Hi All,
I am using Active Directory(AD) for authentication and authorization. Authentication is working fine if I use CN for username.
When I come to authorization, I have few groups created in AD and added few users to those groups.
But no attribute in the User record holds the list of roles assigned to a user. So i am worried which attribute to configure for user-role-attribute property in my configuration file(components.xml).
When i used JExplorer and logged into it and accessed a particular recoed, I was able to see memberof attribute holding list of group names. But i dont see that attribute in AD.
Could anyone help me in solving this problem?
FYI,
I will attach my components.xml file code.
<security:identity authenticate-method="#{authenticator.authenticate}"/> <security:identity-manager name="identityManager" identity-store="#{ldapIdentityStore}" role-identity-store="#{ldapIdentityStore}"/> <security:ldap-identity-store name="ldapIdentityStore" server-address="10.28.254.181" server-port="389" bind-DN="CN=Administrator,CN=Users,DC=intra,DC=cogitate-it,DC=com" bind-credentials="W31com3RTSD" user-DN-prefix="cn=" user-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com" user-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com" role-DN-prefix="cn=" role-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com" role-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com" user-role-attribute="memberOf" role-attribute-is-DN="true" role-name-attribute="cn" user-object-classes="person, user, organizationalPerson, top" role-object-classes="group" />