Question

我已使用外部LDAP配置了wso2 api manager，即Microsoft Active Directory.已建立连通性，并且能够看到AD中存在的WSO2 API用户存储中的所有用户。我有4个AD中的用户

Users : WSo2 Admin, WSO2 User1, WSO2 User2

但是我只能用一个用户登录，该用户在配置文件中分配了admin角色，如下面的代码片段。

<AdminUser> <UserName>Wso2 Admin</UserName> <Password>abcdef@01</Password> </AdminUser>

现在，我只能使用WSo2 Admin登录，如果我在配置文件中分配了管理员角色，则其他用户也可以登录。

但是我想用AD中存在的每个用户登录，即WSo2 Admin, WSO2 User1, WSO2 User2

这是我的配置文件：

<?xml version="1.0" encoding="UTF-8"?>
<UserManager>
    <Realm>
        <Configuration>
            <AddAdmin>false</AddAdmin>
            <AdminRole>admin</AdminRole>
            <AdminUser>
                <UserName>Wso2 Admin</UserName>
                <Password>abcdef@01</Password>
            </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName>
            <!-- By default users in this role sees the registry root -->
            <Property name="isCascadeDeleteEnabled">true</Property>
            <Property name="initializeNewClaimManager">true</Property>
            <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ConnectionURL">ldap://test.xxxx.com:389</Property> 
            <Property name="ConnectionName">CN=Wso2 Admin,OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="ConnectionPassword">abcdef@01</Property>
            <Property name="AnonymousBind">false</Property>
            <Property name="UserSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="UserEntryObjectClass">user</Property>
            <Property name="UserNameAttribute">cn</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>
            <Property name="UserNameListFilter">(objectClass=user)</Property>
            <Property name="DisplayNameAttribute"/>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="GroupSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
            <Property name="GroupEntryObjectClass">group</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>
            <Property name="GroupNameListFilter">(objectcategory=group)</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="MemberOfAttribute">memberOf</Property>
            <Property name="BackLinksEnabled">true</Property>
            <Property name="Referral">follow</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="SCIMEnabled">false</Property>
            <Property name="IsBulkImportSupported">true</Property>
            <Property name="EmptyRolesAllowed">true</Property>
            <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
            <Property name="MultiAttributeSeparator">,</Property>
            <Property name="isADLDSRole">false</Property>
            <Property name="userAccountControl">512</Property>
            <Property name="MaxUserNameListLength">100</Property>     
            <Property name="MaxRoleNameListLength">100</Property>                     
            <Property name="MembershipAttributeRange">1500</Property>
            <Property name="kdcEnabled">false</Property>
            <Property name="defaultRealmName">WSO2.ORG</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="ConnectionPoolingEnabled">false</Property>
            <Property name="LDAPConnectionTimeout">5000</Property>
            <Property name="ReadTimeout"/>
            <Property name="RetryAttempts"/>
        </UserStoreManager>

        <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
            <Property name="AdminRoleManagementPermissions">/permission</Property>
            <Property name="AuthorizationCacheEnabled">true</Property>
            <Property name="GetAllRolesOfUserEnabled">true</Property>
        </AuthorizationManager>
    </Realm>
</UserManager>

Answer 1

仅允许管理员（管理员组的成员）登录到管理控制台。

如果您希望任何用户登录，则可以尝试找到角色Internal/everyone并向该角色添加权限Login。

但是，默认情况下，用户将只能更改其密码（即使在您使用ldaps连接而不是ldap之前也不是这样）

无法在wso2 api管理器中的Active Directory中用用户登录

1 个答案: