[jboss-user] [JBoss Portal] - Admin role ignored when fetched from LDAP

olivsch7 do-not-reply at jboss.com
Tue Jan 13 08:05:28 EST 2009 

Hello together,

I have configured JBoss Portal to use our LDAP's groups as portal roles. As groups don't differ from roles in our LDAP, this works very well except one issue: I created the group "Admin" in the directory and assigned it to the user "olivsch7". When I log in with this user, JBoss Portal doesn't grant him the rights of the "Admin" group although it recognizes that he is its member. In other words, I can see in the portal user management that he is user of the Admin/Administrators group but "olivsch7" cannot access the admin portal. Users in the portal database (who are also member of "Admin") can access the admin portal. Unfortunately, the log files don't give any information about this to me. This is an excerpt:
2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Synchronizing user: olivsch7
  | 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Role Group: Roles
  | 2009-01-13 13:35:26,890 DEBUG [org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule] $$Principal in group: admin; admin
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.jdbc.JDBCContext] successfully registered Synchronization
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.impl.SessionImpl] opened session at timestamp: 5045658119741440
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.engine.query.QueryPlanCache] unable to locate HQL query plan in cache; generating (from HibernateUserImpl where userName=:userName)
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.QueryTranslatorImpl] parse() - HQL: from org.jboss.portal.identity.db.HibernateUserImpl where userName=:userName
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.AST] --- HQL AST ---
  |  \-[QUERY] 'query'
  |     +-[SELECT_FROM] 'SELECT_FROM'
  |     |  \-[FROM] 'from'
  |     |     \-[RANGE] 'RANGE'
  |     |        \-[DOT] '.'
  |     |           +-[DOT] '.'
  |     |           |  +-[DOT] '.'
  |     |           |  |  +-[DOT] '.'
  |     |           |  |  |  +-[DOT] '.'
  |     |           |  |  |  |  +-[IDENT] 'org'
  |     |           |  |  |  |  \-[IDENT] 'jboss'
  |     |           |  |  |  \-[IDENT] 'portal'
  |     |           |  |  \-[IDENT] 'identity'
  |     |           |  \-[IDENT] 'db'
  |     |           \-[IDENT] 'HibernateUserImpl'
  |     \-[WHERE] 'where'
  |        \-[EQ] '='
  |           +-[IDENT] 'userName'
  |           \-[COLON] ':'
  |              \-[IDENT] 'userName'
  | 
  | 2009-01-13 13:35:26,890 DEBUG [org.hibernate.hql.ast.ErrorCounter] throwQueryException() : no errors

I'm really clueless about this because when I configure the portal to use our LDAP's roles (instead of groups), it works. Do you have a clue?

Thank you very much in advance!

Kind regards
Oliver

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4201366#4201366

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4201366

More information about the jboss-user mailing list