we try to connect to active directory as secondary store, we retrieved the data from AD successfully, but when we try to update user Info from user profile we get the following Message :
when we look to log we found the follwing problem :
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090EC7, comment: Error in attribute conversion operation, data 0, v3839 ]; remaining name 'CN=mhejazi'
the secondry store config is :
<?xml version="1.0" encoding="UTF-8"?><UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="ConnectionURL">ldap://10.3.5.33:389</Property>
<Property name="ConnectionName">CN=mhejazi,CN=Users,DC=devdc,DC=sure,DC=Com,DC=sa</Property>
<Property encrypted="true" name="ConnectionPassword">kuv2MubUUveMyv6GeHrXr9il59ajJIqUI4eoYHcgGKf/BBFOWn96NTjJQI+wYbWjKW6r79S7L7ZzgYeWx7DlGbff5X3pBN2Gh9yV0BHP1E93QtFqR7uTWi141Tr7V7ZwScwNqJbiNoV+vyLbsqKJE7T3nP8Ih9Y6omygbcLcHzg=</Property>
<Property name="UserSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(sAMAccountName=?))</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserDNPattern"/>
<Property name="DisplayNameAttribute"/>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=devdc,DC=sure,DC=com,DC=sa</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="DomainName">devdc.sure.com.sa</Property>
<Property name="Description">Sue Dev
</Property>
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C090D50, comment: Error in attribute conversion operation, data 0, v3839
This error occurs when the claim mapping is not properly configured against the AD attributes via Claim Management UI.
You need to make sure that all the attributes mapped are valid and existing in Active Directory. Different user stores uses different attributes. In [2] you can find a reference to the set of attributes supported by active directory. The default WSO2 claims are mapped to some generic attributes, the Firstname is mapped to the nickname attribute but active directory does not have a nickname attribute. The Full Name is mapped to the cn attribute, in active directory cn has other semantic meanings.
Similarly in your claim configuration you need to make sure that all the attributes defined there are supported by Active Directory. If it is not supported you can add an additional mapped attribute in claim configuration for the local claim that is supported by AD. Sample configuration is as follows.
Refer [3] for more information regarding this.
[ 1] https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
[2] http://www.kouti.com/tables/userattributes.htm
[3] https://docs.wso2.com/display/IS540/Managing+User+Attributes
Related
I need to configure connection pooling for the DB in our API. We are using Hikari as a data source.
Based on the references provided here - https://stackoverflow.com/a/47653776/9246275. and https://stackoverflow.com/a/28988541/9246275
It's recommended to go with fixed-size pool. But, How does the configuration looks like?
I don't see a parameter with the name - fixed size pool
Could you please help me with what should I need to remove and added that is suggested?
<?xml version='1.0' encoding='UTF-8'?>
<bean id="DataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close" lazy-init="true">
<property name="driverClassName" value="${}"/>
<property name="jdbcUrl" value="${}"/>
<property name="username" value="${}"/>
<property name="password" value="${}"/>
<property name="poolName" value="${pname}"/>
<property name="idleTimeout" value="10000"/>
<property name="maximumPoolSize" value="20"/>
<property name="connectionTimeout" value="10000"/>
</bean>
I have a little problem when I try to upload XML file to BaseLinker.
The problem is that the properties in XML are mixed, for example one time property name of price is 4th, next time is 6th or 8th. Because of it BaseLinker didn't upload it correctly.
Some of my XML :
<property name="grubość">1</property>
<property name="grubość ścianki">1</property>
<property name="średnica">400</property>
<property name="wysokość">400</property>
<property name="Pojemność (l)">50</property>
<property name="opis">400</property>
<property name="wymiary zewnętrzne">400</property>
<property name="waga">50</property>
<property name="wymiary">1</property>
<property name="moc">1</property>
<property name="napięcie">400x/400h</property>
<property name="categoryId">194</property>
<property name="productCode">832806</property>
<property name="largeSize">0</property>
<property name="tillStockLasts">0</property>
<property name="basePrice">749.00</property>
<property name="productId">950</property>
other line :
<property name="wysokość">450</property>
<property name="wymiary zewnętrzne">śr. 450x(H) 450 </property>
<property name="Pojemność (l)">70</property>
<property name="wymiary">śr.450x(H)450</property>
<property name="categoryId">194</property>
<property name="productCode">832929</property>
<property name="largeSize">0</property>
<property name="tillStockLasts">0</property>
<property name="basePrice">849.00</property>
<property name="productId">950</property>
Is it possible to parse it or use java program that can sort it in correct order?
For example I wanna have XML of properties like :
property name="wysokość" property name="szerokosc" property name="productCode" property name="productID"
and so on...
I have a spring application hosted on to the server (Tomcat 8.5). It goes idle if no one uses it. I already knew that timeout will occur if the DB is in idle state for 8 hours (Default timeout of MySQL). As mentioned in Spring Autoreconnect and Connection lost overnight post i have tried the solution available here.I have tried configuring application.properties but that doesn't bring any solution to the problem.
(PS:I'm not changing anything other than application.properties in my Spring Application).
Well if this
spring.datasource.testWhileIdle = true
spring.datasource.timeBetweenEvictionRunsMillis = 60000
spring.datasource.validationQuery = SELECT 1
or this
spring.datasource.testOnBorrow=true
spring.datasource.validationQuery=SELECT 1
didnt work maybe try this
Post SpringBoot 1.4 names have changed
They have defined new specific namespaces for the four connections pools spring supports: tomcat, hikari, dbcp, dbcp2.
spring.datasource.tomcat.testOnBorrow=true
spring.datasource.tomcat.validationQuery=SELECT 1
If problem doesn't solve even after including properties as in application.properties, Then problem will be solved when including testOnBorrow,validationQuery in application-context.xml located in src/main/resources
<bean name="dataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="${database.driver.classname}"/>
<property name="url" value="${database.url}"/>
<property name="username" value="${database.username}"/>
<property name="password" value="${database.password}"/>
<property name="initialSize" value="2"/>
<property name="maxActive" value="50"/>
<property name="maxIdle" value="5"/>
<property name="maxWait" value="-1"/>
<property name="removeAbandoned" value="true"/>
<property name="removeAbandonedTimeout" value="600"/>
<property name="logAbandoned" value="true"/>
<property name="testOnBorrow" value="true" />
<property name="validationQuery" value="SELECT 1" />
</bean>
The solution is to validate connection thread when it is borrowed from thread pool by enabling testOnBorrow and providing validationQuery.
I've never used LDAP. I have to write a JAVA class which check if the password given by the user is correct. Users/password are stored in the LDAP server of WSO2IS. This is the configuration:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.CommonLDAPRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://localhost:10389</Property>
<Property name="Disabled">false</Property>
<Property name="ConnectionName">uid=admin,ou=system</Property>
<Property name="ConnectionPassword">admin</Property>
<Property name="passwordHashMethod">SHA</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserEntryObjectClass">identityPerson</Property>
<Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="EmptyRolesAllowed">false</Property>
<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="GroupEntryObjectClass">groupOfNames</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="SharedGroupNameAttribute">cn</Property>
<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=org</Property>
<Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
<Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="SharedGroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
<Property name="SharedTenantNameAttribute">ou</Property>
<Property name="SharedTenantObjectClass">organizationalUnit</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="SCIMEnabled">false</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
Can you please help me?. I've no idea where to start. Thank you.
You need to check the user/password of the users using some authentication API. There is Web service service called RemoteUserStoreManagerService that you can use to verify user/password of the user. Also this API can be used to manage the users in the LDAP. You can add/update/delete LDAP users. More details about the API can be found from here with simple java client to invoke this API
I'm running tomcat6 and mysql5 on a single ec2 instance and i cannot cannot from the outside world.
My context.xml on tomcat in ec2...
<bean id="dataSource" class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource">
<property name="url" value="jdbc:mysql://ec2-xx-xx-xxx-178.compute1.amazonaws.com:3306/data_dbo" />
<property name="user" value="a_user" />
<property name="password" value="a_password" />
</bean>
Client context.xml
<bean id="myService" class="org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean">
<property name="serviceUrl" value="http://ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com:8080/MyService-services/remoting/thingServiceExporter"/>
<property name="serviceInterface" value="com.things.services.MyService"/>
</bean>
Error on clinet...
Caused by: java.sql.SQLException: Access denied for user ''#'domU-xx-xx-xx-xx-xx-DB.compute-1.internal' (using password: NO)
I've setup privileges for my user but it doesn't seem to be using the user i setup in my tomcat datasource. I say this because of the error on the client (Access denied for user ''#) no user, no password. Do i need to setup something between tomcat and mysql on ec2 because it seems to be using the internal dns to access MySql?
Let me know if i can provide any other information!
I found the issue. My persistance.xml had the following code...
<properties>
<property name="hibernate.connection.username" value=""/>
<property name="hibernate.connection.driver_class" value=""/>
<property name="hibernate.connection.password" value=""/>
<property name="hibernate.connection.url" value=""/>
</properties>
Not sure how that got in there! The settings in the persistance.xml must override the settings in my Spring context file.