Styjun

What's the difference between 予定 (Yotei) and 計画 (keikaku)?

Swapping rooks in a 4x4 board

Pull-up sequence accumulator counter

How can I convince my reader that I will not use a certain trope?

What reason would an alien civilization have for building a Dyson Sphere (or Swarm) if cheap Nuclear fusion is available?

Are Finite Automata Turing Complete?

Is it OK to bottle condition using previously contaminated bottles?

Why aren't (poly-)cotton tents more popular?

Can ADFS connect to other SSO services?

How dangerous are set-size assumptions?

Why is Madam Hooch not a professor?

Inverse-quotes-quine

Counting occurrence of words in table is slow

How can I repair scratches on a painted French door?

Analog is Obtuse!

How could mana leakage be dangerous to a elf?

How many satellites can stay in a Lagrange point?

Is there a maximum distance from a planet that a moon can orbit?

How come I was asked by a CBP officer why I was in the US?

Do equal angles necessarily mean a polygon is regular?

Why do some games show lights shine through walls?

How do I parse the Zhou Enlai quote 为了中华之崛起而读书?

Calculating the partial sum of a expl3 sequence

Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration?

WSO2 Encrypt the primary LDAP userstore credentials

How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?WSO2 APIM encrypt credentials for multiple gatwayswso2 lost context to login with tenant`s userswso2: Encrypting ConnectionPassword property for secondary userstoreI am unable to login to admin-dashboard application in WSO2 API managerUnable to manage tenants with WSO2 IS & LdapWSO2 API Manager 2.0.0 - LDAP & Publisher API Token Issuewso2 api manager change super admin's password issueWSO2 : connecting to ldap failsHow to publish custom API after changing the password in API manager in WSO2(above version 5)?WSO2 Identity Server (5.7.0) External Encryption of Secondary Userstore Connection PasswordCannot change credentials for wso2 api manager Analytics

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

1

Using WSO2AM-2.6.0, we are trying to encrypt userstore credentials for a primary LDAP userstore manager. Encrypting credentials well works for the realm config credentials (admin password), jndi properties, api-manager.xml, datasource credentials.

What we have issue with is the primary userstore LDAP connection credentials (as the user is as well an admin user)

In theory there are comprehensive guides as well some older questions such as here How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?

When using LDAP as a secondary userstore, the ConnectionPassword gets properly encryped and used in the userstore definition XML. However when used as a primary userstore manager (user-mgt.xml) we always get AuthenticationError LDAP response (locking out the connection user).

After some debugging I found that the ConnectionPassword element content is used regardless

• using the encrypted=true on the property pass the encrypted password to the LDAP connection

eyJjIj..................................EEtMSJ9

• encrypt the property using the ciphertool, the password placeholder is provided

<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>

Do we need to do anything specific to take the LDAP Userstore crendetials recognized as encrypted? According to the Carbon documentation it should simply work

wso2 wso2-am

share|improve this question

edited Mar 25 at 11:46

gusto2

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

add a comment | 

1

Using WSO2AM-2.6.0, we are trying to encrypt userstore credentials for a primary LDAP userstore manager. Encrypting credentials well works for the realm config credentials (admin password), jndi properties, api-manager.xml, datasource credentials.

What we have issue with is the primary userstore LDAP connection credentials (as the user is as well an admin user)

In theory there are comprehensive guides as well some older questions such as here How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?

When using LDAP as a secondary userstore, the ConnectionPassword gets properly encryped and used in the userstore definition XML. However when used as a primary userstore manager (user-mgt.xml) we always get AuthenticationError LDAP response (locking out the connection user).

After some debugging I found that the ConnectionPassword element content is used regardless

• using the encrypted=true on the property pass the encrypted password to the LDAP connection

eyJjIj..................................EEtMSJ9

• encrypt the property using the ciphertool, the password placeholder is provided

<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>

Do we need to do anything specific to take the LDAP Userstore crendetials recognized as encrypted? According to the Carbon documentation it should simply work

wso2 wso2-am

share|improve this question

edited Mar 25 at 11:46

gusto2

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

add a comment | 

Using WSO2AM-2.6.0, we are trying to encrypt userstore credentials for a primary LDAP userstore manager. Encrypting credentials well works for the realm config credentials (admin password), jndi properties, api-manager.xml, datasource credentials.

What we have issue with is the primary userstore LDAP connection credentials (as the user is as well an admin user)

In theory there are comprehensive guides as well some older questions such as here How to encrypt LDAP UserStore password in usr-mgt.xml in WSO2?

When using LDAP as a secondary userstore, the ConnectionPassword gets properly encryped and used in the userstore definition XML. However when used as a primary userstore manager (user-mgt.xml) we always get AuthenticationError LDAP response (locking out the connection user).

After some debugging I found that the ConnectionPassword element content is used regardless

• using the encrypted=true on the property pass the encrypted password to the LDAP connection

eyJjIj..................................EEtMSJ9

• encrypt the property using the ciphertool, the password placeholder is provided

<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>

Do we need to do anything specific to take the LDAP Userstore crendetials recognized as encrypted? According to the Carbon documentation it should simply work

wso2 wso2-am

share|improve this question

edited Mar 25 at 11:46

gusto2

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

<Property name="ConnectionPassword" svns:secretAlias="UserManager.UserstoreManager.Password">password</Property>

share|improve this question

edited Mar 25 at 11:46

gusto2

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

share|improve this question

edited Mar 25 at 11:46

gusto2

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

asked Mar 25 at 11:02

gusto2gusto2

5,58122 gold badges99 silver badges2323 bronze badges

1 Answer
1

active

oldest

votes

1

In order to encrypt Connection password, You need to use the alias as

UserManager.Configuration.Property.ConnectionPassword

for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.

share|improve this answer

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I sttongly believe the alias name has little to do with the actual placement, but I will give it a try
  
  – gusto2
  Mar 27 at 6:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I used the config alias explicitly stated in the documentation UserStoreManager.Property.ConnectionPassword, for me it is not really clear why the alias name has influence on its placement, I will have to check the source code
  
  – gusto2
  Mar 27 at 9:59
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55336334%2fwso2-encrypt-the-primary-ldap-userstore-credentials%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

In order to encrypt Connection password, You need to use the alias as

UserManager.Configuration.Property.ConnectionPassword

for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.

share|improve this answer

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I sttongly believe the alias name has little to do with the actual placement, but I will give it a try
  
  – gusto2
  Mar 27 at 6:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I used the config alias explicitly stated in the documentation UserStoreManager.Property.ConnectionPassword, for me it is not really clear why the alias name has influence on its placement, I will have to check the source code
  
  – gusto2
  Mar 27 at 9:59
  

  
  
  
  

add a comment | 

1

In order to encrypt Connection password, You need to use the alias as

UserManager.Configuration.Property.ConnectionPassword

for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.

share|improve this answer

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I sttongly believe the alias name has little to do with the actual placement, but I will give it a try
  
  – gusto2
  Mar 27 at 6:40
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I used the config alias explicitly stated in the documentation UserStoreManager.Property.ConnectionPassword, for me it is not really clear why the alias name has influence on its placement, I will have to check the source code
  
  – gusto2
  Mar 27 at 9:59
  

  
  
  
  

add a comment | 

In order to encrypt Connection password, You need to use the alias as

UserManager.Configuration.Property.ConnectionPassword

for UserStore Manager properties you can add aliases prefix the property name with UserManager.Configuration.Property.

share|improve this answer

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

UserManager.Configuration.Property.ConnectionPassword

share|improve this answer

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge

answered Mar 27 at 6:11

tharindudtharindud

2611 bronze badge