Hi Akila, Are you using AD in read only mode or read write mode?
If it is read only mode you should be using "org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager" as mentioned in [1]. "org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager" is used only when AD is used in read write mode. Also check whether the user has necessary permission to login to the admin console. [1] https://docs.wso2.com/display/IS500/Configuring+Primary+User+Stores On Wed, Oct 29, 2014 at 5:59 PM, Godwin Amila Shrimal <god...@wso2.com> wrote: > Hi Akila, > > Can you enable debug mode in Identity Server and recreate the issue and > send back the log file. Please see below link for enabling debug. > > > http://soasecurity.org/2014/02/26/how-to-wso2is-troubleshooting-wso2-identity-server-1/ > > > On Wed, Oct 29, 2014 at 5:44 PM, Akila Nimantha [IT/EKO/LOITS] < > aki...@lolctech.com> wrote: > >> Hi Godwin, >> >> >> >> Please check for the attached log file. >> >> >> >> Regards, >> >> Akila >> >> >> >> *From:* Godwin Amila Shrimal [mailto:god...@wso2.com] >> *Sent:* 29 October 2014 5:26 PM >> *To:* Akila Nimantha [IT/EKO/LOITS] >> *Cc:* dev@wso2.org >> *Subject:* Re: [Dev] integrating IS 5.0 with Active Directory >> >> >> >> Hi Akila, >> >> >> >> What is there error you are getting when trying to login ? can you send >> the identity server log ? >> >> >> >> >> >> Thanks >> >> Godwin >> >> >> >> >> >> On Wed, Oct 29, 2014 at 5:04 PM, Akila Nimantha [IT/EKO/LOITS] < >> aki...@lolctech.com> wrote: >> >> Hi all, >> >> >> >> I have a question regarding integrating IS 5.0 with Active Directory.I've >> setup where i can see all of the AD users and group in IS but I cant login >> to IS with any of the AD credentials. >> >> Also i've registered the travelocity.com webapp but unable to login >> through the app >> >> >> >> WSO2 IS configuration >> >> >> >> <Configuration> >> >> <AddAdmin>false</AddAdmin> >> >> <AdminRole>admin</AdminRole> >> >> <AdminUser> >> >> >> <UserName>FusionUsr</UserName> >> >> >> <Password>Fu$@1234</Password> >> >> </AdminUser> >> >> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default >> users in this role sees the registry root --> >> >> <Property name="dataSource">jdbc/WSO2CarbonDB</Property> >> >> </Configuration> >> >> >> >> <UserStoreManager >> class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager"> >> >> <Property >> name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property> >> >> <Property name="defaultRealmName">LOLC.com</Property> >> >> <Property >> name="Disabled">false</Property> >> >> <Property name="kdcEnabled">false</Property> >> >> <Property name="ConnectionURL">ldap://lolcpdc.lolc.com:389</Property> >> >> <Property name="ConnectionName">CN=FusionUsr,OU=IT Service >> Accounts,DC=LOLC,DC=com</Property> >> >> <Property name="ConnectionPassword">Fu$@1234</Property> >> >> <Property name="passwordHashMethod">PLAIN_TEXT</Property> >> >> <Property name="UserSearchBase">DC=LOLC,DC=com</Property> >> >> <Property name="UserEntryObjectClass">user</Property> >> >> <Property name="UserNameAttribute">sAMAccountName</Property> >> >> <Property name="isADLDSRole">false</Property> >> >> <Property name="userAccountControl">512</Property> >> >> <Property name="UserNameListFilter">(objectClass=user)</Property> >> >> <Property >> name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property> >> >> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> >> >> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property> >> >> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property> >> >> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property> >> >> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property> >> >> <Property name="ReadGroups">true</Property> >> >> <Property name="WriteGroups">true</Property> >> >> <Property name="EmptyRolesAllowed">true</Property> >> >> <Property name="GroupSearchBase">DC=LOLC,DC=com</Property> >> >> <Property name="GroupEntryObjectClass">group</Property> >> >> <Property name="GroupNameAttribute">cn</Property> >> >> <Property name="SharedGroupNameAttribute">cn</Property> >> >> <Property >> name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property> >> >> <Property name="SharedGroupEntryObjectClass">groups</Property> >> >> <Property >> name="SharedTenantNameListFilter">(object=organizationalUnit)</Property> >> >> <Property name="SharedTenantNameAttribute">ou</Property> >> >> <Property name="SharedTenantObjectClass">organizationalUnit</Property> >> >> <Property name="MembershipAttribute">member</Property> >> >> <Property name="GroupNameListFilter">(objectcategory=group)</Property> >> >> <Property >> name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property> >> >> <Property name="UserRolesCacheEnabled">true</Property> >> >> <Property name="Referral">follow</Property> >> >> <Property name="BackLinksEnabled">true</Property> >> >> <Property name="MaxRoleNameListLength">100</Property> >> >> <Property name="MaxUserNameListLength">100</Property> >> >> <Property name="SCIMEnabled">false</Property> >> >> </UserStoreManager> >> >> >> >> Regards, >> >> Akila >> >> This message (including any attachments) is intended only for the use of >> the individual or entity to which it is addressed and may contain >> information that is non-public, proprietary, privileged, confidential, and >> exempt from disclosure under applicable law or may constitute as attorney >> work product. If you are not the intended recipient, you are hereby >> notified that any use, dissemination, distribution, or copying of this >> communication is strictly prohibited. If you have received this >> communication in error, notify us immediately by telephone and (i) destroy >> this message if a facsimile or (ii) delete this message immediately if this >> is an electronic communication. Thank you. >> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >> >> >> -- >> >> *Godwin Amila Shrimal* >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165 <%2B94772264165>* >> >> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >> >> twitter: https://twitter.com/godwinamila >> >> This message (including any attachments) is intended only for the use of >> the individual or entity to which it is addressed and may contain >> information that is non-public, proprietary, privileged, confidential, and >> exempt from disclosure under applicable law or may constitute as attorney >> work product. If you are not the intended recipient, you are hereby >> notified that any use, dissemination, distribution, or copying of this >> communication is strictly prohibited. If you have received this >> communication in error, notify us immediately by telephone and (i) destroy >> this message if a facsimile or (ii) delete this message immediately if this >> is an electronic communication. Thank you. >> > > > > -- > *Godwin Amila Shrimal* > Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* > twitter: https://twitter.com/godwinamila > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Pulasthi Mahawithana* Software Engineer WSO2 Inc., http://wso2.com/ Mobile: +94-71-5179022 Blog: http://blog.pulasthi.org
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
