1 Reply Latest reply on Jan 10, 2020 3:48 PM by walkerca

    Anything Like LDAP defaultRole in Elytron?




      I have a working legacy LDAP configuration that is running in WF 17.  I'm trying to migrate it to Elytron, but I'm getting an error that I think is role related.  My legacy config is using defaultRole to set up the role referenced in the web.xml.  I tried a constant role mapper, but this doesn't seem to be taking effect (placed it at both the security domain and realm levels).


      These are some messages from server.log that seem relevant.

      13:49:22,099 DEBUG [org.wildfly.security] (default task-1) Identity [myuser] attributes are:

      13:49:22,102 DEBUG [org.wildfly.security] (default task-1)     Attribute [Roles] value [CN=myteam,OU=MYTeam,DC=company,DC=fullcompany].


      And this is the config

      <ldap-realm name="my-ldap-realm" dir-context="my-ldap-connection" direct-verification="true">

                          <identity-mapping rdn-identifier="memberOf" search-base-dn="CN=Users,DC=company,DC=fullcompany" filter-name="(sAMAccountName={0})">


                                  <attribute from="memberOf" to="Roles"/>





      The binding and principal look up appear to be functioning.  I'd like to either return a static "appuser" as a default role or to translate the LDAP return value into "appuser".