Hi Akila,
Great. Regarding the time taken to login, you can use DNPatterns to
optimize your search. If you have users in multiple ou's you can use the
"#" and spearate DNPatterns. for e.g. a DN pattern can be as follows.
uid={0},ou=marketing,ou=users,dc=wso2,dc=org*#*
uid={0},ou=admin,ou=users,dc=wso2,dc=org*#*uid={0},ou=Users,dc=wso2,dc=org.
This will first search if the user is in the marketing ou then the admin ou
and then the full tree.
By using DNPatterns efficiently you can reduce the time for the user to be
searched through the tree.
On Mon, Nov 3, 2014 at 10:25 AM, Akila Nimantha [IT/EKO/LOITS] <
aki...@lolctech.com> wrote:
> Hi Shani & Godwin,
>
>
>
> It works now .. J . problem was in different user attributes as shani
> said. Changed them and now its working good(but still get some more time to
> login..).
>
> Thank you shani and godwin for your instant support.
>
>
>
> Regards,
>
> Akila
>
>
>
>
>
> *From:* Shani Ranasinghe [mailto:sh...@wso2.com]
> *Sent:* 31 October 2014 6:13 PM
> *To:* Akila Nimantha [IT/EKO/LOITS]
> *Cc:* Dinesh J Weerakkody; Godwin Amila Shrimal; dev@wso2.org
>
> *Subject:* Re: [Dev] integrating IS 5.0 with Active Directory
>
>
>
> Hi Akila,
>
> While going through your configuration, I just noticed that the two
> properties "UserNameAttribute" and "UserNameSearchFilter" are refering to
> two different user attributes. Is it done intentionally? Ideally they
> should refer to the same attribute, for e.g. cn or uid or any attribute
> that is uniquely identifiable.
>
> It is also mentioned in the
> https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store
> documentation, point number 3.
>
> You can also refer to this
> http://venurakahawala.blogspot.com/2013/10/usernameattribute-and.html
> blog for more information.
>
>
>
>
>
> On Fri, Oct 31, 2014 at 4:57 PM, Akila Nimantha [IT/EKO/LOITS] <
> aki...@lolctech.com> wrote:
>
> Hi Dinesh,
>
>
>
> I have Tried in the local machine where connection can be established to
> LOLC.COM . now it says about invalid username password(because of null
> username)..
>
> Please check the log file attached.
>
>
>
> Regards,
>
> Akila
>
>
>
>
>
> *From:* Dinesh J Weerakkody [mailto:dine...@wso2.com]
> *Sent:* 31 October 2014 12:55 PM
>
>
> *To:* Akila Nimantha [IT/EKO/LOITS]
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] integrating IS 5.0 with Active Directory
>
>
>
> Hi Akila,
>
> There is connection issue to your LDAP server (LOLC.COM:389). Just check
> whether the connection can be established from the IS server to LDAP using
> another way (ping or tracert). What I guess is that server cannot find the
> path to LOLC.COM. If you can ping, just give a try using server IP
> instead of server name.
>
> Thanks,
>
>
>
> On Fri, Oct 31, 2014 at 11:02 AM, Akila Nimantha [IT/EKO/LOITS] <
> aki...@lolctech.com> wrote:
>
> Hi Godwin,
>
>
>
> Enabled the debug mode and still same here. Please check the attachment
> for the new log file.
>
>
>
> Regards,
>
> Akila
>
>
>
>
>
>
>
> *From:* Godwin Amila Shrimal [mailto:god...@wso2.com]
> *Sent:* 29 October 2014 5:59 PM
>
>
> *To:* Akila Nimantha [IT/EKO/LOITS]
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] integrating IS 5.0 with Active Directory
>
>
>
> Hi Akila,
>
>
>
> Can you enable debug mode in Identity Server and recreate the issue and
> send back the log file. Please see below link for enabling debug.
>
>
>
>
> http://soasecurity.org/2014/02/26/how-to-wso2is-troubleshooting-wso2-identity-server-1/
>
>
>
>
>
> On Wed, Oct 29, 2014 at 5:44 PM, Akila Nimantha [IT/EKO/LOITS] <
> aki...@lolctech.com> wrote:
>
> Hi Godwin,
>
>
>
> Please check for the attached log file.
>
>
>
> Regards,
>
> Akila
>
>
>
> *From:* Godwin Amila Shrimal [mailto:god...@wso2.com]
> *Sent:* 29 October 2014 5:26 PM
> *To:* Akila Nimantha [IT/EKO/LOITS]
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] integrating IS 5.0 with Active Directory
>
>
>
> Hi Akila,
>
>
>
> What is there error you are getting when trying to login ? can you send
> the identity server log ?
>
>
>
>
>
> Thanks
>
> Godwin
>
>
>
>
>
> On Wed, Oct 29, 2014 at 5:04 PM, Akila Nimantha [IT/EKO/LOITS] <
> aki...@lolctech.com> wrote:
>
> Hi all,
>
>
>
> I have a question regarding integrating IS 5.0 with Active Directory.I've
> setup where i can see all of the AD users and group in IS but I cant login
> to IS with any of the AD credentials.
>
> Also i've registered the travelocity.com webapp but unable to login
> through the app
>
>
>
> WSO2 IS configuration
>
>
>
> <Configuration>
>
> <AddAdmin>false</AddAdmin>
>
> <AdminRole>admin</AdminRole>
>
> <AdminUser>
>
>
> <UserName>FusionUsr</UserName>
>
>
> <Password>Fu$@1234</Password>
>
> </AdminUser>
>
> <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default
> users in this role sees the registry root -->
>
> <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
>
> </Configuration>
>
>
>
> <UserStoreManager
> class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
>
> <Property
> name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
>
> <Property name="defaultRealmName">LOLC.com</Property>
>
> <Property
> name="Disabled">false</Property>
>
> <Property name="kdcEnabled">false</Property>
>
> <Property name="ConnectionURL">ldap://lolcpdc.lolc.com:389</Property>
>
> <Property name="ConnectionName">CN=FusionUsr,OU=IT Service
> Accounts,DC=LOLC,DC=com</Property>
>
> <Property name="ConnectionPassword">Fu$@1234</Property>
>
> <Property name="passwordHashMethod">PLAIN_TEXT</Property>
>
> <Property name="UserSearchBase">DC=LOLC,DC=com</Property>
>
> <Property name="UserEntryObjectClass">user</Property>
>
> <Property name="UserNameAttribute">sAMAccountName</Property>
>
> <Property name="isADLDSRole">false</Property>
>
> <Property name="userAccountControl">512</Property>
>
> <Property name="UserNameListFilter">(objectClass=user)</Property>
>
> <Property
> name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
>
> <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
>
> <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
>
> <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
>
> <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
>
> <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
>
> <Property name="ReadGroups">true</Property>
>
> <Property name="WriteGroups">true</Property>
>
> <Property name="EmptyRolesAllowed">true</Property>
>
> <Property name="GroupSearchBase">DC=LOLC,DC=com</Property>
>
> <Property name="GroupEntryObjectClass">group</Property>
>
> <Property name="GroupNameAttribute">cn</Property>
>
> <Property name="SharedGroupNameAttribute">cn</Property>
>
> <Property
> name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
>
> <Property name="SharedGroupEntryObjectClass">groups</Property>
>
> <Property
> name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>
>
> <Property name="SharedTenantNameAttribute">ou</Property>
>
> <Property name="SharedTenantObjectClass">organizationalUnit</Property>
>
> <Property name="MembershipAttribute">member</Property>
>
> <Property name="GroupNameListFilter">(objectcategory=group)</Property>
>
> <Property
> name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
>
> <Property name="UserRolesCacheEnabled">true</Property>
>
> <Property name="Referral">follow</Property>
>
> <Property name="BackLinksEnabled">true</Property>
>
> <Property name="MaxRoleNameListLength">100</Property>
>
> <Property name="MaxUserNameListLength">100</Property>
>
> <Property name="SCIMEnabled">false</Property>
>
> </UserStoreManager>
>
>
>
> Regards,
>
> Akila
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and (i) destroy
> this message if a facsimile or (ii) delete this message immediately if this
> is an electronic communication. Thank you.
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
>
> --
>
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94772264165
>
> linkedin: http://lnkd.in/KUum6D
>
> twitter: https://twitter.com/godwinamila
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and (i) destroy
> this message if a facsimile or (ii) delete this message immediately if this
> is an electronic communication. Thank you.
>
>
>
>
>
> --
>
> *Godwin Amila Shrimal*
> Senior Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94772264165
>
> linkedin: http://lnkd.in/KUum6D
>
> twitter: https://twitter.com/godwinamila
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and (i) destroy
> this message if a facsimile or (ii) delete this message immediately if this
> is an electronic communication. Thank you.
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> --
>
>
> *Dinesh J. Weerakkody*
>
> Software Engineer
>
> WSO2 Inc.
> lean | enterprise | middleware
> M : +94 727 361788 | E : dine...@wso2.com | W : www.wso2.com
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and (i) destroy
> this message if a facsimile or (ii) delete this message immediately if this
> is an electronic communication. Thank you.
>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> --
>
> Thanks and Regards
> *, Shani Ranasinghe*
> Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 77 2273555
>
> linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain
> information that is non-public, proprietary, privileged, confidential, and
> exempt from disclosure under applicable law or may constitute as attorney
> work product. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication in error, notify us immediately by telephone and (i) destroy
> this message if a facsimile or (ii) delete this message immediately if this
> is an electronic communication. Thank you.
>
--
Thanks and Regards
*,Shani Ranasinghe*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94 77 2273555
linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
