I am using the WSO2 LDAP Connector to get details about an LDAP entity that is of type securityObject. Is it possible to get the value of the binary userPassword attribute field. Right now I am getting the following exception:
Caused by: java.lang.ClassCastException: [B cannot be cast to java.lang.String
at org.wso2.carbon.connector.ldap.SearchEntry.prepareNode(SearchEntry.java:111)
I am aware that the userPassword returns a byte array and it seems that without changing the Connector implementation there's no other possible way to retrieve the value of a binary field using the WSO2 LDAP Connector.
It isn't encrypted. It is hashed. You can retrieve it by adding ;binary to the attribute name, but it won't do you any good. The correct way to check a password in LDAP is to attempt to bind with it.
Related
In my WSO2 Identy Server (v5.8.0), i have added one custom attribute named XXX.
Then, in my web client application, I invoke /scim2/Users service to create new user inside IDS.
I successfully create user with correct name, surname, email, phone number and so on, but my custom field is not updated in my user content store.
By other hand, if I update field by data entry and read my user from IDS, I can see my custom attribute XXX correctly.
Can someone help me ?
One of the following reasons could be caused not to update custom attributes via scim2/Users endpoint.
Once you add a new local claim and if you want to access/modify its value using SCIM endpoint it should be mapped to scim claim dialect. Follow the steps in extending scim user claims doc in https://docs.wso2.com/display/IS580/Extending+SCIM+2.0+User+Schemas
If the above step is correctly configured, check the request payload whether the attribute is correctly defined in the payload. If the attribute is not defined in the expected format, WSO2 IS ignores those attributes.
When you trying to update the value via login to the management console and view the user profile through the management console doesn't involve the SCIM APIs. You are directly updating the local claim in the WSO2 local claim dialect. If you have followed the doc mention is step 1 and that attribute has a value, GET /scim2/Users/{user-id} should return the attribute in the response.
I have a Identity Server version 5.3.0 installed on my server and activated SCIM 2.0 user provisioning based on the documentation provided. Active directory is set as the primary user store here. The identity server created the admin user and group successfully in the Active Directory without any errors, however, my problem is when I want to create more users via the UI of Identity server I get this error:
[LDAP: error code 16 - 00000057: LdapErr: DSID-0C091027, comment: Error in attribute conversion operation, data 0, v3839 ]; remaining name 'cn=*****'
And when Trying to create the user with SCIM 2.0 with curl I get the this error:
{"schemas":"urn:ietf:params:scim:api:messages:2.0:Error","detail":"Error in adding the user: * to the user store. Error while adding the user to the Active Directory for user : *","status":"500"}
My claims are set as follows:
Claims for urn:ietf:params:scim:schemas:core:2.0--->
urn:ietf:params:scim:schemas:core:2.0:meta.resourceType
urn:ietf:params:scim:schemas:core:2.0:meta.lastModified
urn:ietf:params:scim:schemas:core:2.0:meta.created
urn:ietf:params:scim:schemas:core:2.0:meta.location
urn:ietf:params:scim:schemas:core:2.0:id
urn:ietf:params:scim:schemas:core:2.0:userName
This is configured based on the https://docs.wso2.com/display/IS410/SCIM+User+Provisioning+With+IS+Having+Active+Directory+User+Store
I just applied it to the urn:ietf:params:scim:schemas:core:2.0 and not the urn:scim:schemas:core:1.0 because this is SCIM 2.0 Version and not version 1.0
P.S . I am using Active Directory within Server 2016 with ldapS.
Does anybody have any any ideas about what causing this to happen?
According to [1] [LDAP: error code 16 - 00000057: LdapErr: DSID-0C091027, comment: Error in attribute conversion operation, data 0, v3839] - Indicates that one of the attributes you are passing in the user create operation does not exist in the entry. Please recheck all the attributes you have mapped in the attribute map look up.
[1]https://wiki.servicenow.com/index.php?title=LDAP_Error_Codes
Please try to set up Last Modified Time claim in WSO2 claim dialect. I have set it to use Directory String type attribute in Active Directory.
While I am trying to authenticate so that I can use Wso2 either through the panel or through API call I get this error:
ERROR {org.wso2.carbon.core.services.authentication.AuthenticationAdmin}
- System error while Authenticating/Authorizing User :
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException:
Mapped attribute cannot be found for claim :
urn:ietf:params:scim:schemas:core:2.0:User:active in user store : PRIMARY
I don't want to add an additional field at my user store just for this. Is it possible to change authentication so that it does not look for urn:ietf:params:scim:schemas:core:2.0:User:active in the user store?
I'm assuming you cannot login to the management console at all. Even as the admin user. Can you provide the following info.
What's the user store type (LDAP, JDBC, AD) ? Is it a read-only user store?
In the documentation there are 2 methods for configuring claims under Configure claim dialects section. Which method did you use ?
I have installed new version of WSO2 Identity Server v.5.3.0.
When I try to create new tenant I get exceptions:
TID: [-1234] [] [2017-01-19 16:54:17,102] ERROR {org.wso2.carbon.stratos.common.util.ClaimsMgtUtil} - Unable to retrieve the claim for the given tenant
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException: Mapped attribute cannot be found for claim : http://wso2.org/claims/lastname in user store : PRIMARY
and
TID: [-1234] [] [2017-01-19 16:54:17,102] ERROR {org.wso2.carbon.stratos.common.util.ClaimsMgtUtil} - Unable to retrieve the claim for the given tenant
org.wso2.carbon.user.core.UserStoreException: org.wso2.carbon.user.core.UserStoreException: Mapped attribute cannot be found for claim : http://wso2.org/claims/lastname in user store : PRIMARY
These claims exist in DB. There is new structure in DB of claim tables.
In version 5.2 there weren't any problems in this part.
I suppose that new user (admin of tenant) can't be created.
A simple other user through "Add User" can be created properly.
We have different data sources for user management ant identities (WSO2_UM and WSO2_AM). New claims structure is in WSO2_AM. Maybe this is the reason of problems?
This problem is very, very important for us.
Maybe we have come back to version 5.2?
The problem was resolved. I'm very sorry for my mistakes.
There was one mistake in configuration files.
We have done WSO2 IS configurations with multiple LDAPs with multiple clients successfully before. This time with a new client we are getting an error as show in image. "Error occured while getting all user claims for ... in carbon.super.
The case is we have created a service and mapped custom claims to map to LDAP. The issue is with a field mapped with http://wso2.org/claims/role attribute . If we remove this attribute from the custom claims the error goes away.
But we are using roles in business logic(Internal roles created in WSO2) which we get as null in case we remove this attribute.
We want to know the solution. Is there some change required at LDAP side ? Or how we can achieve the roles without mapping as a claim with LDAP?