3 Replies Latest reply on Mar 2, 2015 9:45 AM by adaglio

    Exception when running quickstart picketlink-authorization-idm-ldap

    adaglio
    adaglio Feb 26, 2015 10:50 AM

      Hi everybody,

       

      I am learning Picketlink and I started from the quickstarts. I sambled upon a problem with the picketlink-authorization-idm-ldap Project.

      When adding the Role to a User (I am using the default model provided by picketlink) I get the following exception:

       

      16:43:21,288 ERROR [org.picketlink.idm.identity.store] (ServerService Thread Pool -- 79) Could not create Ldap context.: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; remaining name 'cn=ADMINISTRATOR,ou=Roles,dc=jboss,dc=tsi,dc=com'

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3100) [rt.jar:1.7.0_55]

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) [rt.jar:1.7.0_55]

       

      This is cause by the missing "member" element which is a mandatory field in the ldap object "groupOfNames".

       

      All these settings are in the quickstart.

      Am I missing something substantial?

       

      I really hope I am doing something wrong...but I cannot see what.

      thanks for reading

        • 1. Re: Exception when running quickstart picketlink-authorization-idm-ldap
          pcraveiro
          pcraveiro Feb 27, 2015 8:50 PM (in response to adaglio)

          Hey Aldo,

           

          Are you using Apache DS (like described in the quickstart's README.md) or some other server ? Also, how your IDM configuration looks like ?

           

          Regards.

          1 of 1 people found this helpful
            • Actions
          • 2. Re: Exception when running quickstart picketlink-authorization-idm-ldap
            adaglio
            adaglio Feb 28, 2015 12:28 PM (in response to pcraveiro)

            Hey Pedro,

             

            thanks for the hint, but I didn't took out from the README.md that I had to use an Apache DS in order for the quickstart to run properly. So, since I had an OpenLDAP up and running I've been using it instead. I will try with the Apache DS.

             

            In my case Users, Roles and Groups are added correctly...only the Relationship cause problems. I didn't change much in the IDM configuration...only the URL and Port.

             

            One more thing...the ObjectClass "groupOfNames" is specified by the LDAP specs...so it should be the same regardless of what I use as implementation (OpenLDAP or Apache DS)...am I correct?

             

            thanks for the help.

            cheers

              • Actions
            • 3. Re: Exception when running quickstart picketlink-authorization-idm-ldap
              adaglio
              adaglio Mar 2, 2015 9:45 AM (in response to adaglio)

              Hi Pedro, hi everyone,

               

              I tried with Apache DS, and it is indeed working. What is more surprising to me is that I can add a Role (using Objectclass "groupOfNames") without giving a Member, which is a mandatory attribute. Apache DS saves the Role and does not complain.

               

              OpenLDAP on the other hand does not allow you to do so.

              I am a bit surprised by this behavior.

               

              cheers

                • Actions