1 Reply Latest reply: Mar 28, 2012 11:58 AM by Shannon Sumner RSS

    Possible GateIn with LDAP Bug

    Shannon Sumner Newbie

      Hello All,

       

      I'm having trouble integrating GateIN with LDAP.  I've follwed the instructions here: https://community.jboss.org/wiki/GateInwithLDAPasadefaultuserandgroupstore.

       

      When I make my ctxDNs point to the following OU:

       

      Screen Shot 2012-03-28 at 9.37.14 AM.PNG

      Just the Generic User shows up in the Organization Management:

       

      Screen Shot 2012-03-28 at 9.11.21 AM.PNG

      I found a post which instructs me to add the following options to the picketlink xml

       

      <option>

      <name>entrySearchScope</name>

      <value>subtree</value>

      </option>

       

      This pulls in all the users - but I get these errors in the log for each local user:

       

      SEVERE: Failed to find IdentityObject in target store:

      org.picketlink.idm.common.exception.IdentityException: Found more than one identity object with name: demo; Posible data inconsistency

       

      The Ldap users are also missing there name and email:

       

      Screen Shot 2012-03-28 at 8.56.52 AM.PNG

       


      I then removed the entry scope parameter and changed the ctxDNs to one of the sub OUs.  I had the same problem as above.  I don't know if picketlink can handle sub OUs or if it is a memory issue (why would the local users be found twice?  Recursive loop bug?).

       

      If anyone else has ran into this and has found a solution - let me know.

       

      Thanks,

       

      Shannon Sumner

        • 1. Re: Possible GateIn with LDAP Bug
          Shannon Sumner Newbie

          Nevermind -

           

          Changed

           

                    <option>
                      <name>entrySearchFilter</name>
                      <value><![CDATA[(&(cn={0})(objectClass=User))]]></value>
                    </option>

           

          to

           

                    <option>
                      <name>entrySearchFilter</name>
                      <value><![CDATA[(&(sAMAccountName={0})(objectClass=User))]]></value>
                    </option>

           

          and it worked ...

           

          Now I just have to figure out how to display groups nested within other groups.

           

          -Shannon