WSO2 Identity Server external LDAP throws OBJECT_CLASS for OID identityperson does not exist

4
votes

I am using the Identity Server 4.1.0 and also I am running an ApacheDS within the Apache Directory Studio. So what I want now is connect my IS to the external LDAP.
IS is connecting fine to the ldap, only it throws errors because there are attribute-definitions missing. At least that is my interpretation of the stacktrace.
I saw that other people tried it too:
WSO2 external ldap not working But my error is different.
Also I see how in this blog it is explained well how to use the Directory Studio, but it seems it is all running on the embedded LDAP of the IS:
http://www.soasecurity.org/2012/11/multiple-user-store-manager-feature.html
Any help is appreciated! Thanks in advance
Best, Johannes


Here the error:

TID: [0] [IS] [2013-06-26 15:26:00,220] ERROR {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} - Can not access the directory context or user already exists in the system {org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager} javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 5 Add Request : Entry dn[n]: uid=admin,ou=Users,dc=wso2,dc=org objectClass: identityPerson uid: admin sn: admin userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_04269 OBJECT_CLASS for OID identityperson does not exist!]; remaining name 'uid=admin' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113) at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:103) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:116) at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389) at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) TID: [0] [IS] [2013-06-26 15:26:00,223] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - Cannot create org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager {org.wso2.carbon.user.core.common.DefaultRealm} java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113) at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:103) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:116) at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389) at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) Caused by: org.wso2.carbon.user.core.UserStoreException: Can not access the directory context or user already exists in the system at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:251) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) ... 27 more Caused by: javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 5 Add Request : Entry dn[n]: uid=admin,ou=Users,dc=wso2,dc=org objectClass: identityPerson uid: admin sn: admin userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_04269 OBJECT_CLASS for OID identityperson does not exist!]; remaining name 'uid=admin' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) ... 30 more TID: [0] [IS] [2013-06-26 15:26:00,225] ERROR {org.wso2.carbon.user.core.common.DefaultRealmService} - Cannot initialize the realm. {org.wso2.carbon.user.core.common.DefaultRealmService} org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:266) at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113) at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:103) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:116) at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389) at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) ... 22 more Caused by: org.wso2.carbon.user.core.UserStoreException: Can not access the directory context or user already exists in the system at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:251) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) ... 27 more Caused by: javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 5 Add Request : Entry dn[n]: uid=admin,ou=Users,dc=wso2,dc=org objectClass: identityPerson uid: admin sn: admin userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_04269 OBJECT_CLASS for OID identityperson does not exist!]; remaining name 'uid=admin' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) ... 30 more TID: [0] [IS] [2013-06-26 15:26:00,226] ERROR {org.wso2.carbon.user.core.internal.Activator} - Cannot start User Manager Core bundle {org.wso2.carbon.user.core.internal.Activator} org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm. at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:227) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:103) at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:116) at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:67) at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61) at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711) at java.security.AccessController.doPrivileged(Native Method) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702) at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683) at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381) at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:389) at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1130) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559) at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544) at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457) at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438) at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1) at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230) at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340) Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:266) at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:147) at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:113) at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223) ... 19 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:225) ... 22 more Caused by: org.wso2.carbon.user.core.UserStoreException: Can not access the directory context or user already exists in the system at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:251) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:211) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.addInitialData(ReadWriteLDAPUserStoreManager.java:1805) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.(ReadWriteLDAPUserStoreManager.java:142) ... 27 more Caused by: javax.naming.NamingException: [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 5 Add Request : Entry dn[n]: uid=admin,ou=Users,dc=wso2,dc=org objectClass: identityPerson uid: admin sn: admin userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x30 0x44 0x50 0x69 0x4B 0x75 0x4E 0x49 0x72 0x72 0x56 ...' cn: admin ManageDsaITImpl Control Type OID : '2.16.840.1.113730.3.4.2' Criticality : 'false' ' : ERR_04269 OBJECT_CLASS for OID identityperson does not exist!]; remaining name 'uid=admin' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3111) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.c_bind(LdapCtx.java:400) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_bind(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.bind(PartialCompositeDirContext.java:197) at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doAddUser(ReadWriteLDAPUserStoreManager.java:242) ... 30 more

<UserManager>
<Realm>
    <Configuration>
            <AdminRole>admin</AdminRole>
            <AdminUser>
                 <UserName>admin</UserName>
                 <Password>admin</Password>
            </AdminUser>
        <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
    </Configuration>

<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
        <!--Property name="defaultRealmName">EXAMPLE.COM</Property-->
        <Property name="ConnectionURL">ldap://localhost:10389</Property>
        <Property name="ConnectionName">uid=admin,ou=system</Property>
        <Property name="ConnectionPassword">secret</Property>
        <Property name="passwordHashMethod">PLAIN_TEXT</Property>
        <Property name="UserNameListFilter">(objectClass=person)</Property>
    <Property name="UserEntryObjectClass">inetOrgPerson</Property>
        <Property name="UserSearchBase">ou=system</Property>
        <!--Property name="UserSearchBase">ou=Users,dc=example,dc=com</Property-->
        <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
        <Property name="UserNameAttribute">uid</Property>
    <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="UsernameJavaScriptRegEx">^[\\S]{3,30}$</Property>
    <Property name="RolenameJavaScriptRegEx">^[\\S]{3,30}$</Property>
        <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="PasswordJavaScriptRegEx">^[\\S]{5,30}$</Property>
    <Property name="ReadLDAPGroups">true</Property>
    <Property name="WriteLDAPGroups">true</Property>
    <Property name="EmptyRolesAllowed">false</Property>
        <Property name="GroupSearchBase">ou=system</Property>
        <!--Property name="GroupSearchBase">ou=Groups,dc=example,dc=com</Property-->
        <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupEntryObjectClass">groupOfNames</Property>
        <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
        <Property name="GroupNameAttribute">cn</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
        <!-- added by joe -->
    <!--Property name="UserDNPattern">uid={0},ou=Users,dc=example,dc=com</Property-->
    <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
    <Property name="maxFailedLoginAttempt">0</Property>
    </UserStoreManager>

    <AuthorizationManager
        class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        <Property name="AdminRoleManagementPermissions">/permission</Property>
    <Property name="AuthorizationCacheEnabled">true</Property>
    </AuthorizationManager>
</Realm>

1
ldapwso2externalidentitywso2is
In user-mgt.xml you have to change the class configurations(UserEntryObjectClass and GroupEntryObjectClass) according to the ldap schema you are using.ajanthan
@ajanthan this is my current output of the error log. it seems that th IS is using an object-class called accountlock which is not registered in the ldap: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - NO_SUCH_ATTRIBUTE: failed for MessageType : MODIFY_REQUEST Message ID : 10 Modify Request Object : 'uid=admin,ou=system' Modification[0] Operation : replace Modification accountLock: false : ERR_04269 ATTRIBUTE_TYPE for OID accountlock does not exist!];johannes.schmidt.delaunay
Can you post your sensitive information removed user-mgt.xml.ajanthan
@ajanthan will check it soon, thanks for answering me. Please tag my name in the comments, so I receive a notification. Thanksjohannes.schmidt.delaunay
@ajanthan I added the user-mgt.xml. there is not so much going on, what I did was: starting Apache Directory Studio 2, starting an Apache LDAP from there, turning off the embedded-ldap in the IS and activating the UserStoreManager as you can see in the user-mgt.xml. I understood that the IS is executing its own LDIF-files on startup to install its classes, groups, user - right?johannes.schmidt.delaunay

1 Answers

3
votes

This is because WSO2 IS uses set of customized object classes in order to achieve some tasks such as SCIM. Since you are using en external LDAP either you can change the schema of the LDAP or you can map those attributes using claim mappings.

Since you are using ApacheDS, you can use the LDIFs to change the schema of your LDAP. You can find ldif files under /repository/data/org.wso2.carbon.directory/schema/ou=schema

If you do not wish to change the schema, easy way is to change the claims. For example, you have got an error saying 'accountlock' doesn't exists. This means IS trying to insert some value to a attribute within LDAP. Attribute name is 'accountlock'. This is controlled from claim mappings (Home > Configure > Claim Management in IS). There you can find set of claim dialects are displayed.

If you go in to these dialects, you can find set of claims are there. I take the accountlock attribute as an example. Under http://wso2.org/claims dialect, you can find 'Account Locked' attribute is there. You can change the value (Mapped Attribute) of that claim to an existing attribute in youe LDAP. This existing attribute needs to be a string type attribute. This process can be repeated for each missing attribute.

Hope this helps