4 Replies Latest reply on Aug 31, 2010 7:02 PM by Art Munro

    Ldap (Active Directory) fields and user attributes

    Sean Whyte Newbie

      I have a test GateIn implementation using Active Directory on JBoss 5.1. I can login and see the AD users in the portal and everything seems to be good.

       

      However, I would like to retrieve additional data from AD for my users but am unable to get them to show up. Anytime I view a user's profile (under Group/Orgainization/Users and group management), the new data is not there. It looked as simple as adding another <attribute> to the USER identity object. By default, there are 3 attributes for the User object (firstName, lastName and email)

       

      Specifically, what I would like to is retrieve the 'title' field from AD and use it for the 'Job Title' field for the user in the portal. What I did was add a new attribute to the list of attributes that looks like this:

      <code>

                    <attribute>
                      <name>jobTitle</name>
                      <mapping>title</mapping>
                      <type>text</type>
                      <isRequired>false</isRequired>
                      <isMultivalued>false</isMultivalued>
                      <isReadOnly>false</isReadOnly>
                      <isUnique>true</isUnique>
                    </attribute>

      </code>

       

      I have also tried postalCode, phoneNumber and few others just to see if I could any of them to work. Is this even possible?

        • 1. Re: Ldap (Active Directory) fields and user attributes
          Sean Whyte Newbie

          Looks like I found a partial answer. The 'name' attribute needs to match some constant from the P3PConstants class

          (http://docs.jboss.org/jbportal/v2.7.0/javadoc-bundle/common/constant-values.html). Even though the docs is from v2.7, it still appears to work.

           

          However, looking at the 3 default mappings, they don't use those constants. Based on what I'm using, the name 'firstName' should be 'user.name.given' and not just firstName. Do those 3 default mappings not work?

           

          Based on this, I'm not sure I understand how the whole attribute/mapping is supposed to work.

          • 2. Re: Ldap (Active Directory) fields and user attributes
            Boleslaw Dawidowicz Master

            I'm affraid that management portlet displays only hardcoded attributes defined in the UserProfile interface. Attributes that you map in the configuration should be available using the API:

             

             

            PortalContainer container = PortalContainer.getInstance();
            OrganizationService orgService = (OrganizationService) container.getComponentInstanceOfType(OrganizationService.class);
            
            UserHandler userHandler = orgService.getUserHandler();
            User user = userHandler.findUserByName(request.getUserPrincipal().getName());
            
            UserProfileHandler profileHandler = orgService.getUserProfileHandler();
            UserProfile profile = profileHandler.findUserProfileByName(user.getUserName());
            
            
            
            • 3. Re: Ldap (Active Directory) fields and user attributes
              Sean Whyte Newbie

              Maybe I'm not being clear, which I often do.

               

              I am trying to modify the picketlink-idm-ad-sso-ro-config.xml so that I can retrieve additional user data from Active Directory.

              In this file, under

               

                 <identity-object-type>
                    <name>USER</name>

               

              there is a user attribute defined:

               

                     <attribute>
                       <name>firstName</name>
                       <mapping>givenName</mapping>
                       <type>text</type>
                       <isRequired>false</isRequired>
                       <isMultivalued>false</isMultivalued>
                       <isReadOnly>false</isReadOnly>
                     </attribute>

               

              So, using that example, I added one of my own:

               

                     <attribute>
                       <name>user.employer</name>
                       <mapping>company</mapping>
                       <type>text</type>
                       <isRequired>false</isRequired>
                       <isMultivalued>false</isMultivalued>
                       <isReadOnly>false</isReadOnly>
                       <isUnique>true</isUnique>
                     </attribute>

               

              I was unable to get this to work until I set <name> to be user.employer. Now it works just like I want. This value shows up when I edit the user profile, but it won't let me change it in the Admin UI. I have to change it in AD. However, any value that I don't define in the attributes CAN be changed in the admin UI.

               

              This allows me to use AD as the main repository where user data is stored across applications (very good), while allowing me to modify portal specific properties, or those I don't want to retrieve from AD with the Admin UI.

               

              I have tested this and can find no problems with it. I have used several of the constants from the P3PConstants class, and in each case it gets my data from AD.

               

              Howerver, based on your response Boleslaw, this shouldn't work? The fact that is does is great. My only problem was finding that constants file to figure out what value I should be using.

              • 4. Re: Ldap (Active Directory) fields and user attributes
                Art Munro Novice

                Any chance you figured out what the additional attribute names are?  Please see my posting...

                http://community.jboss.org/message/559907

                 

                 

                Im also mapped to LDAP and want to store all the user info in the LDAP

                 

                thanks,

                Art