问题
Using WSO2AM-2.6.0, we are trying to encrypt userstore credentials for a primary LDAP userstore manager. Encrypting credentials well works for the realm config credentials (admin password), jndi properties, api-manager.xml, datasource credentials.
What we have issue with is the primary userstore LDAP connection credentials (as the user is as well an admin user)
In theory there are comprehensive guides as well some older questions such as here How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?
When using LDAP as a secondary userstore, the ConnectionPassword gets properly encryped and used in the userstore definition XML. However when used as a primary userstore manager (user-mgt.xml) we always get AuthenticationError LDAP response (locking out the connection user).
After some debugging I found that the ConnectionPassword element content is used regardless
- using the encrypted=true on the property pass the encrypted password to the LDAP connection
eyJjIj..................................EEtMSJ9
- encrypt the property using the ciphertool, the
passwordplaceholder is provided
<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>
Do we need to do anything specific to take the LDAP Userstore crendetials recognized as encrypted? According to the Carbon documentation it should simply work
回答1:
In order to encrypt Connection password, You need to use the alias as
UserManager.Configuration.Property.ConnectionPassword
for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.
来源:https://stackoverflow.com/questions/55336334/wso2-encrypt-the-primary-ldap-userstore-credentials