Hi guys

I'm trying to use the picketlink on top of LDAP server using the following configuration:

public void observeIdentityConfigurationEvent(@Observes IdentityConfigurationEvent event){
​    ​
IdentityConfigurationBuilder builder = event.getConfig();
​    ​
builder.named("default")
​    ​
.stores()
​    ​    ​
.ldap()
​​    ​    ​    ​
.baseDN("dc=moghaddam,dc=com")
​​    ​    ​    ​
.bindDN("cn=Directory Manager")
​​    ​    ​    ​
.bindCredential("111")
​​    ​    ​    ​
.url("ldap://localhost:389")
​​    ​    ​    ​
.supportCredentials(true)
​​    ​    ​    ​
.mapping(User.class)
​​    ​    ​    ​    ​
.baseDN("ou=Users,dc=moghaddam,dc=com")
​​    ​    ​    ​    ​
.objectClasses("inetOrgPerson")
​​    ​    ​    ​    ​
.attribute("firstName", "givenName")
​​    ​    ​    ​    ​
.attribute("lastName", "sn")
​​    ​    ​    ​    ​
.attribute("email", "mail")
​​    ​    ​    ​    ​
.attribute("loginName", "cn", true)
​​    ​    ​    ​    ​
.attribute("employeeNumber", "employeeNumber")
​    
​    
​    
.mapping(Group.class)
​​    ​    ​    ​    ​
.hierarchySearchDepth(4)
​​    ​    ​    ​    ​
.baseDN("ou=Groups,dc=moghaddam,dc=com")
​​    ​    ​    ​    ​
.objectClasses("gamGroup")
​​    ​    ​    ​    ​
.attribute("name", "name", true)
​​    ​    ​    ​    ​
.parentMembershipAttributeName("member")
​​    ​    ​    ​
.mapping(GroupMembership.class)
​​    ​    ​    ​    ​
.forMapping(Group.class)
​​    ​    ​    ​    ​
.attribute("member", "member")
​​    ​
.build();
}

What I want to do is to create a new Group as a child of a parent Group object:

Group
​parentGroup
 = BasicModel.getGroup(identityManager, "/Group 1");

Group group = new Group(
​"Child Group"
,
parentGroup);

identityManager.add(group);

​If the "/Group 1" has at least one "member​" in LDAP, everything works fine. But if it has no members at all, when PicketLink's LDAPIdentityStore.addToParentAsMember tries to load it from LDAP server, there would be no Attribute object named "member" in its attributes list. So when it tries to call the add method of the retrieved attribute, a NullPointerException would be thrown.

I'm not sure this is intentional (that means a group should always have at least a member) or is just a bug. So decided to ask it here first and didn't created an issue in JIRA yet. If it's a bug, there should be a checking against null before adding the new child and if the member attribute is null, we have to first add "member" attribute to the parent object and then try to add the new child to it.

Regards
Ehsan