I have been trying to figure out best way to handle linking new Picketlink JPA entities with existing application LDAP entries from before implementing Picketlink for authentication and authorization. In my implementation I am using both JPA and LDAP security stores, with LDAP currently only housing the User identities.
The first issue I have isolated, in regards to continuous integration and migration, is the linking relationship between LDAP Store User.entryUUID and the JPA entities stored in the database. Because the EntryUUID isn't unique across multiple LDAP instances (mock environments), I haven't been able to find a good method to handle bridging together the LDAP user to the Groups/Roles/Permissions, aside from a special custom 3rd party application that poses issues with CI and db migration/updates.
Is there a way I can handle both initial data load and database migrations, without the usage of a Singleton Startup SecurityInitializer concept, tens of users would pose issues, much less hundreds.
PL IDM is not tied with JEE. You can even use/bootstrap it from a pure Java SE application.
I hope that helps.