WSO2 APIM 4.0.0 - 组未分配给用户
WSO2 APIM 4.0.0 - Groups are not assigned to Users
我正在尝试针对 OpenLDAP 配置 API Manager 4.0.0。
从 ldap 中正确获取了用户和组,我可以在 carbon UI 上看到它们 UI。
当我导航到一个组的“查看用户”时,我可以看到使用 ldap 的“uniqueMember”属性获取的用户。
但是当我导航到一个用户的“查看角色”时,只显示“Internal/everyone”。用户的组没有分配给他。
只用一种方式看待关系正常吗?
我的 OpenLDAP 没有“memberOf”属性模式。也许这是必需的?
我正在使用 wso4am-4.0 的全新安装。0.zip 一体机,无需修改。
这是用户存储的配置:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://xxx:389</Property>
<Property name="ConnectionName">cn=admin,dc=mycompany-dev,dc=fr</Property>
<Property encrypted="true" name="ConnectionPassword">xxx</Property>
<Property name="UserSearchBase">ou=Users,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="UserEntryObjectClass">person</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserIDAttribute">scimId</Property>
<Property name="UserIdSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfUniqueNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">uniqueMember</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">true</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="LDAPInitialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</Property>
<Property name="DateAndTimePattern">Date And Time Pattern</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="ClaimOperationsSupported">true</Property>
<Property name="MembershipAttributeRange">0</Property>
<Property name="UserCacheExpiryMilliseconds"/>
<Property name="UserDNCacheEnabled">true</Property>
<Property name="StartTLSEnabled">false</Property>
<Property name="ConnectionRetryDelay">120000</Property>
<Property name="ImmutableAttributes"/>
<Property name="TimestampAttributes"/>
<Property name="DomainName">CompanyUsers</Property>
<Property name="Description"/>
</UserStoreManager>
仅供参考,我在激活日志后找到了答案:
DEBUG
{org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager} - No UserID found for the property: uid, value: user1, in domain: COMPANYUSERS
由于我的 Ldap 中不存在 scimId,我的用户被错误地获取
<Property name="UserIDAttribute">scimId</Property>
我改成了 uid,现在可以用了。
<Property name="UserIDAttribute">uid</Property>
我正在尝试针对 OpenLDAP 配置 API Manager 4.0.0。
从 ldap 中正确获取了用户和组,我可以在 carbon UI 上看到它们 UI。
当我导航到一个组的“查看用户”时,我可以看到使用 ldap 的“uniqueMember”属性获取的用户。
但是当我导航到一个用户的“查看角色”时,只显示“Internal/everyone”。用户的组没有分配给他。
只用一种方式看待关系正常吗?
我的 OpenLDAP 没有“memberOf”属性模式。也许这是必需的?
我正在使用 wso4am-4.0 的全新安装。0.zip 一体机,无需修改。
这是用户存储的配置:
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://xxx:389</Property>
<Property name="ConnectionName">cn=admin,dc=mycompany-dev,dc=fr</Property>
<Property encrypted="true" name="ConnectionPassword">xxx</Property>
<Property name="UserSearchBase">ou=Users,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="UserEntryObjectClass">person</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserIDAttribute">scimId</Property>
<Property name="UserIdSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=Groups,ou=wso2,dc=mycompany-dev,dc=fr</Property>
<Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfUniqueNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">uniqueMember</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">true</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="LDAPInitialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</Property>
<Property name="DateAndTimePattern">Date And Time Pattern</Property>
<Property name="CaseInsensitiveUsername">true</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">false</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="ClaimOperationsSupported">true</Property>
<Property name="MembershipAttributeRange">0</Property>
<Property name="UserCacheExpiryMilliseconds"/>
<Property name="UserDNCacheEnabled">true</Property>
<Property name="StartTLSEnabled">false</Property>
<Property name="ConnectionRetryDelay">120000</Property>
<Property name="ImmutableAttributes"/>
<Property name="TimestampAttributes"/>
<Property name="DomainName">CompanyUsers</Property>
<Property name="Description"/>
</UserStoreManager>
仅供参考,我在激活日志后找到了答案:
DEBUG {org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager} - No UserID found for the property: uid, value: user1, in domain: COMPANYUSERS
由于我的 Ldap 中不存在 scimId,我的用户被错误地获取
<Property name="UserIDAttribute">scimId</Property>
我改成了 uid,现在可以用了。
<Property name="UserIDAttribute">uid</Property>