Fatal编程技术网
  • wso2/
  • WSO2标识服务器主存储

WSO2标识服务器主存储

wso2

WSO2标识服务器主存储,wso2,wso2is,wso2carbon,Wso2,Wso2is,Wso2carbon,我无法在WSO2 Identity Server中将主存储更改为Active Directory。更改user-mgt.xml并在下面启动服务器时发生异常。我使用的WSO2是5.0.0 [2016-11-11 16:13:48,048] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} - Cannot create org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreM

我无法在WSO2 Identity Server中将主存储更改为Active Directory。更改user-mgt.xml并在下面启动服务器时发生异常。我使用的WSO2是5.0.0

    [2016-11-11 16:13:48,048] ERROR {org.wso2.carbon.user.core.common.DefaultRealm} -  Cannot create org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
java.lang.reflect.InvocationTargetException
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:329)
    at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:195)
    at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:104)
    at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:101)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:114)
    at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:69)
    at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
    at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
    at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
    at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
    at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
    at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Caused by: java.lang.ClassCastException: [Ljava.lang.Object; cannot be cast to [Ljava.lang.String;
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.addAllRolesToUserRolesCache(ReadOnlyLDAPUserStoreManager.java:2299)
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doCheckIsUserInRole(ReadOnlyLDAPUserStoreManager.java:2182)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:3259)
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:166)
    at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.<init>(ReadWriteLDAPUserStoreManager.java:102)
    at org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager.<init>(ActiveDirectoryUserStoreManager.java:85)
    ... 27 more

[2016-11-11 16:13:48048]错误{org.wso2.carbon.user.core.common.DefaultRealm}-无法创建org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
java.lang.reflect.InvocationTargetException
位于sun.reflect.NativeConstructorAccessorImpl.newInstance0(本机方法)
位于sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
在sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
位于java.lang.reflect.Constructor.newInstance(Constructor.java:526)
位于org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:329)
位于org.wso2.carbon.user.core.common.DefaultRealm.InitializeObject(DefaultRealm.java:195)
位于org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:104)
位于org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:223)
位于org.wso2.carbon.user.core.common.DefaultRealmService。(DefaultRealmService.java:101)
位于org.wso2.carbon.user.core.common.DefaultRealmService。(DefaultRealmService.java:114)
在org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:69)上
位于org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
位于org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
位于java.security.AccessController.doPrivileged(本机方法)
位于org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
位于org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
位于org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
位于org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
位于org.eclipse.osgi.framework.internal.core.framework.resumeBundle(framework.java:1176)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.resumeBundles(startevelmanager.java:559)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.resumeBundles(startevelmanager.java:544)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.incFWSL(startevelmanager.java:457)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.dosetstartevel(startevelmanager.java:243)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.dispatchEvent(startevelmanager.java:438)
位于org.eclipse.osgi.framework.internal.core.startevelmanager.dispatchEvent(startevelmanager.java:1)
位于org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
位于org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
原因:java.lang.ClassCastException:[Ljava.lang.Object;无法转换为[Ljava.lang.String;
位于org.wso2.carbon.user.core.ldap.ReadOnlyDapUserStoreManager.AddAllRoleStoUserRoleCache(ReadOnlyDapUserStoreManager.java:2299)
位于org.wso2.carbon.user.core.ldap.ReadOnlyDapUserStoreManager.doCheckIsUserInRole(ReadOnlyDapUserStoreManager.java:2182)
位于org.wso2.carbon.user.core.common.AbstractUserStoreManager.AddInitialAdminada(AbstractUserStoreManager.java:3259)
位于org.wso2.carbon.user.core.ldap.ReadOnlyDapUserStoreManager。(ReadOnlyDapUserStoreManager.java:166)
位于org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager。(ReadWriteLDAPUserStoreManager.java:102)
位于org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager。(ActiveDirectoryUserStoreManager.java:85)
…还有27个
这是我更新的User-mgt.xml文件

<UserManager>
    <Realm>
        <Configuration>
        <AddAdmin>false</AddAdmin>
                <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>admin</UserName>
                     <Password>admin</Password>
                </AdminUser>
            <EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
            <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        </Configuration>
    <!-- Following is the default user store manager. This user store manager is based on embedded-apacheds LDAP. It reads/writes users and roles into the           default apacheds LDAP user store. Descriptions about each of the following properties can be found in user management documentation of the      respective product. In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
         Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. -->
    <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="Disabled">false</Property>           
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="UserEntryObjectClass">wso2Person</Property>
            <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
        <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="ReadGroups">true</Property>
        <Property name="WriteGroups">true</Property>
        <Property name="EmptyRolesAllowed">true</Property>
            <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>
            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
        <Property name="MembershipAttribute">member</Property>
        <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="SCIMEnabled">false</Property>
        </UserStoreManager-->

    <!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC. In case if application needs to manage           passwords externally set property <Property name="PasswordsExternallyManaged">true</Property>. In case if user core cache domain is needed to          identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>. Furthermore properties, IsEmailUserName and                  DomainCalculation are readonly properties. 
         Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> 
        <!--UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.JDBCTenantManager</Property>
        <Property name="ReadOnly">false</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="IsEmailUserName">false</Property>
            <Property name="DomainCalculation">default</Property>
            <Property name="PasswordDigest">SHA-256</Property>
            <Property name="StoreSaltedPassword">true</Property>
            <Property name="ReadGroups">true</Property>
        <Property name="WriteGroups">true</Property>
            <Property name="UserNameUniqueAcrossTenants">false</Property>
            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
        <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
        <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
        <Property name="RolenameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\&lt;&gt;,\'\"]{3,30}$</Property>
        <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
        <Property name="SharedGroupEnabled">false</Property>
            <Property name="SCIMEnabled">false</Property>
        </UserStoreManager-->

    <!-- If product is using an external LDAP as the user store in READ ONLY mode, use following user manager.
        In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
    -->
        <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ReadOnly">true</Property>
            <Property name="Disabled">false</Property>                       
        <Property name="MaxUserNameListLength">100</Property>
            <Property name="ConnectionURL">ldap://localhost:10389</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
        <Property name="passwordHashMethod">PLAIN_TEXT</Property>
            <Property name="UserSearchBase">ou=system</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
        <Property name="ReadGroups">true</Property>
            <Property name="GroupSearchBase">ou=system</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>
            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
        <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="SCIMEnabled">false</Property>
        </UserStoreManager-->

    <!-- Active directory configuration is as follows.
        In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
        There are few special properties for "Active Directory". 
        They are : 
        1.Referral - (comment out this property if this feature is not reuired) This enables LDAP referral support.
        2.BackLinksEnabled - (Do not comment, set to true or false) In some cases LDAP works with BackLinksEnabled. In which role is stored
         at user level. Depending on this value we need to change the Search Base within code.
        3.isADLDSRole - (Do not comment) Set to true if connecting to an AD LDS instance else set to false.  
    -->
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ConnectionURL">ldaps://192.168.52.31:636</Property> 
            <Property name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
            <Property name="ConnectionPassword">xxxxxxx</Property>
            <Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>
            <Property name="UserEntryObjectClass">user</Property>
            <Property name="UserNameAttribute">cn</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=user)(cn=?))</Property>
            <Property name="UserNameListFilter">(objectClass=user)</Property>
            <Property name="DisplayNameAttribute"/>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="GroupSearchBase">OU=Roles,DC=wso2,DC=test</Property>
            <Property name="GroupEntryObjectClass">group</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=group)(cn=?))</Property>
            <Property name="GroupNameListFilter">(objectcategory=group)</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="MemberOfAttribute">memberOf</Property>
            <Property name="BackLinksEnabled">true</Property>
            <Property name="Referral">follow</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
            <Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="SCIMEnabled">false</Property>
            <Property name="IsBulkImportSupported">false</Property>
            <Property name="EmptyRolesAllowed">true</Property>
            <Property name="PasswordHashMethod">PLAIN_TEXT</Property>
            <Property name="MultiAttributeSeparator">,</Property>
            <Property name="isADLDSRole">false</Property>
            <Property name="userAccountControl">512</Property>
            <Property name="MaxUserNameListLength">100</Property>     
            <Property name="MaxRoleNameListLength">100</Property>                     
            <Property name="kdcEnabled">false</Property>
            <Property name="defaultRealmName">WSO2.TEST</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="ConnectionPoolingEnabled">false</Property>
            <Property name="LDAPConnectionTimeout">5000</Property>
            <Property name="ReadTimeout"/>
            <Property name="RetryAttempts"/>
        </UserStoreManager>

    <!-- If product is using an external LDAP as the user store in read/write mode, use following user manager 
        In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
    -->
    <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="ConnectionURL">ldap://localhost:10389</Property>
            <Property name="Disabled">false</Property>                       
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">secret</Property>
            <Property name="passwordHashMethod">PLAIN_TEXT</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
        <Property name="UserEntryObjectClass">inetOrgPerson</Property>
            <Property name="UserSearchBase">ou=system</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
        <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
        <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
        <Property name="ReadGroups">true</Property>
        <Property name="WriteGroups">true</Property>
        <Property name="EmptyRolesAllowed">false</Property>
            <Property name="GroupSearchBase">ou=system</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>
            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="SCIMEnabled">false</Property>
        </UserStoreManager-->

    <!-- Following user manager is used by Identity Server (IS) as its default user manager. 
         IS will do token replacement when building the product. Therefore do not change the syntax. 
         If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx"
         properties control the service name format and service password formats.
         In case if user core cache domain is needed to identify uniquely set property <Property name="UserCoreCacheIdentifier">domain</Property>
    -->
    <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
            <Property name="defaultRealmName">WSO2.ORG</Property>
            <Property name="kdcEnabled">false</Property>
            <Property name="Disabled">false</Property>                                   
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserEntryObjectClass">identityPerson</Property>
            <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
        <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
        <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
        <Property name="ReadGroups">true</Property>
        <Property name="WriteGroups">true</Property>
        <Property name="EmptyRolesAllowed">true</Property>
            <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
        <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>
            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
        <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>
        <Property name="RoleDNPattern">cn={0},ou=Groups,dc=wso2,dc=org</Property>
        <Property name="SCIMEnabled">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
        </UserStoreManager-->

    <!--    Following configuration is for the CassandraUserStoreManager. The CassandraUserStoreManager is capable of using a Cassandra
        database as a user store. This user manager supports multiple credentials for authentication. Credential types can be defined
        and configured in the following configuration. The CassandraUserStoreManager does not ships with the any of the WSO2 Carbon
        Servers by default, therefor Cassandra user manager component needs to be installed to the Carbon Server befor using.

        And if this CassandraUserStoreManager is used as the primary user store with multi tenants, it should also implement a 
        compatible TenantManager and set property <Property name="TenantManager">FULL_QUALIFIED_TENANT_MANAGER_CLASS_NAME</Property>.
    -->
    <!--UserStoreManager class="org.wso2.carbon.user.cassandra.CassandraUserStoreManager">
        <Property name="Keyspace">User_KS3</Property>
        <Property name="Host">localhost</Property>
        <Property name="Port">9160</Property>
        <Property name="PasswordDigest">SHA-256</Property>
        <Property name="StoreSaltedPassword">true</Property>
        <Property name="AuthenticateWithAnyCredential">true</Property>
        <Property name="DomainName">multipleCredentialUserStoreDomain</Property>
            <MultipleCredentials>
            <Credential type="Default">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
            <Credential type="Email">org.wso2.carbon.user.cassandra.credentialtypes.EmailCredential</Credential>
            <Credential type="PhoneNumber">org.wso2.carbon.user.cassandra.credentialtypes.PhoneNumberCredential</Credential>
            <Credential type="Device">org.wso2.carbon.user.cassandra.credentialtypes.DeviceCredential</Credential>
            <Credential type="External">org.wso2.carbon.user.cassandra.credentialtypes.ExternalProviderCredential</Credential>
            </MultipleCredentials>
    </UserStoreManager-->

        <AuthorizationManager
            class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
            <Property name="AdminRoleManagementPermissions">/permission</Property>
        <Property name="AuthorizationCacheEnabled">true</Property>
        <Property name="GetAllRolesOfUserEnabled">true</Property>
        </AuthorizationManager>
    </Realm>
</UserManager>


假的
管理
管理
管理
每个人
jdbc/WSO2CarbonDB
org.wso2.carbon.user.core.tenant.CommonHybridlDaptentManager
ldaps://192.168.52.31:636 
CN=管理员,CN=用户,DC=wso2,DC=测试
xxxxxxx
CN=用户,DC=wso2,DC=测试
用户
cn
(&;(objectClass=user)(cn=?)
(objectClass=user)
真的
真的
OU=角色,DC=wso2,DC=测试
组
cn
(&;(objectClass=group)(cn=?)
(objectcategory=组)
成员
成员
真的
跟随
[a-zA-Z0-9.|-|/][3,30}$
^[\S]{3,30}$
违反用户名模式策略
^[\S]{5,30}$
^[\S]{5,30}$
密码长度应在5到30个字符之间
[a-zA-Z0-9.|-|/][3,30}$
^[\S]{3,30}$
假的
假的
真的
纯文本
,
假的
512
100
100
假的
WSO2试验
真的
假的
5000
/许可
真的
真的
这似乎是一个问题

要解决此问题,请启用
GetAllRolesOfUserEnabled
属性Hi Bathiya,它无法解决此问题,发生了相同的异常。您正在尝试的版本是什么?能否在此处添加user-mgt.xml(确保您屏蔽了任何密码和敏感信息)?