4 Replies Latest reply on Sep 30, 2009 3:49 PM by Conrad Crampton

    LDAP authorisation and roles

    Conrad Crampton Newbie

      I have the following in my components.xml to use ldapIdentityStore


      <security:ldap-identity-store
                      server-address="ldap1r.server"
                      bind-DN="authuser"
                      bind-credentials="secret" 
                      user-DN-prefix="cn="
                      user-DN-suffix=",ou=Users,ou=RESOURCES,o=KENT" 
                      role-DN-prefix="cn="
                      role-DN-suffix=",ou=Groups,ou=RESOURCES,o=KENT" 
                      user-context-DN="ou=Users,ou=RESOURCES,o=KENT"
                      role-context-DN="ou=Groups,ou=RESOURCES,o=KENT" 
                      user-role-attribute="groupMembership"
                      role-name-attribute="cn" 
                      user-object-classes="Person,organizationalPerson,inetOrgPerson,groupOfNames"
                      role-object-classes="group,organizationalUnit"
                      first-name-attribute="givenName"
                      full-name-attribute="fullName"
                      last-name-attribute="tcSurname"
                       />
      



      This is fine and have got authentication working no problem. (couldn't believe how easy that was). However, when I am trying to use roles from LDAP for authorization, I have become unstuck.
      When I try


      log.debug("role size => " +  + identityManager.getImpliedRoles(identity.getCredentials().getUsername()).size());
                  log.debug("roles => " + identityManager.getImpliedRoles(identity.getCredentials().getUsername()));
                  
      



      to see what roles are, it only has one role. I actually have about 20 in my LDAP entry. These all are on the attribute name groupMembership. So when I use identity.hasRole(admin) for example it fails as there is only one role in the list. This is an arbitary one in the list - not the first and not the last.
      I have searched and searched for this type of issue, but no one else appears to be discussing this.


      Any pointers?
      using Seam 2.1.1 on GlassFish.


      Thanks
      Conrad