Unable to connect OpenDJ to Apache Stratos

This topic has 10 replies, 2 voices, and was last updated 6 years, 4 months ago by Gentjan Kocaqi.

  • Author
  • #11965

    Hi, I’m using OpenDJ to store the users and I have connected it to OpenAM but now I want to connect it to Apache Stratos and I’m not able to do it.

    My OpenDJ parameters are:

    Host Name: ubuntu
    LDAP: (State=Enabled)
    Administrative Users: cn=Directory Manager
    Backen ID: userRoot
    Base DN: dc=tfm,dc=local
    Organization Unit: ou=RegistredUsers

    When I need to fill the data I insert the following:

    – User Store Manager

    User Store Manager Class: org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
    (There are 3 more options, org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager
    , org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager, org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager) I think I’m choosing the correct…

    Domain Name*: OpenDJ Users

    Description: Testing conection

    – Define Properties For

    ConnectionName*: cn=Directory Manager (Connection Name#This should be the DN (Distinguish Name) of the admin user in LDAP)
    ConnectionURL*: ubuntu:1389 (Connection URL#Connection URL for the user store)
    ConnectionPassword*: password (Connection Password#Password of the admin user#encrypt)
    UserSearchBase*: ou=RegistredUsers,dc=tfm,dc=local (User Search Based#DN of the context under which user entries are stored in LDAP)
    Disabled*: False (Disabled#Whether user store is disabled)
    UserNameListFilter*: (objectClass=inetorgperson) (User Object Class#Filtering criteria for listing all the user entries in LDAP)
    UserNameAttribute*: uid (Username Attribute#Attribute used for uniquely identifying a user entry. Users can be authenticated using their email address, uid and etc)
    UserNameSearchFilter*: cn (User Search Filter#Filtering criteria for searching a particular user entry)
    UserEntryObjectClass*: ou (User Entry Object Class#Object Class used to construct user entries)
    GroupEntryObjectClass*: RegistredUsers (Group Entry Object Class#Object Class used to construct group entries)
    ReadGroups*: True (Enable Read Groups#Specifies whether groups should be read from LDAP)
    GroupSearchBase*: ou=RegistredUsers,dc=tfm,dc=local (Group Search Base#DN of the context under which user entries are stored in LDAP)
    GroupNameAttribute*: cn (Group Name Attribute#Attribute used for uniquely identifying a user entry)
    GroupNameListFilter*: (objectclass=groupOfUniqueNames) (Group Object Class#Filtering criteria for listing all the group entries in LDAP)
    MembershipAttribute*: <Empty in OpenAM, only have set uniqueMember and memberUrl values> (Membership Attribute#Attribute used to define members of LDAP groups)
    GroupNameSearchFilter*: (objectclass=*) (Group Search Filter#Filtering criteria for searching a particular group entry)

    I don’t know where I have the error, I have tried to port the OpenAM LDAP configuration to OpenDJ but I’m not able to make it run….

    Regards and thanks.

    • This topic was modified 6 years, 4 months ago by Aker666.
     Gentjan Kocaqi

    Hi Aker666,

    Your post is a little bit confused one. As far as I understood you are trying to connect to OpenDJ from your Apache Stratos (you have to clarify better this cause Stratos is a framework).
    Do you have positive telnet from the server of your service/web application agains OpenDJ server on 1389 (Ex. telnet ubuntu 1389)? I will also suggest to have a look to the log files of both sides.



    Hi Gentjan, sorry if my question it’s confuse. Yes, I’m trying to connect Apache Stratos to OpenDJ so when I logging into Apache Stratos, it checks the users from OpenDJ as I do now with OpenAM.

    The server ubuntu:1389 works because if not, OpenAM couldn’t do the login. Above, I post the fields that Stratos ask me to fill [fieldname*: value (explanation shown by Stratos)] in order to connect with a LDAP, but I don’t know very well to which OpenAM fields corresponds.

    Also I will try to see the logs.


     Gentjan Kocaqi

    Hi Aker666,

    How about to try setting the configuration of your WSO2 Identity server as in this



    Hi Gentjan, thanks for this link. But I’m getting invalid credentials (the log not shows more)

     Error obtaining connection.Trying again to get connection... 
    javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

    and I’m setting the OpenDJ values:

    On the server url: ldap://ubuntu:1389 or ldap://
    ConnectionPassword: password

    If I try to access on Firefox to I get:

    �‚SCannot decode the provided ASN.1 sequence as an LDAP message because the first element of the sequence could not be decoded as an integer message ID: org.forgerock.opendj.ldap.DecodeException: Cannot decode the provided ASN.1 integer element because the length of the element value was not between one and four bytes (actual length was 32)Š1.

    In OpenAM on server settings I have “ubuntu:1389” but I don’t know If OpenAM behind transforms this value to an URL (maybe the url it’s ldap://ubuntu:1389?)

    So, why OpenAM and me (using the Apache Stratos Control Panel) can we do the login but with Stratos I get an invalid credentials error?


    • This reply was modified 6 years, 4 months ago by Aker666.

    Solved! Now it works! (I was setting the wrong admin cn)

    Thanks very much!

     Gentjan Kocaqi

    Great. Glad that you solved it.


    Thanks, but I have noticed one problem. Apache Stratos can get the users but can’t get the password. It’s empty and when I try to set a new password I get this error: WSO2 Carbon: Could not change password of OPENDJ/<user>. Error is: Invalid hashMethod

    I set on Stratos SHA as the has method because on the doc says that by default OpenDJ uses SHA1.

    Why OpenAM can get the user and password but in this case Apache Stratos can’t?

    You can see my full questions on StackOverflow, I’m still waiting a response :( Link

    • This reply was modified 6 years, 4 months ago by Aker666.
    • This reply was modified 6 years, 4 months ago by Aker666.
     Gentjan Kocaqi

    Hi Aker66,

    My opinion is that this is an issue with your Stratos application and I will suggest you to review the documentation on Stratos side. Probably the following link can help you:
    external link



    Thanks Gentjan, the link worked. My fault was that I was putting Plain_Text instead PLAIN_TEXT, what a stupid mistake!

    I’m also looking at the Stratos doc but don’t seems to be much clear or don’t explain everything :/

    Thanks again and regards, GentJan.

     Gentjan Kocaqi

    Glad that it worked. And you are right about Stratos. It seems to me too that it is not well documented.


Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?