Initial Startup of Wso2 Identity 5.10 is giving error: Admin user can not be assigned to Admin role
Initial Startup of Wso2 Identity 5.10 is giving error: Admin user can not be assigned to Admin role
我查看了很多类似问题的答案,但找不到这个。启动时我得到:
[2022-01-15 12:56:48,823] [] INFO {org.ops4j.pax.logging.spi.support.EventAdminConfigurationNotifier} - Sending Event Admin nofification (configuration successful) to org/ops4j/pax/logging/Configuration
[2022-01-15 12:56:49,009] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Starting WSO2 Carbon...
[2022-01-15 12:56:49,010] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Operating System : Linux 3.10.0-1160.49.1.el7.x86_64, amd64
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Home : /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Version : 1.8.0_312
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java VM : OpenJDK 64-Bit Server VM 25.312-b07,Red Hat, Inc.
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Carbon Home : /u01/ellucian/wso2is-5.10.0
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Temp Dir : /u01/ellucian/wso2is-5.10.0/tmp
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - User : root, en-US, America/New_York
[2022-01-15 12:56:49,108] [] INFO {org.wso2.carbon.crypto.provider.internal.DefaultCryptoProviderComponent} - 'CryptoService.Secret' property has not been set. 'org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider' won't be registered as an internal crypto provider. Please set the secret if the provider needs to be registered.
[2022-01-15 12:56:49,234] [] INFO {org.wso2.carbon.event.output.adapter.kafka.internal.ds.KafkaEventAdapterServiceDS} - Successfully deployed the Kafka output event adaptor service
[2022-01-15 12:56:49,721] [] INFO {org.wso2.carbon.identity.oauth.uma.grant.internal.UMA2GrantServiceComponent} - Policy evaluator registered successfully: DefaultPolicyEvaluator
[2022-01-15 12:56:49,722] [] INFO {org.wso2.carbon.identity.oauth.uma.grant.internal.UMA2GrantServiceComponent} - UMA Grant component activated successfully.
[2022-01-15 12:56:50,075] [] INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - Embedded LDAP is disabled.
[2022-01-15 12:56:50,119] [] INFO {org.wso2.carbon.mex.internal.Office365SupportMexComponent} - Office365Support MexServiceComponent bundle activated successfully..
[2022-01-15 12:56:50,132] [] INFO {org.wso2.carbon.mex2.internal.DynamicCRMCustomMexComponent} - DynamicCRMSupport MexServiceComponent bundle activated successfully.
[2022-01-15 12:56:51,436] [] INFO {org.wso2.carbon.user.core.common.DefaultRealmService} - Database already exists. Not creating a new database.
[2022-01-15 12:56:51,859] [] INFO {org.apache.jasper.servlet.TldScanner} - At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
[2022-01-15 12:56:52,175] [] INFO {org.wso2.carbon.identity.authenticator.x509Certificate.internal.X509CertificateServiceComponent} - X509 Certificate Servlet activated successfully..
[2022-01-15 12:56:52,427] [] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - nullType class java.lang.reflect.InvocationTargetException org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:397)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:224)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:129)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:72)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.internal.framework.BundleContextImpl.run(BundleContextImpl.java:842)
at org.eclipse.osgi.internal.framework.BundleContextImpl.run(BundleContextImpl.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
at org.eclipse.osgi.container.Module.doStart(Module.java:598)
at org.eclipse.osgi.container.Module.start(Module.java:462)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.run(ModuleContainer.java:1820)
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor.execute(EquinoxContainerAdaptor.java:150)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:351)
... 25 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be assigned to Admin role Add-Admin has been set to false. Please do the assign it in user store level
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:8513)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:246)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:120)
at org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.<init>(ActiveDirectoryUserStoreManager.java:115)
... 30 more
使用 ldapsearch 我已经检查了其中的一些属性,但这里特别是与成为服务帐户查询的管理员角色成员相关的管理员用户对象的部分。两者都存在:
./ldapsearch -x -W -H ldap://VPWPWDC1.DC1.PENNWEST.EDU/ -D "ethossrvc@pennwest.edu" -b "CN=Staffen\, William,OU=STAFF,OU=Accounts,DC=DC1,DC=Pennwest,DC=EDU"
dn: CN=Staffen\, William,OU=Staff,OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Staffen, William
sn: Staffen
givenName: William
distinguishedName: CN=Staffen\, William,OU=Staff,OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU
instanceType: 4
memberOf: CN=AG-ITS-ETHOS-ADMINS,OU=ITS,OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU
这里是用户-mgt.xml:
<UserManager xmlns:svns="http://org.wso2.securevault/configuration">
17 <Realm>
18 <Configuration>
19 <AddAdmin>false</AddAdmin>
20 <AdminRole>AG-ITS-ETHOS-ADMINS</AdminRole>
21 <AdminUser>
22 <UserName>staffen</UserName>
23 <Password>irrelevant</Password>
24 </AdminUser>
25 <EveryOneRoleName>everyone</EveryOneRoleName>
26
27 <OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
28 <!-- By default users in this role sees the registry root -->
29 <Property name="isCascadeDeleteEnabled">true</Property>
30 <Property name="initializeNewClaimManager">true</Property>
31 <Property name="dataSource">jdbc/WSO2IdentityDB</Property>
32 </Configuration>
33
34
35 <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
36 <Property name="GetAllRolesOfUserEnabled">false</Property>
37 <Property name="AdminRoleManagementPermissions">/permission</Property>
38 <Property name="AuthorizationCacheEnabled">true</Property>
39 </AuthorizationManager>
40
41
42
43
44
45 <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
46 <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
47 <Property name="defaultRealmName">PENNWEST.EDU</Property>
48 <Property name="Disabled">false</Property>
49 <Property name="kdcEnabled">false</Property>
50 <Property name="ConnectionURL">ldaps://VPWPWDC1.DC1.PENNWEST.EDU:636</Property>
51 <Property name="ConnectionName">CN=SRVC_ethossrvc,OU=Accounts,OU=ServiceAG,DC=DC1,DC=PENNWEST,DC=EDU</Property>
52 <Property name="ConnectionPassword">#########</Property>
53 <Property name="passwordHashMethod">PLAIN_TEXT</Property>
54 <Property name="UserSearchBase">OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU</Property>
55 <Property name="UserEntryObjectClass">user</Property>
56 <Property name="UserNameAttribute">sAMAccountName</Property>
57 <Property name="isADLDSRole">false</Property>
58 <Property name="userAccountControl">512</Property>
59 <Property name="UserNameListFilter">(objectClass=user)</Property>
60 <Property name="UserNameSearchFilter">(&(objectClass=person)(|(sAMAccountName=?)(mail=?)))</Property>
61 <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
62 <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
63 <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
64 <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
65 <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
66 <Property name="ReadGroups">true</Property>
67 <Property name="WriteGroups">true</Property>
68 <Property name="EmptyRolesAllowed">true</Property>
69 <Property name="GroupSearchBase">OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU</Property>
70 <Property name="GroupEntryObjectClass">group</Property>
71 <Property name="GroupNameAttribute">cn</Property>
72 <Property name="SharedGroupNameAttribute">cn</Property>
73 <Property name="SharedGroupSearchBase">OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU</Property>
74 <Property name="SharedGroupEntryObjectClass">groups</Property>
75 <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>
76 <Property name="SharedTenantNameAttribute">ou</Property>
77 <Property name="SharedTenantObjectClass">organizationalUnit</Property>
78 <Property name="MembershipAttribute">member</Property>
79 <Property name="GroupNameListFilter">(objectcategory=group)</Property>
80 <Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
81 <Property name="UserRolesCacheEnabled">true</Property>
82 <Property name="Referral">ignore</Property>
83 <Property name="BackLinksEnabled">true</Property>
84 <Property name="MaxRoleNameListLength">100</Property>
85 <Property name="MaxUserNameListLength">100</Property>
86 <Property name="SCIMEnabled">false</Property>
87 <Property name="MultiAttributeSeparator">,</Property>
88 <Property name="ReadTimeout"/>
89 <Property name="RetryAttempts"/>
90
91 <Property name="java.naming.ldap.attributes.binary">objectGUID</Property>
92 <Property name="ImmutableAttributes">profileConfiguration</Property>
93 </UserStoreManager>
94 </Realm>
95 </UserManager>
感谢任何帮助。
编辑:另请注意:我以三个数据库(local、reg 和 id)中的每一个的 wso2 管理员用户身份连接到 sql 服务器,并且能够连接打开每个数据库并查看表。
您收到一条错误消息,
org.wso2.carbon.user.core.UserStoreException: Admin user can not be assigned to Admin role Add-Admin has been set to false. Please do the assign it in user store level
在 WSO2IS-5.10 中,您可以在 /repository/conf/user-mgt.xml 文件中设置 <AddAdmin>true</AddAdmin>,在您的 user- mgt.xml 文件处于 false 状态
我查看了很多类似问题的答案,但找不到这个。启动时我得到:
[2022-01-15 12:56:48,823] [] INFO {org.ops4j.pax.logging.spi.support.EventAdminConfigurationNotifier} - Sending Event Admin nofification (configuration successful) to org/ops4j/pax/logging/Configuration
[2022-01-15 12:56:49,009] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Starting WSO2 Carbon...
[2022-01-15 12:56:49,010] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Operating System : Linux 3.10.0-1160.49.1.el7.x86_64, amd64
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Home : /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/jre
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Version : 1.8.0_312
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java VM : OpenJDK 64-Bit Server VM 25.312-b07,Red Hat, Inc.
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Carbon Home : /u01/ellucian/wso2is-5.10.0
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - Java Temp Dir : /u01/ellucian/wso2is-5.10.0/tmp
[2022-01-15 12:56:49,011] [] INFO {org.wso2.carbon.core.internal.CarbonCoreActivator} - User : root, en-US, America/New_York
[2022-01-15 12:56:49,108] [] INFO {org.wso2.carbon.crypto.provider.internal.DefaultCryptoProviderComponent} - 'CryptoService.Secret' property has not been set. 'org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider' won't be registered as an internal crypto provider. Please set the secret if the provider needs to be registered.
[2022-01-15 12:56:49,234] [] INFO {org.wso2.carbon.event.output.adapter.kafka.internal.ds.KafkaEventAdapterServiceDS} - Successfully deployed the Kafka output event adaptor service
[2022-01-15 12:56:49,721] [] INFO {org.wso2.carbon.identity.oauth.uma.grant.internal.UMA2GrantServiceComponent} - Policy evaluator registered successfully: DefaultPolicyEvaluator
[2022-01-15 12:56:49,722] [] INFO {org.wso2.carbon.identity.oauth.uma.grant.internal.UMA2GrantServiceComponent} - UMA Grant component activated successfully.
[2022-01-15 12:56:50,075] [] INFO {org.wso2.carbon.ldap.server.DirectoryActivator} - Embedded LDAP is disabled.
[2022-01-15 12:56:50,119] [] INFO {org.wso2.carbon.mex.internal.Office365SupportMexComponent} - Office365Support MexServiceComponent bundle activated successfully..
[2022-01-15 12:56:50,132] [] INFO {org.wso2.carbon.mex2.internal.DynamicCRMCustomMexComponent} - DynamicCRMSupport MexServiceComponent bundle activated successfully.
[2022-01-15 12:56:51,436] [] INFO {org.wso2.carbon.user.core.common.DefaultRealmService} - Database already exists. Not creating a new database.
[2022-01-15 12:56:51,859] [] INFO {org.apache.jasper.servlet.TldScanner} - At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
[2022-01-15 12:56:52,175] [] INFO {org.wso2.carbon.identity.authenticator.x509Certificate.internal.X509CertificateServiceComponent} - X509 Certificate Servlet activated successfully..
[2022-01-15 12:56:52,427] [] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - nullType class java.lang.reflect.InvocationTargetException org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:397)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:224)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:129)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:72)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.internal.framework.BundleContextImpl.run(BundleContextImpl.java:842)
at org.eclipse.osgi.internal.framework.BundleContextImpl.run(BundleContextImpl.java:1)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
at org.eclipse.osgi.container.Module.doStart(Module.java:598)
at org.eclipse.osgi.container.Module.start(Module.java:462)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.run(ModuleContainer.java:1820)
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor.execute(EquinoxContainerAdaptor.java:150)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:351)
... 25 more
Caused by: org.wso2.carbon.user.core.UserStoreException: Admin user can not be assigned to Admin role Add-Admin has been set to false. Please do the assign it in user store level
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:8513)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:246)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:120)
at org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.<init>(ActiveDirectoryUserStoreManager.java:115)
... 30 more
使用 ldapsearch 我已经检查了其中的一些属性,但这里特别是与成为服务帐户查询的管理员角色成员相关的管理员用户对象的部分。两者都存在:
./ldapsearch -x -W -H ldap://VPWPWDC1.DC1.PENNWEST.EDU/ -D "ethossrvc@pennwest.edu" -b "CN=Staffen\, William,OU=STAFF,OU=Accounts,DC=DC1,DC=Pennwest,DC=EDU"
dn: CN=Staffen\, William,OU=Staff,OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Staffen, William
sn: Staffen
givenName: William
distinguishedName: CN=Staffen\, William,OU=Staff,OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU
instanceType: 4
memberOf: CN=AG-ITS-ETHOS-ADMINS,OU=ITS,OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU
这里是用户-mgt.xml:
<UserManager xmlns:svns="http://org.wso2.securevault/configuration">
17 <Realm>
18 <Configuration>
19 <AddAdmin>false</AddAdmin>
20 <AdminRole>AG-ITS-ETHOS-ADMINS</AdminRole>
21 <AdminUser>
22 <UserName>staffen</UserName>
23 <Password>irrelevant</Password>
24 </AdminUser>
25 <EveryOneRoleName>everyone</EveryOneRoleName>
26
27 <OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>
28 <!-- By default users in this role sees the registry root -->
29 <Property name="isCascadeDeleteEnabled">true</Property>
30 <Property name="initializeNewClaimManager">true</Property>
31 <Property name="dataSource">jdbc/WSO2IdentityDB</Property>
32 </Configuration>
33
34
35 <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
36 <Property name="GetAllRolesOfUserEnabled">false</Property>
37 <Property name="AdminRoleManagementPermissions">/permission</Property>
38 <Property name="AuthorizationCacheEnabled">true</Property>
39 </AuthorizationManager>
40
41
42
43
44
45 <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
46 <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
47 <Property name="defaultRealmName">PENNWEST.EDU</Property>
48 <Property name="Disabled">false</Property>
49 <Property name="kdcEnabled">false</Property>
50 <Property name="ConnectionURL">ldaps://VPWPWDC1.DC1.PENNWEST.EDU:636</Property>
51 <Property name="ConnectionName">CN=SRVC_ethossrvc,OU=Accounts,OU=ServiceAG,DC=DC1,DC=PENNWEST,DC=EDU</Property>
52 <Property name="ConnectionPassword">#########</Property>
53 <Property name="passwordHashMethod">PLAIN_TEXT</Property>
54 <Property name="UserSearchBase">OU=Accounts,DC=DC1,DC=PENNWEST,DC=EDU</Property>
55 <Property name="UserEntryObjectClass">user</Property>
56 <Property name="UserNameAttribute">sAMAccountName</Property>
57 <Property name="isADLDSRole">false</Property>
58 <Property name="userAccountControl">512</Property>
59 <Property name="UserNameListFilter">(objectClass=user)</Property>
60 <Property name="UserNameSearchFilter">(&(objectClass=person)(|(sAMAccountName=?)(mail=?)))</Property>
61 <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
62 <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
63 <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
64 <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
65 <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
66 <Property name="ReadGroups">true</Property>
67 <Property name="WriteGroups">true</Property>
68 <Property name="EmptyRolesAllowed">true</Property>
69 <Property name="GroupSearchBase">OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU</Property>
70 <Property name="GroupEntryObjectClass">group</Property>
71 <Property name="GroupNameAttribute">cn</Property>
72 <Property name="SharedGroupNameAttribute">cn</Property>
73 <Property name="SharedGroupSearchBase">OU=AccountGroups,OU=Groups,DC=DC1,DC=PENNWEST,DC=EDU</Property>
74 <Property name="SharedGroupEntryObjectClass">groups</Property>
75 <Property name="SharedTenantNameListFilter">(object=organizationalUnit)</Property>
76 <Property name="SharedTenantNameAttribute">ou</Property>
77 <Property name="SharedTenantObjectClass">organizationalUnit</Property>
78 <Property name="MembershipAttribute">member</Property>
79 <Property name="GroupNameListFilter">(objectcategory=group)</Property>
80 <Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
81 <Property name="UserRolesCacheEnabled">true</Property>
82 <Property name="Referral">ignore</Property>
83 <Property name="BackLinksEnabled">true</Property>
84 <Property name="MaxRoleNameListLength">100</Property>
85 <Property name="MaxUserNameListLength">100</Property>
86 <Property name="SCIMEnabled">false</Property>
87 <Property name="MultiAttributeSeparator">,</Property>
88 <Property name="ReadTimeout"/>
89 <Property name="RetryAttempts"/>
90
91 <Property name="java.naming.ldap.attributes.binary">objectGUID</Property>
92 <Property name="ImmutableAttributes">profileConfiguration</Property>
93 </UserStoreManager>
94 </Realm>
95 </UserManager>
感谢任何帮助。
编辑:另请注意:我以三个数据库(local、reg 和 id)中的每一个的 wso2 管理员用户身份连接到 sql 服务器,并且能够连接打开每个数据库并查看表。
您收到一条错误消息,
org.wso2.carbon.user.core.UserStoreException: Admin user can not be assigned to Admin role Add-Admin has been set to false. Please do the assign it in user store level
在 WSO2IS-5.10 中,您可以在 /repository/conf/user-mgt.xml 文件中设置 <AddAdmin>true</AddAdmin>,在您的 user- mgt.xml 文件处于 false 状态