0 Replies Latest reply on Nov 27, 2008 7:34 PM by Tamas Malatinszki

    Seam 2.1 and LDAP - group membership checking

    Tamas Malatinszki Newbie

      Hi All,


      I started to use Seam 2.1 with LDAP authentication/authorization, my user is member of A group in Active Directory, and this A group is a member in group B. With identityManager I tried to get all of groups where my user is a member, but I'm receiving only the A group. It is logical, because I'm only an indirect member of group B, but is there any possibility to get ALL the groups where I'm a member?
      Here is my configuration in components.xml:


      <security:identity-manager identity-store="#{ldapIdentityStore}" 
                                 role-identity-store="#{jpaIdentityStore}" scope="session"/>
        
      <security:ldap-identity-store server-address="testdomain.com"
                                    server-port="389"
                                    first-name-attribute="givenName"
                                    last-name-attribute="sn"
                                    bind-DN="CN=TEST USER,OU=USERS,DC=testdomain,DC=com"
                                    bind-credentials="secret"
                                    user-DN-prefix="sAMAccountName="
                                    user-name-attribute="sAMAccountName"
                                    user-DN-suffix=",OU=Users,DC=testdomain,DC=com"
                                    user-context-DN="OU=Users,DC=testdomain,DC=com"
                                    role-DN-prefix="distinguishedName="
                                    role-name-attribute="distinguishedName"
                                    role-object-classes="group"
                                    role-DN-suffix=",OU=Groups,DC=testdomain,DC=com"
                                    role-context-DN="OU=Groups,DC=testdomain,DC=com"
                                    user-role-attribute="memberOf"
                                    user-object-classes="user" 
                                    role-attribute-is-DN="false"/>



      I tried to use identityManager.getGrantedRoles and identityManager.getImpliedRoles, but I got the same result (both returns with group A only).


      Is there any solution for this issue?


      Many thanks,
      Tamas