0 Replies Latest reply on Jul 7, 2010 5:51 AM by vasuki hn

    Failed to retrieve Active directory Roles

    vasuki hn Newbie

      Hi All,


      I am using Active Directory(AD) for authentication and authorization. Authentication is working fine if I use CN for username.
      When I come to authorization, I have few groups created in AD and added few users to those groups.
      But no attribute in the User record holds the list of roles assigned to a user. So i am worried which attribute to configure for user-role-attribute property in my configuration file(components.xml).


      When i used JExplorer and logged into it and accessed a particular recoed, I was able to see memberof attribute holding list of group names. But i dont see that attribute in AD.


      Could anyone help me in solving this problem?


      FYI,
      I will attach my components.xml file code.



      <security:identity authenticate-method="#{authenticator.authenticate}"/>
         
         <security:identity-manager name="identityManager"  identity-store="#{ldapIdentityStore}" role-identity-store="#{ldapIdentityStore}"/> 
         
         <security:ldap-identity-store name="ldapIdentityStore" 
                server-address="10.28.254.181"
                server-port="389"
                bind-DN="CN=Administrator,CN=Users,DC=intra,DC=cogitate-it,DC=com"
                bind-credentials="W31com3RTSD" 
                user-DN-prefix="cn="
                user-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
                  user-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
                  role-DN-prefix="cn="
                role-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
                role-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
                user-role-attribute="memberOf"
                role-attribute-is-DN="true"
                role-name-attribute="cn"
                user-object-classes="person, user, organizationalPerson, top"
                role-object-classes="group"
                
      />