1 2 Previous Next 17 Replies Latest reply: Apr 11, 2012 3:53 PM by Fred Curry RSS

Automatically put users from LDAP into /plateform/users?

Philippe GABERT Newbie

Hello,

 

I've read a lot of stuff to get rid of the 403 error after successfully connected GateIn, but as I don't have roles in my LDAP dictionnary, I can't use it.

 

I would like to import all users in the "/platform/users" group to automatically give them the right to access everything.

 

How could I do that? (I am with GateIn 3.0)

 

 

Here is my current idm-configuration.xml file:

 

 

<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
 
    Copyright (C) 2009 eXo Platform SAS.
    
    This is free software; you can redistribute it and/or modify it
    under the terms of the GNU Lesser General Public License as
    published by the Free Software Foundation; either version 2.1 of
    the License, or (at your option) any later version.
    
    This software is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
    Lesser General Public License for more details.
    
    You should have received a copy of the GNU Lesser General Public
    License along with this software; if not, write to the Free
    Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
    02110-1301 USA, or see the FSF site: http://www.fsf.org.
 
-->
 
<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"
               xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd">
 
 
  <component>
    <key>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</key>
    <type>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</type>
  </component>
 
  <component>
    <key>org.exoplatform.services.database.HibernateService</key>
    <jmx-name>database:type=HibernateService</jmx-name>
    <type>org.exoplatform.services.database.impl.HibernateServiceImpl</type>
    <init-params>
      <properties-param>
        <name>hibernate.properties</name>
        <description>Default Hibernate Service</description>
        <property name="hibernate.show_sql" value="false"/>
        <property name="hibernate.current_session_context_class" value="thread"/>
        <property name="hibernate.cache.use_second_level_cache" value="true"/>
        <property name="hibernate.cache.use_query_cache" value="true"/>
        <!--CHANGEME HashtableCacheProvider shold not be used in production env-->
        <property name="hibernate.cache.provider_class" value="org.hibernate.cache.HashtableCacheProvider"/>
        <property name="hibernate.connection.datasource" value="${gatein.idm.datasource.name}${container.name.suffix}"/>
        <property name="hibernate.connection.autocommit" value="true"/>
        <!--
             Should be automatically detected. Force otherwise 
        <property name="hibernate.dialect" value="org.hibernate.dialect.XXXDialect"/>
         -->
      </properties-param>
    </init-params>
  </component>
 
  <component>
    <key>org.exoplatform.services.organization.idm.PicketLinkIDMService</key>
    <type>org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl</type>
    <init-params>
      <value-param>
        <name>config</name>
        <!--<value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value>-->
 
        <!--Sample LDAP config-->
        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml</value>-->
 
        <!--ACME LDAP Example-->
        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>-->
 
        <!--MSAD LDAP Example-->
        <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>-->
 
        <!--MSAD Read Only LDAP Example-->
       <value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>
        
      </value-param>
 
      <!-- In default PicketLink IDM configuration hibernate store will namespace identity objects using this realm name
           if you want to share DB between portal and also share the same identity data remove the "${container.name.suffix}" part-->
      <value-param>
        <name>portalRealm</name>
        <value>idm_realm${container.name.suffix}</value>
      </value-param>
 
      <value-param>
        <name>cacheConfig</name>
        <value>war:/conf/organization/picketlink-idm/jboss-cache.xml</value>
      </value-param>
      
      <value-param profiles="cluster">
        <name>cacheConfig</name>
        <value>war:/conf/organization/picketlink-idm/jboss-cache-cluster.xml</value>
      </value-param>
 
    </init-params>
  </component>
 
 
  <component>
    <key>org.exoplatform.services.organization.OrganizationService</key>
    <type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type>
    <init-params>
      <object-param>
        <name>configuration</name>
        <object type="org.exoplatform.services.organization.idm.Config">
          <!-- For all ids not mapped with type in 'groupTypeMappings' use parent id path
               as a group type to store group in PicketLink IDM. The effect of setting
               this option to false and not providing any mappings under 'groupTypeMappings' option
               is that there can be only one group with a given name in all GateIn group tree-->
          <field name="useParentIdAsGroupType">
            <boolean>true</boolean>
          </field>
          <!-- Group stored in PicketLink IDM with a type mapped in 'groupTypeMappings' will
               automatically be member under mapped parent. Normally groups are linked by
               PicketLink IDM group association - such relationship won't be needed then. It can
               be set to false if all groups are added via GateIn APIs
               This option may be useful with LDAP config as it will make (if set to true) every entry
               added to LDAP (not via GateIn management UI) appear in GateIn-->
          <field name="forceMembershipOfMappedTypes">
            <boolean>true</boolean>
          </field>
          <!-- When 'userParentIdAsGroupType is set to true this value will be used to
               replace all "/" chars in id. This is because "/" is not allowed to be
               used in group type name in PicketLink IDM-->
          <field name="pathSeparator">
            <string>.</string>
          </field>
          <!-- Name of a group stored in PicketLink IDM that acts as root group in GateIn - "/" -->
          <field name="rootGroupName">
            <string>GTN_ROOT_GROUP</string>
          </field>
          <!-- Map groups added with GateIn API as a childs of a given group ID to be stored with a given
               group type name in PicketLink IDM. If parent ID ends with "/*" then all child groups will
               have the mapped group type. Otherwise only direct (first level) children will use this type.
 
               This can be leveraged by LDAP setup. Given LDAP DN configured in PicketLink IDM to
               store specific group type will then store one given branch in GateIn group tree while
               all other groups will remain in DB. -->
          <field name="groupTypeMappings">
            <map type="java.util.HashMap">
              <entry>
                <key><string>/</string></key>
                <value><string>root_type</string></value>
              </entry>
 
              <!-- Uncomment for sample LDAP configuration -->
              <!--
              <entry>
                <key><string>/platform/*</string></key>
                <value><string>platform_type</string></value>
              </entry>
              <entry>
                <key><string>/organization/*</string></key>
                <value><string>organization_type</string></value>
              </entry>
              -->
 
 
              <!-- Uncomment for ACME LDAP example -->
              <!--
              <entry>
                <key><string>/acme/roles/*</string></key>
                <value><string>acme_roles_type</string></value>
              </entry>
              <entry>
                <key><string>/acme/organization_units/*</string></key>
                <value><string>acme_ou_type</string></value>
              </entry>
              -->
 
              <!-- Uncomment for MSAD ReadOnly LDAP example -->
              
              <entry>
                <key><string>/platform/*</string></key>
                <value><string>users</string></value>
              </entry>
              
            </map>
          </field>
          <!-- If this option is used then each Membership created with MembrshipType that is
               equal to value specified here will be stored in PicketLink IDM as simple
               Group-User association-->
          <field name="associationMembershipType">
            <string>member</string>
          </field>
          <!-- if "associationMembershipType" option is used and this option is set to true
                then Membership with MembershipType configured to be stored as PicketLink IDM association
                will not be stored as PicketLink IDM Role -->
          <field name="ignoreMappedMembershipType">
            <boolean>false</boolean>
          </field>
          <!-- If 'true' will use JTA UserTransaction. If 'false' will use IDM transaction API -->
          <field name="useJTA">
            <boolean>false</boolean>
          </field>
        </object>
      </object-param>
    </init-params>
  </component>
 
  <external-component-plugins>
    <target-component>org.exoplatform.services.naming.InitialContextInitializer</target-component>
    <component-plugin>
      <name>bind.datasource</name>
      <set-method>addPlugin</set-method>
      <type>org.exoplatform.services.naming.BindReferencePlugin</type>
      <init-params>
        <value-param>
          <name>bind-name</name>
          <value>${gatein.idm.datasource.name}${container.name.suffix}</value>
        </value-param>
        <value-param>
          <name>class-name</name>
          <value>javax.sql.DataSource</value>
        </value-param>
        <value-param>
          <name>factory</name>
          <value>org.apache.commons.dbcp.BasicDataSourceFactory</value>
        </value-param>
        <properties-param>
          <name>ref-addresses</name>
          <description>ref-addresses</description>
          <property name="driverClassName" value="${portal.container.gatein.idm.datasource.driver}"/>
          <property name="url" value="${portal.container.gatein.idm.datasource.url}"/>
          <property name="username" value="${portal.container.gatein.idm.datasource.username}"/>
          <property name="password" value="${portal.container.gatein.idm.datasource.password}"/>
 
        </properties-param>
      </init-params>
    </component-plugin>
  </external-component-plugins>
 
  <external-component-plugins>
    <target-component>org.exoplatform.services.database.HibernateService</target-component>
    <component-plugin>
      <name>add.hibernate.mapping</name>
      <set-method>addPlugin</set-method>
      <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
      <init-params>
        <values-param>
          <name>hibernate.mapping</name>
          <value>picketlink-idm/mappings/HibernateRealm.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObject.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value>
          <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value>
        </values-param>
      </init-params>
    </component-plugin>
  </external-component-plugins>
 
</configuration>
 


 

 

Thank you in advance... GateIn currently work with my "strangely" designed LDAP dictionnary, so I want to continue with it...

1 2 Previous Next