【问题标题】:Authentication Error OpenAM - ADLDS datastore身份验证错误 OpenAM - ADLDS 数据存储
【发布时间】:2016-01-18 09:03:29
【问题描述】:

我是 OpenAM 的新手,我在我的机器中配置了 AD LDS,它有用户列表。我正在尝试将 ADAM 作为数据存储添加到 OpenAM。即使我从 OpenAM https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+Active+Directory+for+Authentication+and+DataStore 遵循这个文档@

按照上述说明进行操作后,当尝试使用 OPEN AM 的 AD 用户登录时,我仍然收到“身份验证失败”。

**有人可以帮我解决这个问题吗?

**LDRepo Error:****

ERROR: An error occurred while executing persistent search
org.forgerock.opendj.ldap.ReferralException: Referral: 0000202B: RefErr: DSID-031007EF, data 0, 1 access points
ref 1: ‘wealthcetera.local’



**Authenication Log Error:**

amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
LoginState: getIdentity performing IdRepo search to obtain AMIdentity
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: user
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:897 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In searchAutehnticatedUser: idType IdType: agent
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
In getUserProfile : Search for user Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
alias attr=null, attr=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list],merge=[iplanet-am-auth-login-failure-url, iplanet-am-session-max-caching-time, preferredlocale, iplanet-am-session-max-session-time, nsaccountlock, iplanet-am-user-login-status, iplanet-am-auth-post-login-process-class, iplanet-am-session-max-idle-time, iplanet-am-user-success-url, iplanet-am-user-failure-url, inetuserstatus, iplanet-am-auth-login-success-url, iplanet-am-user-account-life, iplanet-am-user-alias-list]
amAuth:01/18/2016 01:52:05:899 PM IST: Thread[http-apr-8080-exec-7,5,main]
Search for Identity Dhilip Swaminathan
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
result is :[]
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
URL is :
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
tempDefaultURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
defaultFailureURL : null
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::submitRequirements end
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Status at the end of submitRequirements() : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::hasMoreRequirements()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuthREST:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Authentication failed – destroying new session
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal::getStatus()
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
getStatus : status is… : 4
amAuthContextLocal:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
AuthContextLocal:: Status : failed
amAuth:01/18/2016 01:52:05:900 PM IST: Thread[http-apr-8080-exec-7,5,main]
Error Code is.. : 102

【问题讨论】:

    标签: openam adlds


    【解决方案1】:

    我假设您使用的是 Active Directory 身份验证模块。如果是这样,您对“用于检索用户配置文件的属性”有什么价值?您是否启用或禁用了“将用户 DN 返回到 DataStore”?

    另外,在您的数据存储配置中,您使用什么作为“身份验证命名属性”?

    看起来身份验证成功,但之后 OpenAM 无法在 IdRepo(数据存储)中找到用户。

    【讨论】:

    • 嗨 Guillermo,感谢您对此的支持。我对“用于检索用户配置文件的属性”的值是“cn”,数据存储中的“身份验证命名属性”也是“cn”。 “将用户 DN 返回到 DataStore”已禁用
    猜你喜欢
    • 1970-01-01
    • 2015-05-25
    • 1970-01-01
    • 1970-01-01
    • 2012-12-10
    • 1970-01-01
    • 2021-12-30
    • 2023-03-06
    • 2015-06-01
    相关资源
    最近更新 更多