2016-05-16 09:49:20,505 [http-bio-8080-exec-6] WARN [com.mchange.v2.c3p0.impl.DefaultConnectionTester] - SQL State '08007' of Exception tested by statusOnException() implies that the database is invalid, and the pool should refill itself with fresh Connections.
at com.mchange.v2.c3p0.impl.NewProxyConnection.commit(NewProxyConnection.java:803)
2016-05-16 09:49:20,506 [http-bio-8080-exec-6] WARN [com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool] - A ConnectionTest has failed, reporting that all previously acquired Connections are likely invalid. The pool will be reset.
at com.mchange.v2.c3p0.impl.NewProxyConnection.commit(NewProxyConnection.java:803)
at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeUpdate(NewProxyPreparedStatement.java:105)
When an Exception occurs on a Connection during a c3p0 Connection test, c3p0 examines the SQL State of the Exception to evaluate whether that means that only the Connection is invalid, or if all Connections in the pool are likely to be invalid given the condition signaled. If the SQL state suggests all Connections are likely to be invalid, c3p0 will reset the pool, close()ing and discarding the Connections it has previously acquired and replacing them with fresh Connections.
You don't need to do anything about this, as long as it is rare or occasional. c3p0 is trying to recover from a database outage as early and as quickly as possible. It is proactively replacing its Connections rather than waiting for each individually, to fail a test and then get replaced.
If this is happening a lot, then there is a problem either with your database or with how Connection tests are getting performed. But that's worth tracking down only if it happens a lot.
it's my OCD,i want fix any warn,i am trying to change the property
this is my old version:
<property name="minPoolSize"><value>5</value>
</property>
<property name="maxPoolSize">
<value>30</value>
</property>
<property name="initialPoolSize">
<value>10</value>
</property>
<property name="maxIdleTime">
<value>60</value>
</property>
<property name="acquireIncrement">
<value>5</value>
</property>
<property name="maxStatements">
<value>0</value>
</property>
<property name="idleConnectionTestPeriod">
<value>60</value>
</property> -->
<property name="acquireRetryAttempts">
<value>30</value>
</property>
<property name="breakAfterAcquireFailure">
<value>true</value>
</property>
<property name="preferredTestQuery" value="SELECT 1"/>
false
new version:
<property name="idleConnectionTestPeriod" value="${c3p0.idleConnectionTestPeriod}" />
<property name="initialPoolSize" value="${c3p0.initialPoolSize}" />
<property name="maxIdleTime" value="${c3p0.maxIdleTime}" />
<property name="maxPoolSize" value="${c3p0.maxPoolSize}" />
<property name="maxStatements" value="${c3p0.maxStatements}" />
<property name="maxStatementsPerConnection" value="${c3p0.maxStatementsPerConnection}" />
<property name="minPoolSize" value="${c3p0.minPoolSize}" />
Related
Environment:
wso2 5.3.0 installed on
Windows 7 sp1
jdk_1.8.0_151 with external primary user store on
AD (Windows server 2016 Active Directory)
Action:
wso2 starts normally
wsoadmin user is available in AD
wso2 binds via ldaps to AD
logging into the wso2 management menue on win 7 client as administrator ok
all existing AD users show up in the wso2 users list view (only those with an email address)
If I want to add a new user "wsotest" an error is thrown:
ERROR {org.wso2.carbon.user.mgt.ui.UserAdminClient} -
Error while adding the user to the Active Directory for user :
wsotest
[...]
Caused by: javax.naming.directory.NoSuchAttributeException:
[LDAP: error code 16 - 00000057: LdapErr: DSID-0C091027, comment:
Error in attribute conversion operation, data 0, v3839 ];
remaining name 'cn=wsotest'
user-mgt.xml:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>False</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>wsoadmin</UserName><!-- already be available in user store, here: AD -->
<Password>admin</Password><!-- keep default; real pw is already set in AD -->
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="defaultRealmName">wso.ad.org</Property>
<Property name="Disabled">false</Property>
<Property name="kdcEnabled">true</Property>
<Property name="ConnectionURL">ldaps://dc.wso.ad.org:636</Property>
<Property name="ConnectionName">CN=wsoadmin,OU=AllUsers,DC=wso,DC=ad,DC=org</Property>
<Property name="ConnectionPassword">*******</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">OU=AllUsers,DC=wso,DC=ad,DC=org</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(sAMAccountName=?))</Property>
<Property name="UserNameListFilter">(&(objectClass=user)(sAMAccountName=*))</Property>
<!-- -->
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">false</Property>
<Property name="GroupSearchBase">CN=Users,DC=wso,DC=ad,DC=org</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<!-- -->
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">false</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">false</Property><!-- default true -->
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">false</Property>
</AuthorizationManager>
</Realm>
</UserManager>
embedded-ldap.xml
<EmbeddedLDAP>
<Property name="enable">false</Property>
Any recommendations?
Found the solution:
add this property to the UserStoreManager within user-mgt.xml
<Property name="UserDNPattern">cn={0},ou=AllUsers,dc=wso,dc=ad,dc=com</Property>
thus the CN will be properly constructed. Obviously you have to adapt the structure and content of this DN string according to your AD LDAP.
Took me quite a time to find this, for WSO2's manual is a bit misleading re UserDNPattern:
The patten for user's DN. It can be defined to improve the LDAP search. When there are many user entries in the LADP, defining a "UserDNPattern" provides more impact on performances as the LDAP does not have to travel through the entire tree to find users.
Sounds like an option, but seems to be neccessary.
Here is my Hikari datasource configuration:
<bean id="hikariConfig" class="com.zaxxer.hikari.HikariConfig">
<property name="jdbcUrl" value="jdbc:sqlserver://" />
<property name="initializationFailFast" value="false"/>
<property name="poolName" value="springHikariCP" />
<property name="username" value="nexgen"/>
<property name="password" value="nexgen"/>
<property name="connectionTimeout" value="1000"/>
<property name="connectionTestQuery" value="USE NexGen;SELECT TOP 1 * FROM Transactions"/>
<property name="dataSourceProperties">
<props>
<prop key="serverName">"DEVWORX01\DEV2014"</prop>
<prop key="databaseName">NexGen</prop>
<prop key="user">nexgen</prop>
<prop key="password">nexgen</prop>
</props>
</property>
</bean>
Here is the stack trace:
java.sql.SQLTransientConnectionException: springHikariCP - Connection is not available, request timed out after 1003ms.
at com.zaxxer.hikari.pool.HikariPool.getConnection(HikariPool.java:195)
at com.zaxxer.hikari.pool.HikariPool.getConnection(HikariPool.java:147)
at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:83)
at com.pevco.persist.reports.ReportsDaoImpl.setDataSource(ReportsDaoImpl.java:72)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.beans.BeanWrapperImpl$BeanPropertyHandler.setValue(BeanWrapperImpl.java:346)
at org.springframework.beans.AbstractNestablePropertyAccessor.setPropertyValue(AbstractNestablePropertyAccessor.java:454)
at org.springframework.beans.AbstractNestablePropertyAccessor.setPropertyValue(AbstractNestablePropertyAccessor.java:280)
at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:95)
at org.springframework.beans.AbstractPropertyAccessor.setPropertyValues(AbstractPropertyAccessor.java:75)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1226)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:301)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:196)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:835)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:125)
at org.springframework.test.context.support.AbstractGenericContextLoader.loadContext(AbstractGenericContextLoader.java:60)
at org.springframework.test.context.support.AbstractDelegatingSmartContextLoader.delegateLoading(AbstractDelegatingSmartContextLoader.java:109)
at org.springframework.test.context.support.AbstractDelegatingSmartContextLoader.loadContext(AbstractDelegatingSmartContextLoader.java:261)
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContextInternal(DefaultCacheAwareContextLoaderDelegate.java:98)
at org.springframework.test.context.cache.DefaultCacheAwareContextLoaderDelegate.loadContext(DefaultCacheAwareContextLoaderDelegate.java:116)
at org.springframework.test.context.support.DefaultTestContext.getApplicationContext(DefaultTestContext.java:83)
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.injectDependencies(DependencyInjectionTestExecutionListener.java:117)
at org.springframework.test.context.support.DependencyInjectionTestExecutionListener.prepareTestInstance(DependencyInjectionTestExecutionListener.java:83)
at org.springframework.test.context.TestContextManager.prepareTestInstance(TestContextManager.java:228)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.createTest(SpringJUnit4ClassRunner.java:230)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner$1.runReflectiveCall(SpringJUnit4ClassRunner.java:289)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.methodBlock(SpringJUnit4ClassRunner.java:291)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:249)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:89)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:193)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection to the host "DEVWORX01, named instance DEV2014" failed. Error: "java.net.UnknownHostException: "DEVWORX01". Verify the server and instance names and check that no firewall is blocking UDP traffic to port 1434. For SQL Server 2005 or later, verify that the SQL Server Browser Service is running on the host.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDriverError(SQLServerException.java:190)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.getInstancePort(SQLServerConnection.java:3589)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.primaryPermissionCheck(SQLServerConnection.java:1225)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:972)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:827)
at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:1012)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:95)
at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:101)
at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:314)
at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:171)
at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:436)
at com.zaxxer.hikari.pool.HikariPool.access$500(HikariPool.java:65)
at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:567)
at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:560)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The connection to the host "DEVWORX01, named instance DEV2014" failed. Error: "java.net.UnknownHostException: "DEVWORX01". Verify the server and instance names and check that no firewall is blocking UDP traffic to port 1434. For SQL Server 2005 or later, verify that the SQL Server Browser Service is running on the host.
The above line is what I have been focusing on. I've tried using just the IP address instead of the server name.
I've tried using dataSourceClassName with same result:
<property name="dataSourceClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDataSource" />
All with the same result. I am able to connect using a different datasource. I am also able to connect using sqlcmd.
I've looked at the many SO already existing questions and it appears my configuration should work.
implementing hikaricp with microsoft sql server
How to set up datasource with Spring for HikariCP?
As well as the hikariCP documentation.
I can't see anything wrong with the setup. Why am I getting the unknown host exception? Another set of eyes would be greatly appreciated.
Get rid of the jdbcUrl. Also, there are quotes around your hostname/instance, there probably shouldn't be. You can also separate the instance from the host in the configuration as below:
<bean id="hikariConfig" class="com.zaxxer.hikari.HikariConfig">
<property name="initializationFailFast" value="false"/>
<property name="poolName" value="springHikariCP" />
<property name="username" value="nexgen"/>
<property name="password" value="nexgen"/>
<property name="connectionTimeout" value="1000"/>
<property name="connectionTestQuery" value="SELECT 1"/>
<property name="dataSourceClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDataSource" />
<property name="dataSourceProperties">
<props>
<prop key="serverName">DEVWORX01</prop>
<prop key="instanceName">DEV2014</prop>
<prop key="databaseName">NexGen</prop>
<prop key="user">nexgen</prop>
<prop key="password">nexgen</prop>
</props>
</property>
</bean>
I am using Websphere mq v 7.5. When I try to send message to Queue, I get following error :
JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED')
Provided Username and password are wrong.
I don't have any credentials to provide as it doesn't ask at time of installation. My camel-context configuration is given below:
<bean id="webspheremq" class="org.apache.camel.component.jms.JmsComponent">
<property name="connectionFactory" ref="myConnectionFactory"/>
</bean>
<bean id="myConnectionFactory" class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="mqhost"/>
<property name="port" value="1417"/>
<property name="queueManager" value="QM1"/>
<property name="channel" value="SYSTEM.DEF.SVRCONN"/>
<property name="transportType" value="1"/>
</bean>
The 2035 error you received will have more information to explain it in the queue manager error log. The fact that the JMS error message mentions a user ID and password is misleading, it could be one of a number of security failures, not necessarily that one, I suspect you are being caught by a default security rule (CHLAUTH rule) that bans the use of SYSTEM channels.
Look in your queue manager AMQERR01.LOG and then read the following post for more help on how to deal with a failure caused by a CHLAUTH rule.
I'm being blocked by CHLAUTH - how can I work out why?
I'm trying to add users to backend AD.
However, if i specify the password, I always get 'Password does not meet the system requirements. Please try again.' (I can add user to AD with the same pwd on ad server)
Then i tried 'Ask password from user' and not specifying password. Creation faild with the following message:
Could not add user test.com/testadd. Error is: Credential not valid. Credential must be a non null string with following format, null
While I'm sure the ad certificate is added to all keystores i can find.
So what can i do next?
here is my user-mgt.xml
<UserManager>
<Realm>
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<!-- .... -->
<!-- I didn't change this part -->
</UserStoreManager>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="defaultRealmName">test.com</Property>
<Property name="DomainName">test.com</Property>
<Property name="kdcEnabled">false</Property>
<Property name="ConnectionURL">ldaps://10.20.112.213:636</Property>
<Property name="ConnectionName">CN=Adaccount,CN=Users,DC=test,DC=com</Property>
<Property name="ConnectionPassword">password#123</Property>
<Property name="UserSearchBase">CN=Users,DC=test,DC=com</Property>
<Property name="UserEntryObjectClass">person</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(sAMAccountName=?))</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="GroupSearchBase">CN=Users,DC=test,DC=com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">memberOf</Property>
<Property name="GroupNameListFilter">(objectClass=group)</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="isADLDSRole">false</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="maxFailedLoginAttempt">0</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
I guess there can be issue with regex pattern of password. According to your configuration regex pattern is not define in config. May be, WSO2IS uses some default pattern. Please try to configure them and see... I could see following in default user-mgt.xml file. Try to configure them and check.
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
<Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
I'd like to know if somebody has successfully got ESB connecting to a BAM that uses LDAP for authentication, and how. In other words: what're the necessary permissions to publish events in a BAM server?
We've installed ESB 4.6.0 and BAM 2.2.0, and both of them are configured to use LDAP (it's an Active Directory) for user management.
We've followed as much as possible this documentation (has some outdated/wrong instructions though) http://docs.wso2.org/wiki/display/ESB450/Configuring+External+User+Stores
Since ESB sends events to BAM, there is a BAM Profile created, that needs a valid user and password to connect to BAM Server. Therefore we've created specific users for that. Those users where configured to belong to the admin group by adding them to the default admin role (the one specified in the user-mgt.xml file shown below) but the connection between ESB and BAM fails with:
TID: [0] [BAM] [2013-05-07 12:50:58,802] INFO {org.wso2.carbon.databridge.core.DataBridge} - wso2_dev_server connected {org.wso2.carbon.databridge.core.DataBridge}
TID: [0] [BAM] [2013-05-07 12:50:58,847] ERROR {org.wso2.carbon.databridge.core.internal.authentication.Authenticator} - wrong userName or password {org.wso2.carbon.databridge.core.internal.authentication.Authenticator}
while direct login into the Management Console (same credentials) works:
TID: [0] [BAM] [2013-05-07 14:10:48,570] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'wso2_dev_server#carbon.super [-1234]' logged in at [2013-05-07 14:10:48,570+1200] from IP address 172.26.34.38 {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil}
To make it even funnier, communication between ESB and BAM works if I use MY credentials instead.
Thanks in advance.
This is our user-mgt.xml file:
<UserManager>
<Realm>
<Configuration>
<AdminRole>wso2_admin</AdminRole>
<AdminUser>
<UserName>gherrera</UserName>
<Password></Password>
</AdminUser>
<EveryOneRoleName></EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="ReadOnly">true</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="ConnectionURL">ldap://activedirectoryserver:389</Property>
<Property name="ConnectionName">CN=someadminuser,OU=Service Accounts,OU=mycompany Users,DC=mycompany,DC=co,DC=nz</Property>
<Property name="ConnectionPassword">someadminuserpassword</Property>
<Property name="passwordHashMethod">PLAIN_TEXT</Property>
<Property name="UserSearchBase">DC=mycompany,DC=co,DC=nz</Property>
<Property name="UserNameListFilter">(objectClass=person)</Property>
<Property name="UserNameAttribute">sAMAccountName</Property>
<Property name="ReadLDAPGroups">true</Property>
<Property name="GroupSearchBase">OU=mycompany Groups,DC=mycompany,DC=co,DC=nz</Property>
<Property name="GroupNameListFilter">(objectClass=group)</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="maxFailedLoginAttempt">3</Property>
</UserStoreManager>
<AuthorizationManager
class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
</Realm>
</UserManager>