Hi,
I could see secondary domain and AD users with following config. But that
config contains some properties with spaces. isn't this something we need
to fix?
<UserStoreManager
class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="Disabled">false</Property>
* <Property name="Diabled">false</Property>*
<Property name="kdcEnabled">false</Property>
<Property
name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
* <Property name="Connection
Name">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>*
<Property name="ConnectionURL">ldaps://192.168.18.13:636</Property>
*<Property name="Connection URL">ldaps://192.168.18.13:636
<http://192.168.18.13:636></Property>*
<Property name="ConnectionPassword">pass#word2</Property>
* <Property name="Connection Password">pass#word2</Property>*
<Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>
* <Property name="User Search Base">CN=Users,DC=wso2,DC=test</Property>*
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
* <Property name="User Search
Filter">(&(objectClass=user)(cn=?))</Property> <Property name="User
Object Class">(objectClass=user)</Property> <Property name="User Entry
Object Class">user</Property>*
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
* <Property name="Username Attribute">cn</Property>*
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property
name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property
name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
<Property name="SharedGroupEntryObjectClass">groups</Property>
<Property
name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property
name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="DomainName">AD2</Property>
</UserStoreManager>
On Thu, Jun 4, 2015 at 12:07 PM, Amalka Subasinghe <ama...@wso2.com> wrote:
> Hi,
>
> I'm trying to setup AD as secondary user store in EMM 1.1.0.
>
> When I try to create it via UI it creates the xml file as [1]. each
> property contains a space between words
> then the carbon log gives an error [2] saying "Required ConnectionURL
> property is not set at the LDAP configurations"
> Then I removed the space in between property "Connection URL" and save.
> Then carbon log gives another error [3] - "Required mandatory property
> Connection URL is not defined!"
> So I gave both "Connection URL" and "ConnectionURL" in xml file to solve
> the issue with ConnectionURL
>
> Same as above, I had to specify the same property with and without space
> to fix the errors in carbon log and there were some properties missing in
> the xml file too. had to add those manually.
> [4] shows the xml file after fixing all the errors. [missing properties
> shows in red color.]
>
> Still I can't see the Secondary user domain and users of the AD in users
> page. How can I fix this?
>
> [1]
>
> <?xml version="1.0" encoding="UTF-8"?><UserStoreManager
> class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
> <Property name="*Connection Name*
> ">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
> <Property name="Connection URL">ldaps://192.168.18.13:636</Property>
> <Property name="Connection Password">pass#word2</Property>
> <Property name="User Search Base">CN=Users,DC=wso2,DC=test</Property>
> <Property name="Diabled">false</Property>
> <Property name="User Object Class">(objectClass=user)</Property>
> <Property name="Username Attribute">cn</Property>
> <Property name="User Search
> Filter">(&(objectClass=user)(cn=?))</Property>
> <Property name="User Entry Object Class">user</Property>
> <Property name="Group Entry Object Class">group</Property>
> <Property name="Maximum User List Length">100</Property>
> <Property name="Maximum Role List Length">100</Property>
> <Property name="Enable User Role Cache">true</Property>
> <Property name="Enable SCIM">false</Property>
> <Property name="ReadGroups">true</Property>
> <Property name="Group Search Base">CN=Users,DC=WSO2,DC=Com</Property>
> <Property name="Group Object Class">(objectcategory=group)</Property>
> <Property name="Group Name Attribute">cn</Property>
> <Property name="Membership Attribute">member</Property>
> <Property name="Member Of Attribute"/>
> <Property name="Group Search
> Filter">(&(objectClass=group)(cn=?))</Property>
> <Property name="Password Hashing Algorithm">PLAIN_TEXT</Property>
> <Property name="Password RegEx (Javascript)">^[\S]{5,30}$</Property>
> <Property name="Username RegEx (Javascript)">^[\S]{3,30}$</Property>
> <Property name="Username RegEx
> (Java)">[a-zA-Z0-9._-|//]{3,30}$</Property>
> <Property name="Role Name RegEx (Javascript)">^[\S]{3,30}$</Property>
> <Property name="Role Name RegEx
> (Java)">[a-zA-Z0-9._-|//]{3,30}$</Property>
> <Property name="Enable Write Groups">true</Property>
> <Property name="User DN
> Pattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
> <Property name="Allow Empty Roles">true</Property>
> <Property name="Default Realm Name">WSO2.ORG</Property>
> <Property name="Enable KDC">false</Property>
> <Property name="Display Name Attribute">cn</Property>
> <Property name="Is ADLDS Role">false</Property>
> <Property name="User Account Control">512</Property>
> <Property name="Referral">follow</Property>
> <Property name="Enable Back Links">true</Property>
> <Property name="DomainName">AD</Property>
> <Property name="Description"/>
> </UserStoreManager>
>
> [2]
>
> [2015-06-04 11:32:59,024] ERROR
> {org.wso2.carbon.user.core.common.AbstractUserStoreManager} - Cannot
> create org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
> at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.createSecondaryUserStoreManager(AbstractUserStoreManager.java:3469)
> at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.addSecondaryUserStoreManager(AbstractUserStoreManager.java:3525)
> at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:65)
> at
> org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer.deploy(UserStoreConfigurationDeployer.java:58)
> at
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
> at
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:807)
> at
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
> at
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:377)
> at
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:254)
> at
> org.apache.axis2.deployment.DeploymentEngine.loadServices(DeploymentEngine.java:135)
> at
> org.wso2.carbon.core.CarbonAxisConfigurator.loadServices(CarbonAxisConfigurator.java:464)
> at
> org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:95)
> at
> org.wso2.carbon.core.CarbonConfigurationContextFactory.createNewConfigurationContext(CarbonConfigurationContextFactory.java:65)
> at
> org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:398)
> at
> org.wso2.carbon.core.init.CarbonServerManager.start(CarbonServerManager.java:219)
> at
> org.wso2.carbon.core.internal.CarbonCoreServiceComponent.activate(CarbonCoreServiceComponent.java:77)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
> at
> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
> at
> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:347)
> at
> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
> at
> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
> at
> org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
> at
> org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
> at
> org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
> at
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
> at
> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
> at
> org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
> at
> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)
> at
> org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)
> at
> org.eclipse.equinox.http.servlet.internal.Activator.registerHttpService(Activator.java:81)
> at
> org.eclipse.equinox.http.servlet.internal.Activator.addProxyServlet(Activator.java:60)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.init(ProxyServlet.java:40)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.init(DelegationServlet.java:38)
> at
> org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1267)
> at
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1186)
> at
> org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1081)
> at
> org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5027)
> at
> org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5314)
> at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
> at
> org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.wso2.carbon.user.core.UserStoreException: Required
> ConnectionURL property is not set at the LDAP configurations
> at
> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.checkRequiredUserStoreConfigurations(ReadOnlyLDAPUserStoreManager.java:214)
> at
> org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.checkRequiredUserStoreConfigurations(ReadWriteLDAPUserStoreManager.java:1682)
> at
> org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.checkRequiredUserStoreConfigurations(ActiveDirectoryUserStoreManager.java:398)
> at
> org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:133)
> at
> org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:102)
> at
> org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.<init>(ActiveDirectoryUserStoreManager.java:85)
> ... 56 more
>
> [3]
>
> [2015-06-04 11:35:34,128] ERROR
> {org.wso2.carbon.user.core.config.XMLProcessorUtils} - Required mandatory
> property Connection URL is not defined!
> [2015-06-04 11:35:34,129] ERROR
> {org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor} - Error
> while building user store manager from file
> org.wso2.carbon.user.core.UserStoreException: A required mandatory field
> is missing.
> at
> org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.buildUserStoreConfiguration(UserStoreConfigXMLProcessor.java:106)
> at
> org.wso2.carbon.user.core.config.UserStoreConfigXMLProcessor.buildUserStoreConfigurationFromFile(UserStoreConfigXMLProcessor.java:70)
> at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:43)
> at
> org.wso2.carbon.identity.user.store.configuration.deployer.UserStoreConfigurationDeployer.deploy(UserStoreConfigurationDeployer.java:58)
> at
> org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
> at
> org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:807)
> at
> org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
> at
> org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:377)
> at
> org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:254)
> at
> org.apache.axis2.deployment.RepositoryListener.startListener(RepositoryListener.java:371)
> at
> org.apache.axis2.deployment.scheduler.SchedulerTask.checkRepository(SchedulerTask.java:59)
> at
> org.apache.axis2.deployment.scheduler.SchedulerTask.run(SchedulerTask.java:67)
> at
> org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.runAxisDeployment(CarbonDeploymentSchedulerTask.java:79)
> at
> org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.run(CarbonDeploymentSchedulerTask.java:124)
> at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
> at
> java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> [2015-06-04 11:35:34,129] INFO
> {org.apache.axis2.deployment.DeploymentEngine} -
> org.apache.axis2.deployment.DeploymentException: The deployment of AD.xml
> is not valid.
>
> [4]
>
> <?xml version="1.0" encoding="UTF-8"?><UserStoreManager
> class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
> <Property name="Connection
> Name">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
> * <Property
> name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>*
> <Property name="Connection URL">ldaps://192.168.18.13:636</Property>
> * <Property name="ConnectionURL">ldaps://192.168.18.13:636
> <http://192.168.18.13:636></Property>*
> <Property name="Connection Password">pass#word2</Property>
> * <Property name="ConnectionPassword">pass#word2</Property>*
> <Property name="User Search Base">CN=Users,DC=wso2,DC=test</Property>
> * <Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>*
> <Property name="Diabled">false</Property>
> <Property name="User Object Class">(objectClass=user)</Property>
> * <Property name="UserNameListFilter">(objectClass=user)</Property>*
> <Property name="Username Attribute">cn</Property>
> <Property name="UserNameAttribute">cn</Property>
> <Property name="User Search
> Filter">(&(objectClass=user)(cn=?))</Property>
> * <Property
> name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>*
> <Property name="User Entry Object Class">user</Property>
> * <Property name="UserEntryObjectClass">user</Property>*
> <Property name="Group Entry Object Class">group</Property>
> * <Property name="GroupEntryObjectClass">group</Property>*
> <Property name="Maximum User List Length">100</Property>
> <Property name="Maximum Role List Length">100</Property>
> <Property name="Enable User Role Cache">true</Property>
> <Property name="Enable SCIM">false</Property>
> <Property name="ReadGroups">true</Property>
> <Property name="Group Search Base">CN=Users,DC=WSO2,DC=Com</Property>
> * <Property name="GroupSearchBase">CN=Users,DC=WSO2,DC=Com</Property>*
> <Property name="Group Object Class">(objectcategory=group)</Property>
> * <Property
> name="GroupNameListFilter">(objectcategory=group)</Property>*
> <Property name="Group Name Attribute">cn</Property>
> <Property name="GroupNameAttribute">cn</Property>
> <Property name="Membership Attribute">member</Property>
> <Property name="MembershipAttribute">member</Property>
> <Property name="Member Of Attribute"/>
> <Property name="Group Search
> Filter">(&(objectClass=group)(cn=?))</Property>
> * <Property
> name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property> *
>
> <Property name="Password Hashing Algorithm">PLAIN_TEXT</Property>
> <Property name="Password RegEx (Javascript)">^[\S]{5,30}$</Property>
> <Property name="Username RegEx (Javascript)">^[\S]{3,30}$</Property>
> <Property name="Username RegEx
> (Java)">[a-zA-Z0-9._-|//]{3,30}$</Property>
> <Property name="Role Name RegEx (Javascript)">^[\S]{3,30}$</Property>
> <Property name="Role Name RegEx
> (Java)">[a-zA-Z0-9._-|//]{3,30}$</Property>
> <Property name="Enable Write Groups">true</Property>
> <Property name="User DN
> Pattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
> <Property name="Allow Empty Roles">true</Property>
> <Property name="Default Realm Name">WSO2.ORG</Property>
> <Property name="Enable KDC">false</Property>
> <Property name="Display Name Attribute">cn</Property>
> <Property name="Is ADLDS Role">false</Property>
> <Property name="User Account Control">512</Property>
> <Property name="Referral">follow</Property>
> <Property name="Enable Back Links">true</Property>
> <Property name="DomainName">AD</Property>
> <Property name="Description"/>
> </UserStoreManager>
>
> --
> Amalka Subasinghe
> Senior Software Engineer
> WSO2 Inc.
> Mobile: +94 77 9401267
>
--
Amalka Subasinghe
Senior Software Engineer
WSO2 Inc.
Mobile: +94 77 9401267
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
