Search code examples
ldapwso2wso2-api-manager

WSO2 API Manager(wso2am-4.1.0) - Unprocessed Continuation Reference(s) Error when creating APIs

I have setup the latest API manager and configured the deployment.toml to point to a read-only ldap as the primary userstore. The API Manager gets connected with the ldap successfully and it could be logged in with an ldap user specified as the admin.

[user_store]
class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager"
type = "read_only_ldap"

[user_store.properties]
TenantManager="org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager"
ConnectionURL="ldap://<IP>:<PORT>"
ConnectionName="cn=<CN>,ou=<OU>,dc=ABC,dc=com"
ConnectionPassword="<password>"
AnonymousBind="false"
UserNameAttribute="<uname_atrribute>"
UserNameSearchFilter="(&amp;(objectClass=user)(uname_atrribute=?))"
ReadGroups="true"
GroupSearchBase="DC=ABC,DC=com"
GroupNameAttribute="cn"
GroupNameSearchFilter="(&amp;(objectClass=groupOfNames)(cn=?))"
GroupNameListFilter="(objectClass=groupOfNames)"
MembershipAttribute="member"
BackLinksEnabled="false"
UsernameJavaRegEx="[a-zA-Z0-9._\\-|//]{3,30}$"
PasswordJavaRegEx="^[\\S]{5,30}$"
SCIMEnabled="true"
PasswordHashMethod="PLAIN_TEXT"
MultiAttributeSeparator=","
MaxUserNameListLength="100"
MaxRoleNameListLength="100"
UserRolesCacheEnabled="true"
LDAPConnectionTimeout=5000
ReplaceEscapeCharactersAtUserLogin="true"
ConnectionRetryDelay="120000"
GroupSearchFilter="(objectClass=groupOfNames)"
UserEntryObjectClass="identityPerson"
IsBulkImportSupported="true"
EmptyRolesAllowed="true"
UserSearchBase="DC=ABC,DC=com"
ConnectionPoolingEnabled="false"
StartTLSEnabled="false"
WriteGroups="true"
RolenameJavaRegEx="[a-zA-Z0-9._\\-|//]{3,30}$"
GroupEntryObjectClass="groupOfNames"
EnableMaxUserLimitForSCIM="false"
PasswordJavaRegExViolationErrorMsg="Password length should be within 5 to 30 characters"
PasswordJavaScriptRegEx="^[\\S]{5,30}$"
UsernameJavaRegExViolationErrorMsg="Username pattern policy violated"
UserNameListFilter="(objectClass=person)"
UsernameJavaScriptRegEx="^[\\S]{3,30}$"
kdcEnabled="false"

However, the following exception prevents APIs from getting published.

Caused by: org.wso2.carbon.user.core.UserStoreException: Error occurred while search user for filter : (&(objectClass=user)(uname_atrribute=wso2.system.user))
        at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getUserPropertyValues(ReadOnlyLDAPUserStoreManager.java:766)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doGetUserClaimValues(AbstractUserStoreManager.java:7838)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserIDFromUserName(AbstractUserStoreManager.java:12299)
        at org.wso2.carbon.identity.mgt.listener.IdentityUserIdResolverListener.doPostGetRoleListOfUser(IdentityUserIdResolverListener.java:1221)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserRoles(AbstractUserStoreManager.java:8608)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doGetRoleListOfUser(AbstractUserStoreManager.java:8575)
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleListOfUser(AbstractUserStoreManager.java:6701)
        ... 75 more
Caused by: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=ABC,DC=com'
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2917)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
        at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.searchUserForASearchBase(ReadOnlyLDAPUserStoreManager.java:1550)
        at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getUserPropertyValues(ReadOnlyLDAPUserStoreManager.java:674)
        ... 81 more

Any viable solution for this is highly appreciated. Thanks in advance.

Solution

  • The root cause for the exception "javax.naming.PartialResultException: Unprocessed Continuation Reference(s)" is thrown when the AD/LDAP server connection/context is created with Referrals property to ignore or not set at all(The default Referral value is "ignore" as for this Java doc[1]).

    You should be able to resolve this by setting REFERRAL to follow in the config

    [user_store.properties] Referral="follow"

    [1] https://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html