-
1. Re: Ldap (Active Directory) fields and user attributes
javaspack Apr 12, 2010 7:20 PM (in response to javaspack)Looks like I found a partial answer. The 'name' attribute needs to match some constant from the P3PConstants class
(http://docs.jboss.org/jbportal/v2.7.0/javadoc-bundle/common/constant-values.html). Even though the docs is from v2.7, it still appears to work.
However, looking at the 3 default mappings, they don't use those constants. Based on what I'm using, the name 'firstName' should be 'user.name.given' and not just firstName. Do those 3 default mappings not work?
Based on this, I'm not sure I understand how the whole attribute/mapping is supposed to work.
-
2. Re: Ldap (Active Directory) fields and user attributes
bdaw Apr 13, 2010 2:58 AM (in response to javaspack)I'm affraid that management portlet displays only hardcoded attributes defined in the UserProfile interface. Attributes that you map in the configuration should be available using the API:
PortalContainer container = PortalContainer.getInstance(); OrganizationService orgService = (OrganizationService) container.getComponentInstanceOfType(OrganizationService.class); UserHandler userHandler = orgService.getUserHandler(); User user = userHandler.findUserByName(request.getUserPrincipal().getName()); UserProfileHandler profileHandler = orgService.getUserProfileHandler(); UserProfile profile = profileHandler.findUserProfileByName(user.getUserName());
-
3. Re: Ldap (Active Directory) fields and user attributes
javaspack Apr 14, 2010 5:46 PM (in response to bdaw)Maybe I'm not being clear, which I often do.
I am trying to modify the picketlink-idm-ad-sso-ro-config.xml so that I can retrieve additional user data from Active Directory.
In this file, under
<identity-object-type>
<name>USER</name>there is a user attribute defined:
<attribute>
<name>firstName</name>
<mapping>givenName</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>So, using that example, I added one of my own:
<attribute>
<name>user.employer</name>
<mapping>company</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>true</isUnique>
</attribute>I was unable to get this to work until I set <name> to be user.employer. Now it works just like I want. This value shows up when I edit the user profile, but it won't let me change it in the Admin UI. I have to change it in AD. However, any value that I don't define in the attributes CAN be changed in the admin UI.
This allows me to use AD as the main repository where user data is stored across applications (very good), while allowing me to modify portal specific properties, or those I don't want to retrieve from AD with the Admin UI.
I have tested this and can find no problems with it. I have used several of the constants from the P3PConstants class, and in each case it gets my data from AD.
Howerver, based on your response Boleslaw, this shouldn't work? The fact that is does is great. My only problem was finding that constants file to figure out what value I should be using.
-
4. Re: Ldap (Active Directory) fields and user attributes
artmunro Aug 31, 2010 7:02 PM (in response to javaspack)Any chance you figured out what the additional attribute names are? Please see my posting...
http://community.jboss.org/message/559907
Im also mapped to LDAP and want to store all the user info in the LDAP
thanks,
Art