4 Replies Latest reply on Mar 8, 2013 8:11 AM by Marc Boorshtein

    Gatein 3.5 on JBoss 7 - LDAP

    Marc Boorshtein Newbie

      I'm trying to implement GateIn with an existing LDAP directory.  Its built on a virtual directory and is read-only.  I followed the instructions in "Integrating with an existing LDAP store" in the Gatein Cookbook.  After following the directions, I am getting two exceptions in my logs:

       

       

      6:54:22,107 ERROR [exo.kernel.container.MX4JComponentAdapter] (MSC service thread 1-2) Failed to instanciate plugin add.hibernate.mapping for component org.exoplatform.services.organization.idm.CustomHibernateServiceImpl@68752860: null: java.security.PrivilegedActionException: java.lang.reflect.InvocationTargetException

          at org.exoplatform.commons.utils.SecurityHelper.doPrivilegedExceptionAction(SecurityHelper.java:318) [exo.kernel.commons-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.addComponentPlugin(MX4JComponentAdapter.java:169) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:114) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstanceOfType(ConcurrentPicoContainer.java:422) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstanceOfType(CachingContainer.java:139) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.createComponent(ExoContainer.java:411) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:97) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstanceOfType(ConcurrentPicoContainer.java:422) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstanceOfType(CachingContainer.java:139) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.createComponent(ExoContainer.java:411) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:97) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:468) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstancesOfType(ConcurrentPicoContainer.java:366) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.CachingContainer.getComponentInstancesOfType(CachingContainer.java:111) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.visitContainer(LifecycleVisitor.java:151) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.accept(ConcurrentPicoContainer.java:615) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.picocontainer.defaults.AbstractPicoVisitor.traverse(AbstractPicoVisitor.java:32)

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:90) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.start(LifecycleVisitor.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.start(ConcurrentPicoContainer.java:554) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:269) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.PortalContainer.start(PortalContainer.java:656) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:257) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainer(RootContainer.java:674) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainers(RootContainer.java:342) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.gatein.integration.jboss.as7.web.StartupService.start(StartupService.java:50)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_09-icedtea]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_09-icedtea]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]

      Caused by: java.lang.reflect.InvocationTargetException

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.exoplatform.container.jmx.MX4JComponentAdapter$1.run(MX4JComponentAdapter.java:173) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.jmx.MX4JComponentAdapter$1.run(MX4JComponentAdapter.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.commons.utils.SecurityHelper.doPrivilegedExceptionAction(SecurityHelper.java:310) [exo.kernel.commons-2.4.0-GA.jar:2.4.0-GA]

          ... 39 more

      Caused by: java.lang.NullPointerException

          at org.hibernate.cfg.Configuration.addURL(Configuration.java:627) [hibernate-core-4.0.1.Final.jar:4.0.1.Final]

          at org.exoplatform.services.database.impl.HibernateServiceImpl.addPlugin(HibernateServiceImpl.java:121) [exo.core.component.database-2.5.0-GA.jar:2.5.0-GA]

          ... 46 more

      and

       

      16:54:57,174 ERROR [exo.kernel.container.RootContainer] (MSC service thread 1-2) Cannot create the portal container 'portal' . ServletContext: org.apache.catalina.core.ApplicationContextFacade@3401185b: org.picocontainer.PicoIntrospectionException: Failed when calling start on org.exoplatform.services.organization.ldap.OrganizationServiceImpl@e1452ee

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:136) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.LifecycleVisitor.start(LifecycleVisitor.java:170) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ConcurrentPicoContainer.start(ConcurrentPicoContainer.java:554) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:269) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.PortalContainer.start(PortalContainer.java:656) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.ExoContainer.start(ExoContainer.java:257) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainer(RootContainer.java:674) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.exoplatform.container.RootContainer.createPortalContainers(RootContainer.java:342) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          at org.gatein.integration.jboss.as7.web.StartupService.start(StartupService.java:50)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)

          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_09-icedtea]

          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_09-icedtea]

          at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09-icedtea]

      Caused by: java.lang.RuntimeException: Failed start Organization Service org.exoplatform.services.organization.ldap.OrganizationServiceImpl, probably because of configuration error. Error occurs when initialize org.exoplatform.services.organization.OrganizationDatabaseInitializer

          at org.exoplatform.services.organization.BaseOrganizationService.start(BaseOrganizationService.java:91) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at sun.reflect.GeneratedMethodAccessor38.invoke(Unknown Source) [:1.7.0_09-icedtea]

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_09-icedtea]

          at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_09-icedtea]

          at org.exoplatform.container.LifecycleVisitor.traverse(LifecycleVisitor.java:100) [exo.kernel.container-2.4.0-GA.jar:2.4.0-GA]

          ... 13 more

      Caused by: javax.naming.InvalidNameException: Can not create membership record root,manager,/platform/administrators because membership type manager is not exists.

          at org.exoplatform.services.organization.ldap.MembershipDAOImpl.createMembership(MembershipDAOImpl.java:135) [exo.core.component.organization.ldap-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.ldap.MembershipDAOImpl.linkMembership(MembershipDAOImpl.java:223) [exo.core.component.organization.ldap-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.OrganizationDatabaseInitializer.createUsers(OrganizationDatabaseInitializer.java:184) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.OrganizationDatabaseInitializer.init(OrganizationDatabaseInitializer.java:76) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          at org.exoplatform.services.organization.BaseOrganizationService.start(BaseOrganizationService.java:83) [exo.core.component.organization.api-2.5.0-GA.jar:2.5.0-GA]

          ... 17 more

      Below is my ldap configuration:

       

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <!--

       

          Copyright (C) 2009 eXo Platform SAS.

         

          This is free software; you can redistribute it and/or modify it

          under the terms of the GNU Lesser General Public License as

          published by the Free Software Foundation; either version 2.1 of

          the License, or (at your option) any later version.

         

          This software is distributed in the hope that it will be useful,

          but WITHOUT ANY WARRANTY; without even the implied warranty of

          MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

          Lesser General Public License for more details.

         

          You should have received a copy of the GNU Lesser General Public

          License along with this software; if not, write to the Free

          Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA

          02110-1301 USA, or see the FSF site: http://www.fsf.org.

       

      -->

       

      <configuration

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd http://www.exoplaform.org/xml/ns/kernel_1_2.xsd"

          xmlns="http://www.exoplaform.org/xml/ns/kernel_1_2.xsd">

        <component>

          <key>org.exoplatform.services.ldap.LDAPService</key>

          <type>org.exoplatform.services.ldap.impl.LDAPServiceImpl</type>

          <init-params>

            <object-param>

              <name>ldap.config</name>

              <description>Default ldap config</description>

              <object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">

       

                <!-- for multiple ldap servers, use comma seperated list of host:port (Ex. ldap://127.0.0.1:389,10.0.0.1:389) -->

                <field name="providerURL">

                  <string>ldap://192.168.122.120:10389</string>

                </field>

       

                <field name="rootdn">

                  <string>CN=JBossUser,CN=Service Accounts,CN=Users,ou=enterprise-domain-com,o=Tremolo</string>

                </field>

       

                <field name="password">

                  <string>XXXXXXXXX</string>

                </field>

       

                <field name="version">

                  <string>3</string>

                </field>

       

                <field name="minConnection">

                  <int>5</int>

                </field>

       

                <field name="maxConnection">

                  <int>10</int>

                </field>

       

                <field name="referralMode">

                  <string>ignore</string>

                </field>

       

                <!--

                          <field  name="referralMode"><string>ignore</string></field>

                -->

       

                <field name="serverName">

                  <string>default</string>

                </field>

       

                <!--

                          LDAP server names : default,

                                              active.directory,

                                              open.ldap,

                                              netscape.directory,

                                              redhat.directory;

                -->

       

       

              </object>

            </object-param>

          </init-params>

        </component>

       

        <component>

          <key>org.exoplatform.services.organization.OrganizationService</key>

          <type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>

          <component-plugins>

            <component-plugin>

              <name>init.service.listener</name>

              <set-method>addListenerPlugin</set-method>

              <type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>

              <description>this listener populate organization ldap service create default dn</description>

            </component-plugin>

          </component-plugins>

          <init-params>

            <value-param>

              <name>ldap.userDN.key</name>

              <description>The key used to compose user DN</description>

              <value>cn</value>

            </value-param>

       

            <object-param>

              <name>ldap.attribute.mapping</name>

              <description>ldap attribute mapping</description>

              <object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">

                <field name="userLDAPClasses">

                  <string>top,person,organizationalPerson,inetOrgPerson</string>

                </field>

                <field name="profileLDAPClasses">

                  <string>top,organizationalPerson</string>

                </field>

                <field name="groupLDAPClasses">

                  <string>top,organizationalUnit</string>

                </field>

                <field name="membershipTypeLDAPClasses">

                  <string>top,organizationalRole</string>

                </field>

                <field name="membershipLDAPClasses">

                  <string>top,groupOfUniqueNames</string>

                </field>

       

                <field name="baseURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="groupsURL">

                  <string>CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo</string>

                </field>

                <field name="membershipTypeURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="userURL">

                  <string>o=Tremolo</string>

                </field>

                <field name="profileURL">

                  <string>o=Tremolo</string>

                </field>

       

                <field name="userUsernameAttr">

                  <string>uid</string>

                </field>

                <field name="userPassword">

                  <string>userPassword</string>

                </field>

                <field name="userFirstNameAttr">

                  <string>givenName</string>

                </field>

                <field name="userLastNameAttr">

                  <string>sn</string>

                </field>

                <field name="userDisplayNameAttr">

                  <string>displayName</string>

                </field>

                <field name="userMailAttr">

                  <string>mail</string>

                </field>

                <field name="userObjectClassFilter">

                  <string>objectClass=person</string>

                </field>

       

                <field name="membershipTypeMemberValue">

                  <string>uniqueMember</string>

                </field>

                <field name="membershipTypeRoleNameAttr">

                  <string>cn</string>

                </field>

                <field name="membershipTypeNameAttr">

                  <string>cn</string>

                </field>

                <field name="membershipTypeObjectClassFilter">

                  <string>objectClass=organizationalRole</string>

                </field>

                <field name="membershiptypeObjectClass">

                  <string>organizationalRole</string>

                </field>

       

                <field name="groupObjectClass">

                  <string>organizationalUnit</string>

                </field>

                <field name="groupObjectClassFilter">

                  <string>objectClass=organizationalUnit</string>

                </field>

       

                <field name="membershipObjectClass">

                  <string>groupOfUniqueNames</string>

                </field>

                <field name="membershipObjectClassFilter">

                  <string>objectClass=groupOfUniqueNames</string>

                </field>

       

                <field name="ldapCreatedTimeStampAttr">

                  <string>createdTimeStamp</string>

                </field>

                <field name="ldapModifiedTimeStampAttr">

                  <string>modifiedTimeStamp</string>

                </field>

                <field name="ldapDescriptionAttr">

                  <string>description</string>

                </field>

              </object>

            </object-param>

          </init-params>

        </component>

       

        <external-component-plugins>

          <target-component>org.exoplatform.services.database.HibernateService</target-component>

          <component-plugin>

            <name>add.hibernate.mapping</name>

            <set-method>addPlugin</set-method>

            <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>

            <init-params>

              <values-param>

                <name>hibernate.mapping</name>

                <value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>

              </values-param>

            </init-params>

          </component-plugin>

        </external-component-plugins>

       

        <!-- for ldap clean database

        <external-component-plugins>

          <target-component>org.exoplatform.services.ldap.LDAPService</target-component>

          <component-plugin>

            <name>delete.object</name>

            <set-method>addDeleteObject</set-method>

            <type>org.exoplatform.services.ldap.DeleteObjectCommand</type>

            <init-params>

              <values-param>

                <name>objects.to.delete</name>

                <value>cn=demo,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=test,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=Benj,ou=users,ou=portal,dc=exoplatform,dc=org</value>

                <value>cn=tuan,ou=users,ou=portal,dc=exoplatform,dc=org</value>

              </values-param>

            </init-params>

          </component-plugin>

        </external-component-plugins>

        -->

      </configuration>

      The only changes I made from the default file were:

      1.  Added the settings for my virtual directory

      2.  Changed all references from groupOfNames to groupOfUniqueNames

      3.  Changed all references from member to uniqueMember

       

      After starting Gatein tried to create several OUs:

       

      [root@localhost gatein]# ldapsearch -x -h 192.168.122.120 -p 10389 -b 'cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-domain-com,o=Tremolo' -s sub '(objectClass=organizationalUnit)' 1.1

      # extended LDIF

      #

      # LDAPv3

      # base <cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-domain-com,o=Tremolo> with scope subtree

      # filter: (objectClass=organizationalUnit)

      # requesting: 1.1

      #

       

      # platform, JbossPortal, Application Access Groups, Users, enterprise-domain-

      com, Tremolo

      dn: OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterp

      rise-domain-com,o=Tremolo

       

      # administrators, platform, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=administrators,OU=platform,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # users, platform, JbossPortal, Application Access Groups, Users, enterprise-

      domain-com, Tremolo

      dn: OU=users,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users,

      ou=enterprise-domain-com,o=Tremolo

       

      # guests, platform, JbossPortal, Application Access Groups, Users, enterprise

      -domain-com, Tremolo

      dn: OU=guests,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN=Users

      ,ou=enterprise-domain-com,o=Tremolo

       

      # organization, platform, JbossPortal, Application Access Groups, Users, ente

      rprise-domain-com, Tremolo

      dn: OU=organization,OU=platform,CN=JbossPortal,CN=Application Access Groups,CN

      =Users,ou=enterprise-domain-com,o=Tremolo

       

      # organization, JbossPortal, Application Access Groups, Users, enterprise-dom

      ain-com, Tremolo

      dn: OU=organization,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=en

      terprise-domain-com,o=Tremolo

       

      # management, organization, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=management,OU=organization,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # executive-board, organization, JbossPortal, Application Access Groups, User

      s, enterprise-domain-com, Tremolo

      dn: OU=executive-board,OU=organization,CN=JbossPortal,CN=Application Access Gr

      oups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # executive-board, management, organization, JbossPortal, Application Access

      Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=executive-board,OU=management,OU=organization,CN=JbossPortal,CN=Applica

      tion Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # human-resources, management, organization, JbossPortal, Application Access

      Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=human-resources,OU=management,OU=organization,CN=JbossPortal,CN=Applica

      tion Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # communication, management, organization, JbossPortal, Application Access Gr

      oups, Users, enterprise-domain-com, Tremolo

      dn: OU=communication,OU=management,OU=organization,CN=JbossPortal,CN=Applicati

      on Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # communication, organization, JbossPortal, Application Access Groups, Users,

        enterprise-domain-com, Tremolo

      dn: OU=communication,OU=organization,CN=JbossPortal,CN=Application Access Grou

      ps,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # marketing, communication, organization, JbossPortal, Application Access Gro

      ups, Users, enterprise-domain-com, Tremolo

      dn: OU=marketing,OU=communication,OU=organization,CN=JbossPortal,CN=Applicatio

      n Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # press-and-media, communication, organization, JbossPortal, Application Acce

      ss Groups, Users, enterprise-domain-com, Tremolo

      dn: OU=press-and-media,OU=communication,OU=organization,CN=JbossPortal,CN=Appl

      ication Access Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # operations, organization, JbossPortal, Application Access Groups, Users, en

      terprise-domain-com, Tremolo

      dn: OU=operations,OU=organization,CN=JbossPortal,CN=Application Access Groups,

      CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # sales, operations, organization, JbossPortal, Application Access Groups, Us

      ers, enterprise-domain-com, Tremolo

      dn: OU=sales,OU=operations,OU=organization,CN=JbossPortal,CN=Application Acces

      s Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # finances, operations, organization, JbossPortal, Application Access Groups,

        Users, enterprise-domain-com, Tremolo

      dn: OU=finances,OU=operations,OU=organization,CN=JbossPortal,CN=Application Ac

      cess Groups,CN=Users,ou=enterprise-domain-com,o=Tremolo

       

      # customers, JbossPortal, Application Access Groups, Users, enterprise-domain

      -com, Tremolo

      dn: OU=customers,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enter

      prise-domain-com,o=Tremolo

       

      # partners, JbossPortal, Application Access Groups, Users, enterprise-domain-

      com, Tremolo

      dn: OU=partners,CN=JbossPortal,CN=Application Access Groups,CN=Users,ou=enterp

      rise-domain-com,o=Tremolo

       

      # search result

      search: 2

      result: 0 Success

      matchedDN: cn=JbossPortal,cn=Application Access Groups,cn=Users,ou=enterprise-

      domain-com,o=Tremolo

       

      # numResponses: 20

      # numEntries: 19

       

      Since the account is read-only I created the ou's manually but I don't understand what they are for.  Also, whats the difference between the groupURL, profileURL and membershipURL?  I've gotten LDAP authentication working on GateIn 3.0 quite some time ago when it was all part of PicketLink but the new configuration doesn't seem to tie.  Any help would be greatly appreciated.

       

      Thanks

      Marc