Я использую wso2 Identity Server 5.7.0 на хосте CentOS.
Я пытаюсь использовать API SCIM2 для получения пользовательских данных при использовании пользовательского хранилища openldap с ReadWriteLDAPUserStore.
Если я вызываю scim2 / Users или scim2 / Users /, я всегда получаю следующее:
{"schemas": "urn: ietf: params: scim: api: messages: 2.0:Ошибка "," detail ":" Ошибка в получении информации о пользователе для пользователя: TEST.LS.CBN/bcymet@TEST.LS.CBN|TEST.LS.CBN/Bram Cymet "," status ":" 500 "}
Трассировка стека, которую я получаю на сервере, когда это происходит:
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: org.wso2.carbon.user.core.UserStoreException: Invalid Domain Name
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:174)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:926)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.getSCIMUser(SCIMUserManager.java:1437)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.scim2.common.impl.SCIMUserManager.getUser(SCIMUserManager.java:224)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.charon3.core.protocol.endpoints.UserResourceManager.get(UserResourceManager.java:93)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.scim2.provider.resources.UserResource.getUser(UserResource.java:69)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.lang.reflect.Method.invoke(Method.java:498)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:188)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:104)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:58)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:94)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:249)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:289)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:214)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:265)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:607)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:83)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:84)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.lang.Thread.run(Thread.java:748)
Feb 14 11:48:21 a8auth-dev.ls.cbn slapd[1739]: conn=1276 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: Caused by: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.security.AccessController.doPrivileged(Native Method)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.callSecure(AbstractUserStoreManager.java:164)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: ... 63 more
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: Caused by: java.lang.reflect.InvocationTargetException
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.lang.reflect.Method.invoke(Method.java:498)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager$2.run(AbstractUserStoreManager.java:167)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: ... 65 more
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: Caused by: org.wso2.carbon.user.core.UserStoreException: Invalid Domain Name
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserStoreInternal(AbstractUserStoreManager.java:4841)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.access$400(AbstractUserStoreManager.java:85)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager$7.run(AbstractUserStoreManager.java:4800)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager$7.run(AbstractUserStoreManager.java:4797)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at java.security.AccessController.doPrivileged(Native Method)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserStore(AbstractUserStoreManager.java:4797)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:930)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getUserClaimValues(AbstractUserStoreManager.java:932)
Feb 14 11:48:21 a8auth-dev.ls.cbn wso2server.sh[6413]: ... 70 more
Проведенное мною исследование показало, что это может быть проблема с сопоставлением заявок.Если это так, могу ли я узнать, какие претензии я пропустил?Я уверен, что у меня есть все обязательные поля сопоставлены.Нужно ли сопоставлять всю схему SCIM2?
Я уверен, что из этой функции в AbstractUserStoreManager генерируется исключение:
private UserStore getUserStoreInternal (String user) выдает UserStoreException {
int index;
index = user.indexOf(CarbonConstants.DOMAIN_SEPARATOR);
UserStore userStore = new UserStore();
String domainFreeName = null;
// Check whether we have a secondary UserStoreManager setup.
if (index > 0) {
// Using the short-circuit. User name comes with the domain name.
String domain = user.substring(0, index);
UserStoreManager secManager = getSecondaryUserStoreManager(domain);
domainFreeName = user.substring(index + 1);
if (secManager != null) {
userStore.setUserStoreManager(secManager);
userStore.setDomainAwareName(user);
userStore.setDomainFreeName(domainFreeName);
userStore.setDomainName(domain);
userStore.setRecurssive(true);
return userStore;
} else {
if (!domain.equalsIgnoreCase(getMyDomainName())) {
if ((UserCoreConstants.INTERNAL_DOMAIN.equalsIgnoreCase(domain)
|| APPLICATION_DOMAIN.equalsIgnoreCase(domain) || WORKFLOW_DOMAIN.equalsIgnoreCase(domain))) {
userStore.setHybridRole(true);
} else if (UserCoreConstants.SYSTEM_DOMAIN_NAME.equalsIgnoreCase(domain)) {
userStore.setSystemStore(true);
} else {
throw new UserStoreException("Invalid Domain Name");
}
}
userStore.setDomainAwareName(user);
userStore.setDomainFreeName(domainFreeName);
userStore.setDomainName(domain);
userStore.setRecurssive(false);
return userStore;
}
}
String domain = getMyDomainName();
userStore.setUserStoreManager(this);
if (index > 0) {
userStore.setDomainAwareName(user);
userStore.setDomainFreeName(domainFreeName);
} else {
userStore.setDomainAwareName(domain + CarbonConstants.DOMAIN_SEPARATOR + user);
userStore.setDomainFreeName(user);
}
userStore.setRecurssive(false);
userStore.setDomainName(domain);
return userStore;
Итак, похоже, что пользовательское хранилище не возвращается getSecondaryUserStoreManager (домен)
Неправильно ли я что-то настроил в своем хранилище пользователей?
Я вижу запросзаходит на мой сервер ldap, чтобы получить данные о пользователе (хотя он не запрашивает все сопоставленные атрибуты), и этот запрос ldap возвращает без ошибок и правильное количество результатов, равное 1.
Мое пониманиев том, что конечная точка scim2 / Users должна быть в состоянии дать мне список всех пользователей во всех хранилищах пользователей, разве это не так?Действительно ли scim2 работает только с пользовательскими хранилищами JDBC?
Моя конфигурация пользовательского хранилища выглядит следующим образом:
<?xml version="1.0" encoding="UTF-8"?>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
<Property name="ConnectionURL">ldap://a8auth-dev.ls.cbn:389</Property>
<Property name="ConnectionName">cn=admin,dc=ls,dc=cbn</Property>
<Property encrypted="true" name="ConnectionPassword">eyJjIjoiQmZ2R3ZIQjJUVkdCSHZyT2s2TlpNZm5zNnJZUG1PSlpJNUJua3U0RzZhNTcxc09Fb1pqSTQ1bDZRTDdjUHVqbHZTb1hGZSsrTjM5UnUzU0lvdUVzdmlEUWZjMEtXSW42VnY2cmlDRFY5ZFBZN3Z4aWRSSGlWTHZZN1NZM1gvdUIvYWlrL1Rsdm1YMnpQTmRPQVYwZk1RN1JjVlNxbzVzeFFGWkxtb2txWXBUbGFCUWh2L1N2QlRWTG14UzlYWE5wNnR4M055TEROZ3FicmhJT0F4Yk5pZ1FRUzBWNXNJdWxlRE1KQ1loSkxQVTcrR0Vpa2wwMGxNUHlURnRBWmpmNllJallZWUhjZ1VpSDBXQWQySmFsTUpmLzhVRWRRSXZ0T0hhZjRFVkFqTUJyemtVQnBxNElTaUV0Q3F3Qlc0Q3RTNUUwZ0ZjeTliSldWWk1vdlNyaUpnXHUwMDNkXHUwMDNkIiwidCI6IlJTQS9FQ0IvT0FFUHdpdGhTSEExYW5kTUdGMVBhZGRpbmciLCJ0cCI6IkRFMTlEQzQ2REQ1OEQ2RUI5NkExQjMxRkVDRDVBRkU3N0U1RTdEOTIiLCJ0cGQiOiJTSEEtMSJ9</Property>
<Property name="UserSearchBase">ou=people,dc=ls,dc=cbn</Property>
<Property name="UserEntryObjectClass">posixAccount</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">(&(objectClass=posixAccount)(uid=?))</Property>
<Property name="UserNameListFilter">(objectClass=posixAccount)</Property>
<Property name="UserDNPattern">uid={0},ou=people,dc=ls,dc=cbn</Property>
<Property name="DisplayNameAttribute">cn</Property>
<Property name="Disabled">false</Property>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">ou=groups,dc=ls,dc=cbn</Property>
<Property name="GroupEntryObjectClass">groupOfUniqueNames</Property>
<Property name="GroupNameAttribute">description</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfUniqueNames)(description=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfUniqueNames)</Property>
<Property name="RoleDNPattern"/>
<Property name="MembershipAttribute">uniqueMember</Property>
<Property name="MemberOfAttribute"/>
<Property name="BackLinksEnabled">false</Property>
<Property name="UserNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="UserNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated.</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password pattern policy violated.</Property>
<Property name="RoleNameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="RoleNameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">true</Property>
<Property name="BulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName"/>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout">5000</Property>
<Property name="RetryAttempts">0</Property>
<Property name="CountRetrieverClass"/>
<Property name="java.naming.ldap.attributes.binary"/>
<Property name="ClaimOperationsSupported">true</Property>
<Property name="MembershipAttributeRange">0</Property>
<Property name="UserCacheExpiryMilliseconds"/>
<Property name="UserDNCacheEnabled">true</Property>
<Property name="DomainName">TEST.LS.CBN</Property>
<Property name="Description">Testing Kerberos
</Property>
</UserStoreManager>
Любая помощь в сортировке была бы полезной.