Getting error while creating the tenant in wso2 Identity server 6.0.0

Question

Im trying to create the tenant though wso2 console. while creating I m getting bellow error on console. " error Failed to add tenant config. tenant-domain: , tenant-admin: "

in server logs, I am getting below error.

ERROR {org.wso2.carbon.tenant.mgt.core.TenantPersistor} - Error in adding tenant with domain: hit.com org.wso2.carbon.user.core.UserStoreException: Error occurred while searching in root partition for organization :<domain Name>

[LDAP: error code 32 - The entry dc=wso2,dc=org specified as the search base does not exist in the Directory Server]; remaining name 'dc=wso2,dc=org'

 ERROR {org.apache.axis2.rpc.receivers.RPCMessageReceiver} - Exception occurred while trying to invoke service method addTenant java.lang.reflect.InvocationTargetException

ERROR {org.wso2.carbon.tenant.mgt.ui.utils.TenantMgtUtil} - Failed to add tenant config. tenant-domain: hit.com, tenant-admin: [email protected]. org.apache.axis2.AxisFault: Exception occurred while trying to invoke service method addTenant

note: we are using Ldap openDj

Answer 1

When a tenant is created on WSO2 products, a new sub organization unit (OU) is created if the primary userstore is an LDAP/AD. In that case, it refers to the following configuration to create the sub OU.

[tenant_manager.ldap.properties]
RootPartition = "dc=wso2,dc=org"

Above sample config has the default value which is included in your error message as well, The entry dc=wso2,dc=org specified as the search base does not exist in the Directory Server

You can specify the root of your LDAP (eg: dc=unext,dc=com) for this configuration in order to solve this issue.

References:

• https://gdrdabarera.medium.com/how-to-configure-open-ldap-with-wso2-identity-server-5-4-0-3a76bf240001
• WSO2IS 5.10.0 - Configuring RootPartition by deployment.toml

---

Adding a formatted copy of userstore configurations shared in comments for others' reference.

[user_store] 
type = "read_write_ldap_unique_id" 
base_dn = "dc=unext,dc=com" 
connection_url = "ldap://connection_link:389" 
connection_name = "cn=admin" 
connection_password = "password" 
user_entry_object_class = "identityPerson" 
user_search_base = "ou=users,dc=unext,dc=com" 
user_name_attribute = "mail" 
user_name_search_filter = "(&(objectClass=person)(mail=?))" 
user_name_list_filter = "(&(objectClass=person)(!(sn=Service)))" 
user_id_list_filter = "(&(objectClass=person)(scimId=?))" 
group_search_base = "dc=unext,dc=com"