July 12, 2016 at 12:52 pm #11965
Hi, I’m using OpenDJ to store the users and I have connected it to OpenAM but now I want to connect it to Apache Stratos and I’m not able to do it.
My OpenDJ parameters are:
Host Name: ubuntu
LDAP: 0.0.0.0:1389 (State=Enabled)
Administrative Users: cn=Directory Manager
Backen ID: userRoot
Base DN: dc=tfm,dc=local
Organization Unit: ou=RegistredUsers
When I need to fill the data I insert the following:
– User Store Manager
User Store Manager Class: org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
(There are 3 more options, org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
, org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager) I think I’m choosing the correct…
Domain Name*: OpenDJ Users
Description: Testing conection
– Define Properties For
ConnectionName*: cn=Directory Manager (Connection Name#This should be the DN (Distinguish Name) of the admin user in LDAP)
ConnectionURL*: ubuntu:1389 (Connection URL#Connection URL for the user store)
ConnectionPassword*: password (Connection Password#Password of the admin user#encrypt)
UserSearchBase*: ou=RegistredUsers,dc=tfm,dc=local (User Search Based#DN of the context under which user entries are stored in LDAP)
Disabled*: False (Disabled#Whether user store is disabled)
UserNameListFilter*: (objectClass=inetorgperson) (User Object Class#Filtering criteria for listing all the user entries in LDAP)
UserNameAttribute*: uid (Username Attribute#Attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, uid and etc)
UserNameSearchFilter*: cn (User Search Filter#Filtering criteria for searching a particular user entry)
UserEntryObjectClass*: ou (User Entry Object Class#Object Class used to construct user entries)
GroupEntryObjectClass*: RegistredUsers (Group Entry Object Class#Object Class used to construct group entries)
ReadGroups*: True (Enable Read Groups#Specifies whether groups should be read from LDAP)
GroupSearchBase*: ou=RegistredUsers,dc=tfm,dc=local (Group Search Base#DN of the context under which user entries are stored in LDAP)
GroupNameAttribute*: cn (Group Name Attribute#Attribute used for uniquely identifying a user entry)
GroupNameListFilter*: (objectclass=groupOfUniqueNames) (Group Object Class#Filtering criteria for listing all the group entries in LDAP)
MembershipAttribute*: <Empty in OpenAM, only have set uniqueMember and memberUrl values> (Membership Attribute#Attribute used to define members of LDAP groups)
GroupNameSearchFilter*: (objectclass=*) (Group Search Filter#Filtering criteria for searching a particular group entry)
I don’t know where I have the error, I have tried to port the OpenAM LDAP configuration to OpenDJ but I’m not able to make it run….
Regards and thanks.
July 12, 2016 at 2:08 pm #11969
- This topic was modified 6 years, 1 month ago by Aker666.
Your post is a little bit confused one. As far as I understood you are trying to connect to OpenDJ from your Apache Stratos (you have to clarify better this cause Stratos is a framework).
Do you have positive telnet from the server of your service/web application agains OpenDJ server on 1389 (Ex. telnet ubuntu 1389)? I will also suggest to have a look to the log files of both sides.
GentjanJuly 12, 2016 at 3:31 pm #11972
Hi Gentjan, sorry if my question it’s confuse. Yes, I’m trying to connect Apache Stratos to OpenDJ so when I logging into Apache Stratos, it checks the users from OpenDJ as I do now with OpenAM.
The server ubuntu:1389 works because if not, OpenAM couldn’t do the login. Above, I post the fields that Stratos ask me to fill [fieldname*: value (explanation shown by Stratos)] in order to connect with a LDAP, but I don’t know very well to which OpenAM fields corresponds.
Also I will try to see the logs.
Thanks.July 12, 2016 at 3:45 pm #11976
How about to try setting the configuration of your WSO2 Identity server as in this
GentjanJuly 12, 2016 at 5:05 pm #11981
Hi Gentjan, thanks for this link. But I’m getting invalid credentials (the log not shows more)
Error obtaining connection.Trying again to get connection... javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
and I’m setting the OpenDJ values:
On the server url:
If I try to access on Firefox to
�‚SCannot decode the provided ASN.1 sequence as an LDAP message because the first element of the sequence could not be decoded as an integer message ID: org.forgerock.opendj.ldap.DecodeException: Cannot decode the provided ASN.1 integer element because the length of the element value was not between one and four bytes (actual length was 32)Š126.96.36.199.4.1.1466.20036
In OpenAM on server settings I have “ubuntu:1389” but I don’t know If OpenAM behind transforms this value to an URL (maybe the url it’s ldap://ubuntu:1389?)
So, why OpenAM and me (using the Apache Stratos Control Panel) can we do the login but with Stratos I get an invalid credentials error?
July 12, 2016 at 5:50 pm #11983
- This reply was modified 6 years, 1 month ago by Aker666.
Solved! Now it works! (I was setting the wrong admin cn)
Thanks very much!July 14, 2016 at 11:28 am #12013
Great. Glad that you solved it.July 14, 2016 at 11:46 am #12015
Thanks, but I have noticed one problem. Apache Stratos can get the users but can’t get the password. It’s empty and when I try to set a new password I get this error:
WSO2 Carbon: Could not change password of OPENDJ/<user>. Error is: Invalid hashMethod
I set on Stratos SHA as the has method because on the doc says that by default OpenDJ uses SHA1.
Why OpenAM can get the user and password but in this case Apache Stratos can’t?
You can see my full questions on StackOverflow, I’m still waiting a response :( LinkJuly 18, 2016 at 11:03 am #12064
My opinion is that this is an issue with your Stratos application and I will suggest you to review the documentation on Stratos side. Probably the following link can help you:
GentjanJuly 18, 2016 at 12:10 pm #12066
Thanks Gentjan, the link worked. My fault was that I was putting Plain_Text instead PLAIN_TEXT, what a stupid mistake!
I’m also looking at the Stratos doc but don’t seems to be much clear or don’t explain everything :/
Thanks again and regards, GentJan.July 18, 2016 at 1:11 pm #12067
Glad that it worked. And you are right about Stratos. It seems to me too that it is not well documented.
You must be logged in to reply to this topic.