Trying to configure Identity Server 5.0.0 with internal LDAP server

Question

I am working on implementing WSO2 Identity Server. I got the SAML SSO sample working with Identity server and the internal user store (default store). I am trying to get the example working with either the secondary user store connected to our internal VDS server. I would also like to use the internal VDS server for authentication for access to the management console. I have successfully created the secondary user store to our VDS server and I have confirmed that it is working. I can search for users and add them to different roles.

I have added my user from the secondary user store to the travelocity.com user group and attempted to log in. It is unsuccessful, and I see this error message in the log: Incorrect DN given : uid=sanofi\michael.eyre,ou=Users,dc=wso2,dc=org

Looking at this, it does not match up to our VDS configuration and the configuration of the secondary user store.

My ultimate goal is to use our internal VDS servers to authenticate logging into the management console and login access.

Answer 1

I suspect this is happened due to invalid user DN pattern defined in the secondary user store.

In order to fix that you need to edit relevant secondary user store config file, which is resides in <IDENTITY_SERVER_HOME>/repository/deployment/server/userstores/ folder. In that folder there should be a xml file which have the format of .xml (for ex : if the domain name is "VDS" there should be a file named "VDS.xml")

Open the file and you need to remove property called UserDNPattern. (ex : <Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property>)

Save the file and restart the server. Now authentication should be successful. If the user you trying to login have the "login" permission, authorization also will be successful and that user can login to the management console.

HTH, DarRay