0 Replies Latest reply on Feb 15, 2013 4:44 AM by Romain Dénarié

    Problem to read relations between user and group from LDAP in gatein

    Romain Dénarié Newbie



      I'm trying to use an existing LDAP with gatein. With my actual configuration, I can see LDAP users and groups in LDAP, but I can't see relations between the 2 in gatein even if it exists in LDAP.


      My LDAP is :


      # Exporter au format LDIF for cn=Sav,dc=example,dc=com

      # Serveur: My LDAP Server (

      # Portée de la recherche: sub

      # Filtre de recherche: (objectClass=*)

      # Entrées totales: 26


      # Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on February 15, 2013 8:41 am

      # Version: 1.2.2


      version: 1

      # Entrée 1: cn=Sav,dc=example,dc=com

      dn: cn=Sav,dc=example,dc=com

      cn: Sav

      gidnumber: 1028

      objectclass: posixGroup

      objectclass: top


      # Entrée 2: cn=User Test1,cn=Sav,dc=example,dc=co...

      dn: cn=User Test1,cn=Sav,dc=example,dc=com

      cn: User Test1

      givenname: User

      mail: sav_utest1@test.fr

      objectclass: inetOrgPerson

      objectclass: top

      sn: Test1

      uid: utest1.test

      userpassword: test


      # Entrée 3: cn=User Test2,cn=Sav,dc=example,dc=co...

      dn: cn=User Test2,cn=Sav,dc=example,dc=com

      cn: User Test2

      givenname: User

      mail: sav_utest2@test.fr

      objectclass: inetOrgPerson

      objectclass: top

      sn: Test2

      uid: utest2.test

      userpassword: test


      # Entrée 3: cn=User Test3,cn=Sav,dc=example,dc=co...

      dn: cn=User Test3,cn=Sav,dc=example,dc=com

      cn: User Test3

      givenname: User

      mail: sav_utest3@test.fr

      objectclass: inetOrgPerson

      objectclass: top

      sn: Test3

      uid: utest3.test

      userpassword: test


      # Entrée 4: cn=User Test4,cn=Sav,dc=example,dc=co...

      dn: cn=User Test4,cn=Sav,dc=example,dc=com

      cn: User Test4

      givenname: User

      mail: sav_utest4@test.fr

      objectclass: inetOrgPerson

      objectclass: top

      sn: Test4

      uid: utest4.test

      userpassword: test




      As you can see, there is not attribute in the group Sav which contains all users belongs to this group. Users are physically child of the group.


      In gatein, I can this this in my group :





      In user list, users are correctly loaded :



      If I edit userTest1.test, and go on tab membership, I see this :



      How should I configure PicketLink to see this type of relation ?

      I attach my picketLinkConfigFile.


      Thanks for your help.