin >> role in user-mgt.xml correctly and also the admin user belongs to the >> admin role in the LDAP. >> Also, please make sure that you provided the correct value for the group >> search base property in user-mgt.xml >> >> If you can attach the user-mgt.xml, we might be able to provide more >> insight. >> >> Thanks, >> Hasini. >> >> On Tue, Jan 3, 2012 at 8:45 PM, Bram Cymet <bcy...@cbnco.com >> <mailto:bcy...@cbnco.com>> wrote: >> >> Hi, >> >> I am attempting to setup a wso2 identity server using my existing >> openldap instance as the userstore. >> >> I can see the server connecting to my ldap instance when I attempt to >> log in so I know the ConnectionURL, Name, and Password are correct. I >> can even see the server bind to my ldap instance successfully. However I >> can not log into the identity web interface. >> >> In the logs all I get is: >> >> [2012-01-03 09:55:11,033] WARN >> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - Failed >> Administrator login attempt 'bcymet[0]' at [2012-01-03 09:55:11,0032] >> from IP address 172.20.22.157 >> >> Any idea what might be going on or how I can up the logging to get a >> more detailed message? >> >> Thanks, >> >> -- >> Bram Cymet >> Software Developer >> Canadian Bank Note Co. Ltd. >> 613-608-9752 >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org <mailto:Carbon-dev@wso2.org> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. 613-608-9752 _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
