<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="GENERATOR" content="MSHTML 9.00.8112.16540">
</head>
<body>
<div dir="ltr" align="left"><span class="040450908-15092015"><font color="#0000ff" size="2" face="宋体">Hi all,</font></span></div>
<div dir="ltr" align="left"><span class="040450908-15092015"><font color="#0000ff" size="2" face="宋体"></font></span> </div>
<div dir="ltr" align="left"><span class="040450908-15092015"><font color="#0000ff" size="2" face="宋体">I don't think it's a bug. It's LDAP mechanism. You may create a member when you initialize your LDAP data, like this circled in red:</font></span></div>
<div dir="ltr" align="left"><span class="040450908-15092015"><img src="cid:040450908@15092015-0BA0"></span></div>
<div><font color="#0000ff" size="2" face="宋体"></font> </div>
<div> </div>
<div align="left"><font size="2" face="Arial">Thanks,</font><font size="3"><font size="2"><br>
</font></font><font color="#0000ff" size="2"><font color="#0000ff" size="2"><font color="#000000" face="Arial">Diego<br>
</font></font></font><font color="#0000ff" size="2"><font color="#0000ff" size="2"><font color="#000000"><font face="Arial">Software Engineer | IT Architecture |
</font><a title="blocked::mailto:diegol@synnex.com" href="blocked::mailto:diegol@synnex.com"><font face="Arial">diegol@synnex.com</font></a><font face="Arial"> | 782370</font></font></font></font></div>
<div dir="ltr" lang="en-us" class="OutlookMessageHeader" align="left">
<hr tabindex="-1">
<font size="2" face="Tahoma"><b>From:</b> security-dev-bounces@lists.jboss.org [mailto:security-dev-bounces@lists.jboss.org]
<b>On Behalf Of </b>Ehsan Zaery Moghaddam<br>
<b>Sent:</b> Tuesday, September 15, 2015 3:55 PM<br>
<b>To:</b> security-dev@lists.jboss.org<br>
<b>Subject:</b> [security-dev] Adding a new child group to a parent group that has no children before<br>
</font><br>
</div>
<div></div>
<div dir="ltr">
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
Hi guys<br>
</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
<br>
</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
I'm trying to use the picketlink on top of LDAP server using the following configuration:</div>
<br>
public void observeIdentityConfigurationEvent(@Observes IdentityConfigurationEvent event){<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
IdentityConfigurationBuilder builder = event.getConfig();<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
builder.named("default")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.stores()<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.ldap()<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.baseDN("dc=moghaddam,dc=com")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.bindDN("cn=Directory Manager")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.bindCredential("111")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.url("ldap://localhost:389")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.supportCredentials(true)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.mapping(User.class)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.baseDN("ou=Users,dc=moghaddam,dc=com")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.objectClasses("inetOrgPerson")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("firstName", "givenName")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("lastName", "sn")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("email", "mail")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("loginName", "cn", true)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("employeeNumber", "employeeNumber")<br>
<span style="FONT-FAMILY: 'trebuchet ms',sans-serif">
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
</span><span style="FONT-FAMILY: 'trebuchet ms',sans-serif">
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
</span><span style="FONT-FAMILY: 'trebuchet ms',sans-serif"> </span><span style="FONT-FAMILY: 'trebuchet ms',sans-serif">
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
</span><span style="FONT-FAMILY: 'trebuchet ms',sans-serif">
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
</span>.mapping(Group.class)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.hierarchySearchDepth(4)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.baseDN("ou=Groups,dc=moghaddam,dc=com")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.objectClasses("gamGroup")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("name", "name", true)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.parentMembershipAttributeName("member")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.mapping(GroupMembership.class)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.forMapping(Group.class)<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.attribute("member", "member")<br>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
.build();<br>
}
<div><br>
</div>
<div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
What I want to do is to create a new Group as a child of a parent Group object:</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
<br>
</div>
<p class="MsoNormal"></p>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
Group
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
parentGroup</div>
= BasicModel.getGroup(identityManager, "/Group 1");
<p></p>
<p class="MsoNormal"></p>
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif" class="gmail_default">
</div>
Group group = new Group(
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
"Child Group"</div>
,
<div style="DISPLAY: inline; FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
</div>
<span style="FONT-FAMILY: 'trebuchet ms',sans-serif">parentGroup</span>);</div>
<div><br>
identityManager.add(group);</div>
<div><br>
</div>
<div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
If the "/Group 1" has at least one "member" in LDAP, everything works fine. But if it has no members at all, when PicketLink's
<b><a href="http://LDAPIdentityStore.">LDAPIdentityStore.</a></b><b><a href="https://github.com/picketlink/picketlink/blob/master/modules/idm/impl/src/main/java/org/picketlink/idm/ldap/internal/LDAPIdentityStore.java#L1008">addToParentAsMember</a> </b>tries
to load it from LDAP server, there would be no <b>Attribute </b>object named "member" in its attributes list. So when it tries to call the
<b>add </b>method of the retrieved attribute, a NullPointerException would be thrown.</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
<br>
</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
I'm not sure this is intentional (that means a group should always have at least a member) or is just a bug. So decided to ask it here first and didn't created an issue in JIRA yet. If it's a bug, there should be a checking against null before adding the new
child and if the member attribute is null, we have to first add "member" attribute to the parent object and then try to add the new child to it.</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
<br>
</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
Regards</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
Ehsan</div>
<div style="FONT-FAMILY: 'trebuchet ms',sans-serif; FONT-SIZE: small" class="gmail_default">
<br>
</div>
<br>
</div>
</div>
</body>
</html>