I have configured JBoss Portal to use our LDAP's groups as portal roles. As groups don't differ from roles in our LDAP, this works very well except one issue: I created the group "Admin" in the directory and assigned it to the user "olivsch7". When I log in with this user, JBoss Portal doesn't grant him the rights of the "Admin" group although it recognizes that he is its member. In other words, I can see in the portal user management that he is user of the Admin/Administrators group but "olivsch7" cannot access the admin portal. Users in the portal database (who are also member of "Admin") can access the admin portal. Unfortunately, the log files don't give any information about this to me. This is an excerpt:
2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Synchronizing user: olivsch7 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Role Group: Roles 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Principal in group: admin; admin 2009-01-13 13:35:26,890 DEBUG [org.hibernate.jdbc.JDBCContext] successfully registered Synchronization 2009-01-13 13:35:26,890 DEBUG [org.hibernate.impl.SessionImpl] opened session at timestamp: 5045658119741440 2009-01-13 13:35:26,890 DEBUG [org.hibernate.engine.query.QueryPlanCache] unable to locate HQL query plan in cache; generating (from HibernateUserImpl where userName=:userName) 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.QueryTranslatorImpl] parse() - HQL: from org.jboss.portal.identity.db.HibernateUserImpl where userName=:userName 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.AST] --- HQL AST --- \-[QUERY] 'query' +-[SELECT_FROM] 'SELECT_FROM' | \-[FROM] 'from' | \-[RANGE] 'RANGE' | \-[DOT] '.' | +-[DOT] '.' | | +-[DOT] '.' | | | +-[DOT] '.' | | | | +-[DOT] '.' | | | | | +-[IDENT] 'org' | | | | | \-[IDENT] 'jboss' | | | | \-[IDENT] 'portal' | | | \-[IDENT] 'identity' | | \-[IDENT] 'db' | \-[IDENT] 'HibernateUserImpl' \-[WHERE] 'where' \-[EQ] '=' +-[IDENT] 'userName' \-[COLON] ':' \-[IDENT] 'userName' 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.ErrorCounter] throwQueryException() : no errors
I'm really clueless about this because when I configure the portal to use our LDAP's roles (instead of groups), it works. Do you have a clue?
Thank you very much in advance!