2 Replies Latest reply on Aug 17, 2015 5:46 PM by Craig Setera

    Relationship User - Role LDAP not working

    Daniel Kreuter Newbie

      Hey guys,

       

      I'm currently implementing a ldap integration for one of my systems. I've checked the quickstart guide which works quite fine. I can query users (logging in works, logout works as well) and I can query roles.

      But the relationship between role and user doesn't work.

       

      I use the exact same code snippet defined inside the quickstart application for the Grant.class. I've checked where the differnce might be in the definition of the role inside our ldap and the embedded ldap of the quickstart guide and found out, that in the embedded ldap we have member=uid,ou=People,dc=jboss,dc=org wheras in our company's ldap we only have member=uid.

       

      Is there a way to hook up something where I could grap the value of the member attribute, append the USER_DN_SUFFIX to it and then store it inside the Grant.class mapping so he can resolve the user? I'd like to get the picketlink implementation to work because it is quite convenient and easy to use instead of something more manual approach.

       

      Regards,

       

      Daniel

        • 1. Re: Relationship User - Role LDAP not working
          Daniel Kreuter Newbie

          Another thing I found out is, that the Grant mapping isn't called, either the ctor nor the setters of the Grant.class are called to set either the assignee nor the role.

          • 2. Re: Relationship User - Role LDAP not working
            Craig Setera Newbie

            Daniel,

             

            I'm not sure if you've found an answer to your problem, but I believe I had the same problem and was just able to resolve it.  For you or anyone else that may stumble over this question, I thought I would offer up my solution to the problem.  In my case, I started with the Quickstart that splits credentials (LDAP) and relationships (JPA).  I am using the simple/sample JPA entities for the storage.  I am attempting to store Roles in JPA and grant those roles to Users (LDAP) and it was failing to properly link things together.

             

            After a lot of time in the code, I figured out that it was trying to find the User within the JPA store despite the fact that it was located in LDAP.  The crux of the problem seemed to be the use of the RelationshipIdentityTypeEntity from the sample entities which was relating the entities via a database relationship.  While stepping through the code, I noticed that there was the ability to use a String-based mapping for the identifier rather than a direct object-to-object mapping in JPA.  I added a new JPA entity to my application that replaced the JPA relationship with a simple String attribute and used that instead of RelationshipIdentityTypeEntity.  The guts of entity class look like the following:

             

            @Entity
            public class RelationshipIdentityTypeViaIdentifierEntity implements Serializable {
            
                private static final long serialVersionUID = -3619372498444894118L;
            
                @Id
                @GeneratedValue
                private Long identifier;
            
                @RelationshipDescriptor
                private String descriptor;
            
                @RelationshipMember
                private String identityTypeIdentifier;
            
                @OwnerReference
                @ManyToOne
                private RelationshipTypeEntity owner;
            
            

             

            With this entity in place, my Role grants seem to be working as I would expect.

             

            Craig