1 Reply Latest reply on Jun 11, 2013 9:16 AM by mposolda

Default membership for GateIn active directory users

anishantony Jun 11, 2013 2:36 AM

Hi all

How to put a default membership for active directory users in GateIn. I am using picketlink-idm-msad-readonly-config.xml file for configuring Active directory in GateIn

regards

Anish Antony

1. Re: Default membership for GateIn active directory users

mposolda Jun 11, 2013 9:16 AM (in response to anishantony)

Hi,

the group mappings is configured in file picketlink-idm-msad-readonly-config.xml by attribute ctxDns . For example if ctxDNS has value "CN=Users,DC=test,DC=domain" for identity object type "msad_roles_type" and this object is mapped to "/acme/roles/*" in groupTypeMappings in idm-configuration.xml, then all LDAP users from LDAP group "CN=mygroup,CN=Users,DC=test,DC=domain" will be in GateIn in group "/acme/roles/mygroup" . See details in docs https://docs.jboss.org/author/display/GTNPORTAL36/LDAP+integration#LDAPintegration-LDAPinReadonlyMode . Note that users from read-only LDAP are not in group /platform/users by default, so you may need to enable CustomMembershipLoginModule, which is also described in docs.

Marek
Actions