【发布时间】:2016-08-02 01:57:43
【问题描述】:
我很难解决“找不到主体...”的问题。我阅读了所有文章,但我已成功将 ear 文件安装到 WAS 8.5 中。
此应用程序需要 LDAP 身份验证才能让最终用户登录。 我的 LDAP 用户 ID 是正确的。因为我可以通过另一个部署了相同 ear 文件的开发环境对自己进行身份验证。 远程 LDAP 服务器的 SSL 证书很好。还有什么要配置的?
我的意思是你可能会给我一个线索来配置什么,例如 JAAS?
这是来自myprofile/log/ffcd/xxx.log 文件的底线详细信息。
[11/04/16 14:06:39:853 EDT] FFDC
Exception:com.ibm.websphere.security.PasswordCheckFailedException SourceId:com.ibm.ws.security.ltpa.LTPAServerObject.authenticate ProbeId:1006 Reporter:com.ibm.ws.security.ltpa.LTPAServerObject@2be0e7c9
com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E No principal is found from the 'validLdapUserId' principal name.
at com.ibm.ws.wim.ProfileManager.loginImpl(ProfileManager.java:3920)
at com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:348)
at com.ibm.ws.wim.ProfileManager.login(ProfileManager.java:456)
==> Performing default dump from com.ibm.ws.security.core.SecurityDM
com.ibm.ws.security.config.SecurityConfigImpl@3c12279c C:\devSoft\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells/OND2C01266470Node01Cell/security.xml (admin) :com.ibm.websphere.security.PasswordCheckFailedException: CWWIM4537E No principal is found from the 'validLdapUserId' principal name.
+Data for directive [defaultsecurityconfig] obtained.:
The dynamic JAAS login configuration is:
com.ibm.ws.security.auth.login.Configuration: Dumping JAAS Configuration
JAAS file configuration data:
system.RMI_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.wss.generate.sct {
com.ibm.ws.wssecurity.wssapi.token.impl.SCTGenerateLoginModule required ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.wss.consume.ltpa {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAConsumeLoginModule required ;
};
system.wss.consume.KRB5BST {
com.ibm.ws.wssecurity.wssapi.token.impl.KRBConsumeLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule required ;
};
system.wss.consume.ltpaProp {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationConsumeLoginModule required ;
};
system.wss.consume.issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenConsumeLoginModule required ;
};
system.wss.generate.pkcs7 {
com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7GenerateLoginModule required ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule required ;
};
system.wss.consume.pkiPath {
com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathConsumeLoginModule required ;
};
system.wss.consume.x509 {
com.ibm.ws.wssecurity.wssapi.token.impl.X509ConsumeLoginModule required ;
};
system.WEB_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule" ;
};
system.wss.consume.sct {
com.ibm.ws.wssecurity.wssapi.token.impl.SCTConsumeLoginModule required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule required ;
};
system.wss.generate.saml {
com.ibm.ws.wssecurity.wssapi.token.impl.SAMLGenerateLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule required ;
};
system.DESERIALIZE_ASYNCH_CONTEXT {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.generate.ltpa {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule required ;
};
system.wss.generate.ltpaProp {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationGenerateLoginModule required ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule required ;
};
system.wss.inbound.propagation {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.auth.sts {
com.ibm.ws.wssecurity.impl.auth.module.STSDefaultLoginModule required ;
};
system.wss.generate.x509 {
com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule required ;
};
system.RMI_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.WSS_INBOUND {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
};
JAASClient {
com.ibm.security.auth.module.Krb5LoginModule required
noAddress="true"
tryFirstPass="true"
useDefaultCcache="false"
forwardable="true"
credsType="both" ;
};
system.wssecurity.KRB5BST {
com.ibm.wsspi.wssecurity.auth.module.KRBLoginModule required ;
};
system.wss.generate.unt {
com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule required ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
system.wss.caller {
com.ibm.ws.wssecurity.impl.auth.module.PreCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.UNTCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.X509CallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.LTPACallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.LTPAPropagationCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.KRBCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.SAMLCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.GenericIssuedTokenCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.WSWSSLoginModule required ;
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
};
system.DEFAULT {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule" ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.consume.pkcs7 {
com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7ConsumeLoginModule required ;
};
system.wss.generate.KRB5BST {
com.ibm.ws.wssecurity.wssapi.token.impl.KRBGenerateLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule required ;
};
system.wss.generate.issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenGenerateLoginModule required ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false"
use_appcontext_callback="false" ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
system.wss.generate.pkiPath {
com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathGenerateLoginModule required ;
};
system.wss.consume.unt {
com.ibm.ws.wssecurity.wssapi.token.impl.UNTConsumeLoginModule required ;
};
JaasClient {
com.ibm.security.auth.module.Krb5LoginModule required
noAddress="true"
tryFirstPass="true"
useDefaultCcache="false"
forwardable="true"
credsType="both" ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.wss.inbound.deserialize {
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssLtpaLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.consume.saml {
com.ibm.ws.wssecurity.wssapi.token.impl.SAMLConsumeLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule required ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule required ;
};
JAAS WCCM configuration data:
system.RMI_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule required ;
};
DefaultPrincipalMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
system.wss.generate.sct {
com.ibm.ws.wssecurity.wssapi.token.impl.SCTGenerateLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule required ;
};
system.wss.consume.ltpa {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAConsumeLoginModule required ;
};
system.wss.consume.KRB5BST {
com.ibm.ws.wssecurity.wssapi.token.impl.KRBConsumeLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule required ;
};
system.wss.consume.ltpaProp {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationConsumeLoginModule required ;
};
system.wss.consume.issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenConsumeLoginModule required ;
};
system.wss.generate.pkcs7 {
com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7GenerateLoginModule required ;
};
system.wssecurity.X509BST {
com.ibm.wsspi.wssecurity.auth.module.X509LoginModule required ;
};
system.wss.consume.pkiPath {
com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathConsumeLoginModule required ;
};
system.wss.consume.x509 {
com.ibm.ws.wssecurity.wssapi.token.impl.X509ConsumeLoginModule required ;
};
system.WEB_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
};
system.WSS_OUTBOUND {
com.ibm.ws.security.server.lm.wsMapCSIv2OutboundLoginModule required ;
};
system.wss.consume.sct {
com.ibm.ws.wssecurity.wssapi.token.impl.SCTConsumeLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule required ;
};
system.wssecurity.Signature {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.wsspi.wssecurity.auth.module.SignatureLoginModule" ;
};
system.wssecurity.IDAssertionUsernameToken {
com.ibm.wsspi.wssecurity.auth.module.IDAssertionUsernameLoginModule required ;
};
system.wssecurity.UsernameToken {
com.ibm.wsspi.wssecurity.auth.module.UsernameLoginModule required ;
};
system.wss.generate.saml {
com.ibm.ws.wssecurity.wssapi.token.impl.SAMLGenerateLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule required ;
};
system.KRB5 {
com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapper required
storeSharedStateCredentials="true"
noAddress="true"
tryFirstPass="true"
renewable="true"
refreshKrb5Config="true"
forwardable="true"
credsType="both" ;
com.ibm.ws.security.auth.kerberos.WSKrb5LoginModule required ;
};
system.DESERIALIZE_ASYNCH_CONTEXT {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required
com.ibm.ws.security.context.renewToken="true" ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.generate.ltpa {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAGenerateLoginModule required ;
};
system.wss.generate.ltpaProp {
com.ibm.ws.wssecurity.wssapi.token.impl.LTPAPropagationGenerateLoginModule required ;
};
system.wssecurity.PkiPath {
com.ibm.wsspi.wssecurity.auth.module.PkiPathLoginModule required ;
};
system.wss.inbound.propagation {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.auth.sts {
com.ibm.ws.wssecurity.impl.auth.module.STSDefaultLoginModule required ;
};
system.wss.generate.x509 {
com.ibm.ws.wssecurity.wssapi.token.impl.X509GenerateLoginModule required ;
};
system.RMI_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.LTPA_WEB {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.web.AuthenLoginModule" ;
};
system.WSS_INBOUND {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
};
WSKRB5Login {
com.ibm.ws.security.auth.kerberos.Krb5LoginModuleWrapperClient required
storeSharedStateCredentials="true"
tryFirstPass="false"
refreshKrb5Config="true"
useFirstPass="true"
credsType="INITIATOR" ;
};
KerberosMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule" ;
};
ClientContainer {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.common.auth.module.WSClientLoginModuleImpl" ;
};
system.wssecurity.KRB5BST {
com.ibm.wsspi.wssecurity.auth.module.KRBLoginModule required ;
};
system.wss.generate.unt {
com.ibm.ws.wssecurity.wssapi.token.impl.UNTGenerateLoginModule required ;
};
system.LTPA {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.ltpaLoginModule" ;
};
system.wss.caller {
com.ibm.ws.wssecurity.impl.auth.module.PreCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.UNTCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.X509CallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.LTPACallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.LTPAPropagationCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.KRBCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.SAMLCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.GenericIssuedTokenCallerLoginModule required ;
com.ibm.ws.wssecurity.impl.auth.module.WSWSSLoginModule required ;
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
};
system.DEFAULT {
com.ibm.ws.security.server.lm.ltpaLoginModule required ;
com.ibm.ws.security.server.lm.wsMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.consume.pkcs7 {
com.ibm.ws.wssecurity.wssapi.token.impl.PKCS7ConsumeLoginModule required ;
};
system.wss.generate.KRB5BST {
com.ibm.ws.wssecurity.wssapi.token.impl.KRBGenerateLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTGenerateLoginModule required ;
};
system.wss.generate.issuedToken {
com.ibm.ws.wssecurity.wssapi.token.impl.GenericIssuedTokenGenerateLoginModule required ;
};
WSLogin {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.common.auth.module.WSLoginModuleImpl"
use_realm_callback="false"
use_appcontext_callback="false" ;
};
system.SWAM {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.server.lm.swamLoginModule" ;
};
system.wss.generate.pkiPath {
com.ibm.ws.wssecurity.wssapi.token.impl.PkiPathGenerateLoginModule required ;
};
system.wss.consume.unt {
com.ibm.ws.wssecurity.wssapi.token.impl.UNTConsumeLoginModule required ;
};
system.wssecurity.IDAssertion {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.wsspi.wssecurity.auth.module.IDAssertionLoginModule" ;
};
system.wss.inbound.deserialize {
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssLtpaLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssMapDefaultInboundLoginModule required ;
com.ibm.ws.wssecurity.platform.websphere.wssapi.token.impl.wssTokenPropagationInboundLoginModule required ;
};
system.wss.consume.saml {
com.ibm.ws.wssecurity.wssapi.token.impl.SAMLConsumeLoginModule required ;
com.ibm.ws.wssecurity.wssapi.token.impl.DKTConsumeLoginModule required ;
};
TrustedConnectionMapping {
com.ibm.ws.security.common.auth.module.proxy.WSLoginModuleProxy required
delegate="com.ibm.ws.security.auth.j2c.WSPrincipalMappingLoginModule"
useTrustedConnection="true" ;
};
system.wssecurity.PKCS7 {
com.ibm.wsspi.wssecurity.auth.module.PKCS7LoginModule required ;
};
:com.ibm.websphere.security.PasswordCheckFailedException: CWWIM4537E No principal is found from the 'validLdapUserId' principal name.
+Data for directive [defaultjaasconfig] obtained.:
==> Dump complete for com.ibm.ws.security.core.SecurityDM :
这是来自 wimconfig.xml 的 ldap 配置
<config:repositories xsi:type="config:LdapRepositoryType" adapterClassName="com.ibm.ws.wim.adapter.ldap.LdapAdapter"
id="LDAP_dev" isExtIdUnique="true" supportAsyncMode="false" supportExternalName="false"
supportPaging="false" supportSorting="false" supportTransactions="false" supportChangeLog="none"
certificateFilter="" certificateMapMode="exactdn" ldapServerType="AD" translateRDN="false">
<config:baseEntries name="DC=dc5,DC=dc4,DC=dc3,DC=dc2,DC=dc1" nameInRepository="DC=dc5,DC=dc4,DC=dc3,DC=dc2,DC=dc1"/>
<config:loginProperties>uid
<config:ldapServerConfiguration primaryServerQueryTimeInterval="15" returnToPrimaryServer="true"
sslConfiguration="">
<config:ldapServers authentication="simple" bindDN="CN=validUser,OU=Users,OU=dc6,DC=dc5,DC=dc4,DC=dc3,DC=dc2,DC=dc1"
bindPassword="{xor}DCvalidPassword" connectionPool="false" connectTimeout="20"
derefAliases="always" referal="follow" sslEnabled="true">
<config:connections host="validHost" port="389"/>
<config:ldapEntityTypes name="Group" searchFilter="(ObjectCategory=Group)">
<config:objectClasses>group
<config:ldapEntityTypes name="OrgContainer">
<config:rdnAttributes name="o" objectClass="organization"/>
<config:rdnAttributes name="ou" objectClass="organizationalUnit"/>
<config:rdnAttributes name="dc" objectClass="domain"/>
<config:rdnAttributes name="cn" objectClass="container"/>
<config:objectClasses>organization
<config:objectClasses>organizationalUnit
<config:objectClasses>domain
<config:objectClasses>container
</config:ldapEntityTypes>
<config:ldapEntityTypes name="PersonAccount" searchFilter="(ObjectCategory=User)">
<config:objectClasses>user
</config:ldapEntityTypes>
<config:groupConfiguration>
<config:memberAttributes name="member" objectClass="group" scope="direct"/>
<config:membershipAttribute name="memberof" scope="direct"/>
</config:groupConfiguration>
<config:attributeConfiguration>
<config:attributes defaultAttribute="cn" name="cn">
<config:entityTypes>Group
<config:attributes defaultValue="8" name="groupType">
<config:entityTypes>Group
<config:attributes name="unicodePwd" propertyName="password" syntax="unicodePwd"/>
<config:attributes name="userprincipalname" propertyName="kerberosId">
<config:entityTypes>PersonAccount
【问题讨论】:
-
您是否比较了工作服务器和非工作服务器上的 VMM 配置?如果分支上的过滤器设置不正确配置 VMM 将无法在 LDAP 中找到用户,即使它是有效的
-
可能是登录属性、基本 dn 或实体类型不正确,因为它看起来无法找到用户。您不需要任何 JAAS 配置,但提供有关您的配置的更多详细信息。您是否使用联合存储库,您有多少,您的 LDAP 是什么,可能是显示用户的 ldap 搜索结果...
-
我比较了 VMM 设置。它们在两种环境中看起来都一样。除了我使用 ldap 浏览器(与 WAS 无关的第三方软件)成功连接到同一个 ldap 之外。我应该查看哪些具体设置?
-
是的,我们定义了 1 个联合存储库。它似乎配置正确,因为在我尝试对特定用户进行身份验证之前,日志中没有异常。这些几乎是默认设置。 searchFilter="(ObjectCategory=User)" 也被定义。是否有任何日志设置可以打开,我可以看到更多信息?
-
在我们的配置中,我们有通用用户(CN=validUser 在上面的 winconfig 中)。我们使用连接到ldap服务器