How to change primary LDAP domain of WSO2 IS 4.5.0

Question

I would like modify the domain of the primary user storage (based on LDAP), but i can not get successfully.

The current domain in user-mgt.xml is dc=wso2,dc=org and I would like to change to dc=foobar,dc=com

My modified user-mgt.xml is:

...
    <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager">
            <Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>

            <Property name="defaultRealmName">FOOBAR.COM</Property>

            <Property name="kdcEnabled">false</Property>
            <Property name="Disabled">false</Property>                                   
            <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property>
            <Property name="ConnectionName">uid=admin,ou=system</Property>
            <Property name="ConnectionPassword">admin</Property>
            <Property name="passwordHashMethod">SHA</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserEntryObjectClass">identityPerson</Property>

            <Property name="UserSearchBase">ou=Users,dc=foobar,dc=com</Property>

            <Property name="UserNameSearchFilter">(&amp;(objectClass=person)(uid=?))</Property>
            <Property name="UserNameAttribute">uid</Property>
            <Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
            <Property name="ServicePasswordJavaRegEx">^[\\S]{5,30}$</Property>
            <Property name="ServiceNameJavaRegEx">^[\\S]{2,30}/[\\S]{2,30}$</Property>
            <Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
            <Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
            <Property name="ReadGroups">true</Property>
            <Property name="WriteGroups">true</Property>
            <Property name="EmptyRolesAllowed">true</Property>

            <Property name="GroupSearchBase">ou=Groups,dc=foobar,dc=com</Property>

            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupEntryObjectClass">groupOfNames</Property>
            <Property name="GroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="SharedGroupNameAttribute">cn</Property>

            <Property name="SharedGroupSearchBase">ou=SharedGroups,dc=foobar,dc=com</Property>

            <Property name="SharedGroupEntryObjectClass">groupOfNames</Property>
            <Property name="SharedGroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="SharedGroupNameSearchFilter">(&amp;(objectClass=groupOfNames)(cn=?))</Property>
            <Property name="SharedTenantNameListFilter">(objectClass=organizationalUnit)</Property>
            <Property name="SharedTenantNameAttribute">ou</Property>
            <Property name="SharedTenantObjectClass">organizationalUnit</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>

            <Property name="UserDNPattern">uid={0},ou=Users,dc=foobar,dc=com</Property>
            <Property name="RoleDNPattern">cn={0},ou=Groups,dc=foobar,dc=com</Property>

            <Property name="SCIMEnabled">true</Property>
            <Property name="MaxRoleNameListLength">100</Property>
            <Property name="MaxUserNameListLength">100</Property>
        </UserStoreManager>
...

The error when starting WSO2 IS is:

Caused by: org.wso2.carbon.user.core.UserStoreException: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for     SearchRequest
        baseDn : 'ou=Groups,dc=foobar,dc=com'
        filter : '(&(2.5.4.0=groupofnames)(2.5.4.3=*))'
        scope : whole subtree
        typesOnly : false
        Size Limit : 100
        Time Limit : 11
        Deref Aliases : deref Always
        attributes : 'cn'
: ERR_268 Cannot find a partition for ou=Groups,dc=foobar,dc=com]
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.getLDAPRoleNames(ReadOnlyLDAPUserStoreManager.java:1024)
    at org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.doGetRoleNames(ReadOnlyLDAPUserStoreManager.java:1134)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2485)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2382)
    at org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2375)
    at org.wso2.carbon.event.core.internal.subscription.registry.RegistrySubscriptionManager.<init>(RegistrySubscriptionManager.java:91)
    ... 65 more

What should I be missing?

Answer 1

Solved !

I have replaced older domain and defaultRealmName in the following files:

1. IS_HOME/repository/conf/user-mgt.xml
2. IS_HOME/repository/conf/tenant-mgt.xml
3. IS_HOME/repository/conf/embedded-ldap.xml

I have replaced dc=wso2,dc=org for dc=foobar,dc=com and defaultRealmName=WSO2.ORG for FOOBAR.COM, then I deleted the directory named root located in the IS_HOME/repository/data/org.wso2.carbon.directory .. so a fresh default partition will be created again at the restart.

Now, if you connect to WSO2IS' embedded LDAP (10389 port) using any LDAP client, you will see the new domain FOOBAR.COM instead of WSO2.ORG.

I hope that be useful.

Answer 2

I guess, you are trying to change the "dc=wso2,dc=org" value. You can not change it using user-mgt.xml file. user-mgt.xml file is used to connect WSO2IS with LDAP or AD or JDBC user stores. It means there can be LDAP running externally and you need to configure user-mgt.xml file to connect that LDAP using proper configurations. By default WSO2IS is shipped with embedded LDAP server and by default user-mgt.xml file has been configured to point to that embedded LDAP server. This embedded LDAP is created with "dc=wso2,dc=org" value. You can find the configurations of this embedded LDAP in the "embedded-ldap.xml" file. But there is no parameter to configure the domain ""dc=wso2,dc=org". It means, we can not configure it. But you can still create your own LDAP server using ApacheDS, OpenDJ and OpenLDAP and can point it to WSO2 Identity Server.