Skip to main content

Configuring WSO2 IS with External OpenLDAP

Setup guide: [link]

 At each change you may run the following bash file to on Unix environment for run the dockers.
$ sh docker-up.sh

OpenLDAP

Add object classes

We first have to add following object classes: [link]
After when you have downloaded the ldif files setup them on a folder so that they can be copied in to ldap image we are building.[link]

 Observe here we do not use Dockerfile or docker-compose.yml to run ldap commands. This is because we cannot use the docker command 'RUN' for 'ldapadd' since the slapd service (ldap service name) need to be up and running first. So basic docker practice is using 'CMD' to run the command when the container is up. Yet having 'CMD' run will mess up openldap image developed by Osixia (so some reason I have not disclosed yet).
For this I used a bash file to run the docker-compose and then execute commands on ldap container with given container name.

Add Organizational Units

Add Organizational Units as 'Users' and 'Groups'. [link]

 Note that since we are adding OU to root, it requires root permission execute 'ldapadd'. Therefore set username and password along with the command.
----
Nb: Please see that if you run by an error with ldap server as "Can't contact LDAP server (-1)" that is because the slapd (ldap service name) has not completely started yet. For this we add an delay before the ldapadd command is run. [link]
----

WSO2 Identity Server

Make sure you have the following files available at wso2is/files folder
  • wso2is (use the compressed file of wso2is-5.6) [download link]
  • jdk 8 (use the compressed file) [download link]
  • mysql connector jar file (choose platform independent and download the compressed file where you can find jar file after decompress) [download link]

WSO2 configuration setup

For this we need to change two xml files "user-mgt.xml" and "tenant-mgt.xml" in <carbon-home>/repository/conf/ folder. While preserving original files the same, here I try to keep them separately for editing they and replace when creating the docker.[link]
----
When adding a user, if you get an error as;
"Cannot add user <username>. Error: Cannot access the directory context or user already exists in the system for user <username>"
it is because of mapping problem in the user attribute.
----

Steps to resolve

  1. Go to Home -> Identity -> Claims -> List.
  2. Select “urn:ietf:params:scim:schemas:core:2.0” and then click edit on “urn:ietf:params:scim:schemas:core:2.0:meta.resourceType”.
  3. Select an appropriate claim to map to it. For example you could use "http://wso2.org/claims/userType" and update.

Comments

Post a Comment

Popular posts from this blog

Creating docker image for WSO2 IS Server

So before meddling with configuration, we can run Identity Server right on spot with downloaded zip file [ download ]. Prerequisites for the server is: Java 7 or 8  Let's first download the zip and run the server and make sure there's no failure in it. Unzip and goto folder on terminal and run  Unix $ sh bin/wso2server.sh Windows C:/> wso2server.sh Find the docker image for the sever to run. In this case I realized best to find the lowest possible capacity consuming docker with OS.  For this I have 3 options as below: ubuntu + java size on disk: 778MB Ubuntu 16.04 with Java 8 docker link oracle linux + java size on disk: 280MB Oracle Linux 7.5 with Java 8 docker link alpine + java size on disk: 126MB Apline 3.7.1 with Java 8 docker link Then we have to copy Identity Server files to selected image. At this stage I thought of going with ubuntu, since I have worked and tested on it successfully, and it is...
Post a Comment
Read more

Implementing IAM Architecture

So here I started developing 'docker-compose.yml' file from ground level. So I will end up with clean configuration. Previous to this I have built own 'WSO2-IS server docker image'. You may may find it on this [ link ]. Following is my Github repo for this full implementation. https://github.com/MrClemRkz/iam-with-wso2 Running WSO2 Identity Server As of the first commit [ link ]  I start off with docker-composer.yml file with just running the same image I had built previously. So when you are to run the file, make sure you have properly installed docker along with docker-compose.  Run the following command to create the wos2-is container up and running. $ docker-compose up -d Here observe the option '-d'. Since this means container is run detached to the running terminal, it won't show any of the IS output of logs on the terminal. There for either you wait a minute or two until the server is ready or run the command without option '-...
Post a Comment
Read more