Search code examples
ldapapachedsldap-clientwso2-identity-server

How to change primary LDAP domain of WSO2 IS 4.5.0

I would like modify the domain of the primary user storage (based on LDAP), but i can not get successfully.

The current domain in user-mgt.xml is dc=wso2,dc=org and I would like to change to dc=foobar,dc=com

My modified user-mgt.xml is:

...
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>

            <Property name="defaultRealmName">FOOBAR.COM</Property>

            <Property name="kdcEnabled">false</Property>
            <Property name="Disabled">false</Property>                                   
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserEntryObjectClass">identityPerson</Property>

            <Property name="UserSearchBase">ou=Users,dc=foobar,dc=com</Property>

            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
            <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="EmptyRolesAllowed">true</Property>

            <Property name="GroupSearchBase">ou=Groups,dc=foobar,dc=com</Property>

            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>

            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=foobar,dc=com</Property>

            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>

            <Property name="UserDNPattern">uid={0},ou=Users,dc=foobar,dc=com</Property>
            <Property name="RoleDNPattern">cn={0},ou=Groups,dc=foobar,dc=com</Property>

            <Property name="SCIMEnabled">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
        </UserStoreManager>
...

The error when starting WSO2 IS is:

Caused by: org.wso2.carbon.user.core.UserStoreException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for     SearchRequest
        baseDn : 'ou=Groups,dc=foobar,dc=com'
        filter : '(&(2.5.4.0=groupofnames)(2.5.4.3=*))'
        scope : whole subtree
        typesOnly : false
        Size Limit : 100
        Time Limit : 11
        Deref Aliases : deref Always
        attributes : 'cn'
: ERR_268 Cannot find a partition for ou=Groups,dc=foobar,dc=com]
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleNames(ReadOnlyLDAPUserStoreManager.java:1024)
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetRoleNames(ReadOnlyLDAPUserStoreManager.java:1134)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2485)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2382)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2375)
    at org.wso2.carbon.event.core.internal.subscription.registry.RegistrySubscriptionManager.<init>(RegistrySubscriptionManager.java:91)
    ... 65 more

What should I be missing?

Solution

  • Solved !

    I have replaced older domain and defaultRealmName in the following files:

    1. IS_HOME/repository/conf/user-mgt.xml
    2. IS_HOME/repository/conf/tenant-mgt.xml
    3. IS_HOME/repository/conf/embedded-ldap.xml

    I have replaced dc=wso2,dc=org for dc=foobar,dc=com and defaultRealmName=WSO2.ORG for FOOBAR.COM, then I deleted the directory named root located in the IS_HOME/repository/data/org.wso2.carbon.directory .. so a fresh default partition will be created again at the restart.

    Now, if you connect to WSO2IS' embedded LDAP (10389 port) using any LDAP client, you will see the new domain FOOBAR.COM instead of WSO2.ORG.

    I hope that be useful.