-
1. Re: LDAP Cache
claudio4j Sep 13, 2011 11:30 AM (in response to claudio4j)Found the solution.
Disable the cache configuration in your picket-link configuration.
So, disabling the cache will make portal communicate to MSAD everytime it needs user/group information, checks.
Mine is:
<realm>
<id>idm_realm</id>
<repository-id-ref>PortalRepository</repository-id-ref>
<identity-type-mappings>
<user-mapping>USER</user-mapping>
</identity-type-mappings>
<options>
<option>
<name>template</name>
<value>true</value>
</option>
<!--
<option>
<name>cache.providerRegistryName</name>
<value>apiCacheProvider</value>
</option>
-->
<options>
<option>
<name>providerURL</name>
<value>ldap://vmw2k3.testevm.teste.com:389</value>
</option>
....
<!--
<option>
<name>cache.providerRegistryName</name>
<value>storeCacheProvider</value>
</option>
-->
</options>
</identity-store>
-
2. Re: LDAP Cache
mposolda Sep 14, 2011 2:34 PM (in response to claudio4j)Hi Claudio,
it's caused by the https://issues.jboss.org/browse/JBEPP-893 (or https://issues.jboss.org/browse/GTNPORTAL-1866 at GateIn). As you can see in Jira, you can update from EPP 5.1.0 to EPP 5.1.1 or 5.2.0 and it should fix your problem.
Marek
-
3. Re: LDAP Cache
claudio4j Sep 28, 2011 1:33 PM (in response to mposolda)Hi Marek, I configured EPP 5.1.1 to authenticate in MSAD (using the same picketlink-msad-testevm-config.xml as of EPP 5.1.0).
Started EPP, logged in as root, went to user management view. Went to MSAD changed the emails of an user, waited 120s (as defined in jboss-cache.xml), but the change is not displayed in EPP user management view.
Have restarted EPP 5.1.1 and now the changes are correctly displayed in EPP user management view. So I need to disable the LDAP cache.
Can you test it ? I am using MS Active Directory as LDAP.