Tuesday, June 1, 2010

Signing in to WSO2 ESB 3.0.x using users in an LDap User Store

Assume that you have a list of users in an LDap server and you need to access WSO2 ESB using one of the users in the LDap user store and not with the default admin username and password. All you have to do is do a simple change in a configuration file of your ESB instance. I have listed the steps which one needs to follow.

Pre-Requisites

An LDAP server should be up and running with users.

Step 1

Download the latest WSO2 ESB version from here and extract to a location of your choice.
(E.g.:- /opt/products/wso2esb-3.0.0). From this point onwards I will refer to this location as ESB_HOME.

Step 2

Next go to ESB_HOME/repository/conf and open up the user-mgt.xml.

a) First notice that the section with the tag <userstoremanager> is uncommented where the class is org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager. Comment out this section.
Then locate the section with the tag <userstoremanager> where the class is specified as org.wso2.carbon.user.core.ldap.LDAPUserStoreManager and uncomment it. This section will contain the configuration which is used to our LDap user store.


<UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager">
<property name="ConnectionURL">ldap://localhost:10389</property>
<property name="ConnectionName">uid=admin,ou=system</property>
<property name="ConnectionPassword">secret</property>
<property name="UserSearchBase">ou=system</property>
<property name="UserNameListFilter">(objectClass=person)</property>
<property name="UserNameAttribute">uid</property>
<property name="ReadLDAPGroups">false</property>
<property name="GroupSearchBase">ou=system</property>
<property name="GroupSearchFilter">(objectClass=groupOfNames)</property>
<property name="GroupNameAttribute">cn</property>
<property name="MembershipAttribute">member</property>
</userstoremanager>


Note that you have to remember the ConnectionURL, ConnectionName and the ConnectionPassword values of your LDAP user store while setting it up.

b) Next go to the top of the user-mgt.xml and change the <username> and <password> tag values to a user which you already have in you LDAP user store.

c) Also change the <readonly> property value to true as shown below

<usermanager>
<realm>
<configuration>
<adminrole>admin</adminrole>
<adminuser>
<username>evanthika</username>
<password>evanthika</password>
</adminuser>
<everyonerolename>everyone</everyonerolename>
<readonly>true</readonly>
:
:
:
</realm>
</usermanager>



Step 3

Now you are all set to go. Go to the ESB_HOME/bin folder and start the WSO2 ESB server by giving the command

$ sh ./wso2server.sh

Step 4

Once the server is started access the Management Console through the URL https://localhost:9443/carbon and you should be able to login using the username/password which you specified in the user-mgt.xml file (evanthika/evanthika).

1 comment:

Donald said...

when I do that I get Failed Administrator login attempt 'Manager' at [2010-10-13 16:09:02,0420] from IP address 0:0:0:0:0:0:0:1%0

I am not sure where to look?