JPA and LDAP configuration
dlp_ Jan 22, 2015 6:36 AMI am attempting to configure PicketLink IDM in the following scenario:
- Users, groups and group memberships are to be stored in an LDAP data store
- Everything else (roles, grants, etc.) are to be stored in a JPA data store
I have the following configuration, based on a combination of the JPA and LDAP quickstart examples:
IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); builder .named("default") .stores() .jpa() .supportCredentials(false) .supportGlobalRelationship(Grant.class) .supportAttributes(true) .supportType(Role.class) .ldap() .baseDN(BASE_DN) .bindDN(BIND_DN) .bindCredential(BIND_CREDENTIAL) .url(LDAP_URL) .supportCredentials(true) .supportType(Agent.class, Group.class, User.class) .supportGlobalRelationship(GroupMembership.class) .mapping(Agent.class) .baseDN(AGENT_DN_SUFFIX) .objectClasses("account") .attribute("loginName", UID, true) .readOnlyAttribute("createdDate", CREATE_TIMESTAMP) .mapping(User.class) .baseDN(USER_DN_SUFFIX) .objectClasses("inetOrgPerson", "organizationalPerson") .attribute("loginName", UID, true) .attribute("firstName", CN) .attribute("lastName", SN) .attribute("email", EMAIL) .readOnlyAttribute("createdDate", CREATE_TIMESTAMP) .mapping(Group.class) .baseDN(GROUP_DN_SUFFIX) .objectClasses(GROUP_OF_NAMES) .attribute("name", CN, true) .readOnlyAttribute("createdDate", CREATE_TIMESTAMP) .mapping(GroupMembership.class) .forMapping(Group.class) .attribute("member", "member");
But upon attempting to deploy the application, I get the following error:
Caused by: org.picketlink.idm.IdentityManagementException: The store does not support type [class org.picketlink.idm.model.basic.User]. The attribute mapping must provide a String-based field to reference instances of this type.
at org.picketlink.idm.jpa.internal.JPAIdentityStore.getAttributeMapper(JPAIdentityStore.java:1433)
at org.picketlink.idm.jpa.internal.JPAIdentityStore.getAttributes(JPAIdentityStore.java:1266)
at org.picketlink.idm.jpa.internal.JPAIdentityStore.loadAttributes(JPAIdentityStore.java:386)
at org.picketlink.idm.query.internal.DefaultIdentityQuery.getResultList(DefaultIdentityQuery.java:193)
... 56 more
Can anyone help me get this configuration right?