<div dir="ltr"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">Hi guys<br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">I'm trying to use the picketlink on top of LDAP server using the following configuration:</div><br>public void observeIdentityConfigurationEvent(@Observes IdentityConfigurationEvent event){<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>IdentityConfigurationBuilder builder = event.getConfig();<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>builder.named("default")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.stores()<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.ldap()<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.baseDN("dc=moghaddam,dc=com")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.bindDN("cn=Directory Manager")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.bindCredential("111")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.url("ldap://localhost:389")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.supportCredentials(true)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.mapping(User.class)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.baseDN("ou=Users,dc=moghaddam,dc=com")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.objectClasses("inetOrgPerson")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("firstName", "givenName")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("lastName", "sn")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("email", "mail")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("loginName", "cn", true)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("employeeNumber", "employeeNumber")<br><span style="font-family:'trebuchet ms',sans-serif"> <div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div></span><span style="font-family:'trebuchet ms',sans-serif"> <div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div></span><span style="font-family:'trebuchet ms',sans-serif"> </span><span style="font-family:'trebuchet ms',sans-serif"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div></span><span style="font-family:'trebuchet ms',sans-serif"><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div></span>.mapping(Group.class)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.hierarchySearchDepth(4)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.baseDN("ou=Groups,dc=moghaddam,dc=com")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.objectClasses("gamGroup")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("name", "name", true)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.parentMembershipAttributeName("member")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.mapping(GroupMembership.class)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.forMapping(Group.class)<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.attribute("member", "member")<br><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"> </div>.build();<br>}<div><br></div><div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">What I want to do is to create a new Group as a child of a parent Group object:</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><p class="MsoNormal"></p><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div>Group
<div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline">parentGroup</div> = BasicModel.getGroup(identityManager, "/Group 1");<p></p><p class="MsoNormal"></p>
<div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;display:inline"></div>Group group = new Group(<div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline">"Child Group"</div>, <div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small;display:inline"></div><span style="font-family:'trebuchet ms',sans-serif">parentGroup</span>);</div><div><br>identityManager.add(group);</div><div><br></div><div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">If the "/Group 1" has at least one "member" in LDAP, everything works fine. But if it has no members at all, when PicketLink's <b><a href="http://LDAPIdentityStore.">LDAPIdentityStore.</a></b><b><a href="https://github.com/picketlink/picketlink/blob/master/modules/idm/impl/src/main/java/org/picketlink/idm/ldap/internal/LDAPIdentityStore.java#L1008">addToParentAsMember</a> </b>tries to load it from LDAP server, there would be no <b>Attribute </b>object named "member" in its attributes list. So when it tries to call the <b>add </b>method of the retrieved attribute, a NullPointerException would be thrown.</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">I'm not sure this is intentional (that means a group should always have at least a member) or is just a bug. So decided to ask it here first and didn't created an issue in JIRA yet. If it's a bug, there should be a checking against null before adding the new child and if the member attribute is null, we have to first add "member" attribute to the parent object and then try to add the new child to it.</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">Regards</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small">Ehsan</div><div class="gmail_default" style="font-family:'trebuchet ms',sans-serif;font-size:small"><br></div><br></div></div>