I'm trying to use PicketLink with 2 IdentityStores: one DB and one LDAP:
LDAP must be read only (contains only users+user attributes).
DB will contain everything: users, organizations, relationships, roles.
The use case is the following: I have to assign roles to the users from LDAP (and persist them in the DB store of course), in the same time the DB can contains users that are not in LDAP (and for them I must be able to assign roles too).
The question is: can I do that with current implementation of WrapperIdentityStoreRepository or FallbackIdentityStoreRepository?
There is in the current version of PicketLink a possibility to syncronize the 2 stores or I have to do it by hand?