One of our requirements is that we will need the notion of a OrganizationUnit, similar to
an LDAP organizational unit. Essentially a more strict grouping (a group/user can only
belong to one ou). Additionally, roles would be applicable to the OU in a similar way to
groups, so that users within the org inherit the roles assigned to the OU.
Are there any examples where we can augment the IDM model to support this case? We are
using JPA as the persistence layer though.
Thanks,
Anil