Hi All,

I am using Active Directory(AD) for authentication and authorization. Authentication is working fine if I use CN for username.
When I come to authorization, I have few groups created in AD and added few users to those groups.
But no attribute in the User record holds the list of roles assigned to a user. So i am worried which attribute to configure for user-role-attribute property in my configuration file(components.xml).

When i used JExplorer and logged into it and accessed a particular recoed, I was able to see memberof attribute holding list of group names. But i dont see that attribute in AD.

Could anyone help me in solving this problem?

FYI,
I will attach my components.xml file code.

<security:identity authenticate-method="#{authenticator.authenticate}"/>
   
   <security:identity-manager name="identityManager"  identity-store="#{ldapIdentityStore}" role-identity-store="#{ldapIdentityStore}"/> 
   
   <security:ldap-identity-store name="ldapIdentityStore" 
          server-address="10.28.254.181"
          server-port="389"
          bind-DN="CN=Administrator,CN=Users,DC=intra,DC=cogitate-it,DC=com"
          bind-credentials="W31com3RTSD" 
          user-DN-prefix="cn="
          user-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
            user-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
            role-DN-prefix="cn="
          role-DN-suffix=",OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
          role-context-DN="OU=Dev,OU=HQ,DC=intra,DC=cogitate-it,DC=com"
          user-role-attribute="memberOf"
          role-attribute-is-DN="true"
          role-name-attribute="cn"
          user-object-classes="person, user, organizationalPerson, top"
          role-object-classes="group"
          
/>