Extra "ou=Users" added to "base_dn" property of user_store #13765
Description
Describe the issue:
- When configuring active directory as a primary user-store in WSO2 IS, an extra
"ou=Users"is appended to thebase_dnproperty in thedeployment.tomlfile. - IS uses
repository/resources/conf/infer.jsonfile as the template and append"ou=Users"to thebase_dnproperty in thedeployment.tomlfile.
User-store configuration in the deployment.toml file:
[user_store]
type = "active_directory_unique_id"
connection_url = "ldaps://ip_address:636"
connection_name = "CN=username,CN=Users,DC=wso2,DC=local"
connection_password = "password
base_dn = "CN=Users,DC=wso2,DC=local"
user_entry_object_class = "user"
user_name_attribute = "cn"
user_id_attribute = "objectGuid"
user_name_search_filter = "(&(objectClass=user)(cn=?))"
user_name_list_filter = "(objectClass=person)"
when starting the IS, this results in following error:
[2022-05-27 16:10:21,732] [] DEBUG {org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager} - [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=wso2,DC=local'
] javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-03100288, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Users,DC=wso2,DC=local'
]; remaining name 'ou=Users,CN=Users,DC=wso2,DC=local'
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3284)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2996)
at java.naming/com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1875)
at java.naming/com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1798)
at java.naming/com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at java.naming/com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at java.naming/javax.naming.directory.InitialDirContext.search(InitialDirContext.java:276)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getNameInSpaceForUserName(ReadOnlyLDAPUserStoreManager.java:2507)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doCheckExistingUser(ReadOnlyLDAPUserStoreManager.java:916)
at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.doCheckExistingUserNameWithIDImpl(UniqueIDReadOnlyLDAPUserStoreManager.java:683)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addInitialAdminData(AbstractUserStoreManager.java:9141)
at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.<init>(ReadOnlyLDAPUserStoreManager.java:265)
at org.wso2.carbon.user.core.ldap.UniqueIDReadOnlyLDAPUserStoreManager.<init>(UniqueIDReadOnlyLDAPUserStoreManager.java:190)
at org.wso2.carbon.user.core.ldap.UniqueIDReadWriteLDAPUserStoreManager.<init>(UniqueIDReadWriteLDAPUserStoreManager.java:126)
at org.wso2.carbon.user.core.ldap.UniqueIDActiveDirectoryUserStoreManager.<init>(UniqueIDActiveDirectoryUserStoreManager.java:121)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:358)
at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:231)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:136)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:276)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:102)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:115)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:80)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:842)
at org.eclipse.osgi.internal.framework.BundleContextImpl$3.run(BundleContextImpl.java:1)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.internal.framework.BundleContextImpl.startActivator(BundleContextImpl.java:834)
at org.eclipse.osgi.internal.framework.BundleContextImpl.start(BundleContextImpl.java:791)
at org.eclipse.osgi.internal.framework.EquinoxBundle.startWorker0(EquinoxBundle.java:1013)
at org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule.startWorker(EquinoxBundle.java:365)
at org.eclipse.osgi.container.Module.doStart(Module.java:598)
at org.eclipse.osgi.container.Module.start(Module.java:462)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel$1.run(ModuleContainer.java:1820)
at org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor$2$1.execute(EquinoxContainerAdaptor.java:150)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1813)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.incStartLevel(ModuleContainer.java:1770)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.doContainerStartLevel(ModuleContainer.java:1735)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1661)
at org.eclipse.osgi.container.ModuleContainer$ContainerStartLevel.dispatchEvent(ModuleContainer.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
How to reproduce:
- Add active directory configurations to the
deployment.toml - Start the IS
Expected behavior:
IS should use the value defined in the deployment.toml file instead of appending "ou=Users" into the front.
Environment information:
- Product Version: IS 6.0.0m1
- OS: Mac 12.4 (IS) / Windows Server 2019 (Active Directory)
- Userstore: Active Directory (Forest/Domain Function Level 2016)