2 Replies Latest reply on Mar 26, 2010 11:08 AM by Boleslaw Dawidowicz

    Gatein and OpenLdap using IDM

    Art Munro Novice

      We are trying to connect Gatein to OpenLDAP ising the the IDM framework but can not get the mappings correct.  We are attempting to use the Sample LDAP that was provided for OpenDS but this results in errors/incomplete directory setup.

       

      Has anyone attempted this integration or can anyone supply sample to OpenLdap?  Is there documentation on the web that could explain where/what the mappings should be to OpenLDAP?  Is this an IDM thing or an OpenLDAP thing?

       

      cheers,

      Art

        • 1. Re: Gatein and OpenLdap using IDM
          Boleslaw Dawidowicz Master

          I want to have a sample configuration file for OpenLDAP present in GateIn and wiki instrations along the OpenDS and MSAD ones. It is in my TODOs for this week so unless I get burried with other stuff you can expect something soon. Will put a notice here once this is done.

          • 2. Re: Gatein and OpenLdap using IDM
            Boleslaw Dawidowicz Master

            I added OpenLDAP section and sample configuration files to those wikis:

             

            https://community.jboss.org/wiki/GateInwithLDAPasadefaultuserandgroupstore

            https://community.jboss.org/wiki/GateInwithLDAPinreadonlymode

             

            Those files will be present in GateIn 3.1

             

            There are two configuration tweeks that you need with OpenLDAP:

             

            1) It doesn't support LDAP sort control (at least not in default config) so LDAP store options should contain:

            <option>
                 <name>sortExtensionSupported</name>
                 <value>false</value>
              </option>

            2) If you don't use it in read-only mode (you let GateIn create entries) then you hit the strict schema where groupOfNames objectclass "member" attribute is required - it needs to have a value. To workaround this you need to add a special "placeholder" entry and add those options into every group identity object type:

             

             

            <option>
                 <name>parentMembershipAttributePlaceholder</name>
                 <value>ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>

            </option>

            <option>
            <name>createEntryAttributeValues</name>
                 <value>objectClass=top</value>
                 <value>objectClass=groupOfNames</value>
                 <value>member=ou=placeholder,o=portal,o=gatein,dc=my-domain,dc=com</value>
            </option>