WSO2身份服务器电子邮件身份验证
我们将WSO2 identity server 5.0与SP1一起使用 我们已经遵循了启用电子邮件身份验证的步骤,这一点已经起到了作用 但现在我们无法编辑返回代码为500的电子邮件地址(后端和scim) 如果我们遗漏了一些文档中没有提到的配置或其他东西,我们已经没有想法了 我们的用户-mgt.xml:WSO2身份服务器电子邮件身份验证,wso2,wso2is,Wso2,Wso2is,我们将WSO2 identity server 5.0与SP1一起使用 我们已经遵循了启用电子邮件身份验证的步骤,这一点已经起到了作用 但现在我们无法编辑返回代码为500的电子邮件地址(后端和scim) 如果我们遗漏了一些文档中没有提到的配置或其他东西,我们已经没有想法了 我们的用户-mgt.xml: <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="kdcEnabled">false</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(&(objectClass=identityPerson)(mail=*))</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=identityPerson)(mail=?))</Property>
<Property name="UserNameAttribute">mail</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">^[_A-Za-z0-9-\+]+(\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
</UserStoreManager>
org.wso2.carbon.user.core.tenant.CommonHybridlDaptentManager
WSO2.ORG
假的
假的
ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}
uid=admin,ou=system
管理
沙
(&;(objectClass=identityPerson)(mail=*))
识别人
ou=用户,dc=wso2,dc=org
(&;(objectClass=identityPerson)(邮件=?)
邮件
^[\S]{5,30}$
^[\\S]{5,30}$
^[\\S]{2,30}/[\\S]{2,30}$
^[\S]{3,30}$
^[\.[U A-Za-z0-9-\+]+(\.[U A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\.[A-Za-z0-9]+)*(\.[A-Za-z]{2,})$
^[\S]{3,30}$
[a-zA-Z0-9.|-|/][3,30}$
真的
真的
真的
ou=团体,dc=wso2,dc=组织
(objectClass=groupOfNames)
群名
(&;(objectClass=groupof名称)(cn=?)
cn
cn
ou=SharedGroup,dc=wso2,dc=org
群名
(objectClass=groupOfNames)
(&;(objectClass=groupof名称)(cn=?)
(objectClass=organizationalUnit)
欧点
组织单元
成员
真的
真的
100
100
文档中似乎缺少一些配置,您还需要在用户存储配置中添加以下属性。其他配置似乎很好。您还可以从中找到有关启用电子邮件用户名的详细信息
[a-zA-Z0-9@._-|//]{3,30}$另外,WSO2的错误也记录在
/repository/logs/wso2carbon.logObject : 'mail=customer@wso2.com,ou=Users,dc=wso2,dc=org'
Modification[0]
Operation : replace
Modification
mobile: (null)
Modification[1]
Operation : replace
Modification
url: (null)
Modification[2]
Operation : replace
Modification
givenName: John
Modification[3]
Operation : replace
Modification
country: (null)
Modification[4]
Operation : replace
Modification
sn: Doe
Modification[5]
Operation : replace
Modification
telephoneNumber: (null)
Modification[6]
Operation : replace
Modification
organizationName: (null)
Modification[7]
Operation : replace
Modification
mail: customer2@wso2.com
Modification[8]
Operation : replace
Modification
im: (null)
Modification[9]
Operation : replace
Modification
streetAddress: (null)
: ERR_62 Entry mail=customer@wso2.com,ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN";]; remaining name 'mail=customer@wso2.com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3098)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1391)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager.doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:871)
... 121 more
TID: [0] [IS] [2015-06-04 10:48:39,046] ERROR {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient} - org.apache.axis2.AxisFault: Profile information could not be updated in ApacheDS LDAP user store {org.wso2.carbon.identity.user.profile.ui.client.UserProfileCient}
TID: [0] [IS] [2015-06-04 11:11:29,749] ERROR {org.apache.directory.server.core.schema.SchemaInterceptor} - ERR_62 Entry mail=customer@wso2.com,ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN"; {org.apache.directory.server.core.schema.SchemaInterceptor}
TID: [0] [IS] [2015-06-04 11:11:29,749] ERROR {org.apache.directory.server.core.schema.SchemaInterceptor} - ERR_62 Entry mail=customer@wso2.com,ou=Users,dc=wso2,dc=org does not have the mail attributeType, which is part of the RDN"; {org.apache.directory.server.core.schema.SchemaInterceptor}
TID: [0] [IS] [2015-06-04 11:11:29,750] ERROR {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver} - Profile information could not be updated in ApacheDS LDAP user store {org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver}
org.wso2.carbon.identity.user.profile.mgt.UserProfileException: Profile information could not be updated in ApacheDS LDAP user store
您可以使用日志更新您的问题。不需要将其添加为新答案:)根据错误,您正在发送SCIM请求中用户的电子邮件属性。。请不要寄。。因为你的用户名也包含它。您可以再次修改它。此错误发生在WSO2控制台和SCIM中。但是,我们如何更新或修改用户电子邮件地址而不发送新值?电子邮件位于您的DN中,不允许WSO2IS更新,通常WSO2IS不允许更新用户名。。这里有一些对用户名的引用。如果更改,则可能会出现问题。。所以,为用户名配置其他属性的最佳方法是,您可以使用电子邮件作为登录属性。这已经在我发布的链接中提到了…很抱歉回复太晚了。是否有任何指南,如何更改用户名的默认属性?