User Memberships from LDAP IdentityStore not displaying
So I have followed the picketlink IDM configuration for GateIn, using the sample MSAD readonly configuration to linkup with my companies internal (employee) AD LDAP system. I can pull back all the expected users and groups, based on my configuration; however, even though I can see want users are in certain groups, when I go and look at the User Memberships from the User Management tab: No "memberships" display..
Is this because this page only displays memberships that are configured/saved in the HibernateStore? or do I have to change/add some configuration in my IdentityStore so that it will display the user's memberships? Stepping through the code it appears that the application does a get Relationships for my user with role "member" and nothing comes back...
I can only assume that if I can call get members for group "X", then I should be able to to call get groups for member "User." My plan is to using the existing LDAP groups within our GateIn Portal. Such that all users in that currently exist in LDAP group "Support" will have access to certain pages within our portal.
<identity-object-type>
<name>USER</name>
....
<options>
<option>
<name>idAttributeName</name>
<value>mailNickname</value>
</option>
<option>
<name>entrySearchFilter</name>
<value><![CDATA[(&(mailNickname={0})(objectClass=user))]]></value>
</option>
<option>
<name>passwordAttributeName</name>
<value>unicodePwd</value>
</option>
<option>
<name>enclosePasswordWith</name>
<value>"</value>
</option>
<option>
<name>passwordEncoding</name>
<value>UTF-16LE</value>
</option>
<option>
<name>ctxDNs</name>
<value>OU=Users,DC=mycompany,DC=com</value>
</option>
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=person</value>
<value>objectClass=organizationalPerson</value>
<value>objectClass=user</value>
<value>sn=</value>
<value>userAccountControl=514</value>
</option>
<option>
<name>passwordUpdateAttributeValues</name>
<value>userAccountControl=512</value>
</option>
</options>
.....
<identity-object-type>
<name>GROUP</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>GROUP</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
....
<options>
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
<option>
<name>ctxDNs</name>
<value>CN=Groups,DC=mycompany,DC=com</value>
</option>
<option>
<name>entrySearchFilter</name>
<value><![CDATA[(&(cn={0})(objectClass=group))]]></value>
</option>
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
<option>
<name>isParentMembershipAttributeDN</name>
<value>true</value>
</option>
<option>
<name>allowEmptyMemberships</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=group</value>
</option>
</options>
</identity-object-type>
Any Ideas, why I cannot see my user's memberships?
James.
We are running JEPP 5.0.1