20.3.4. MembershipModule

Table 20.3. Comparision of MembershipModule implementations

Features MembershipModule  
LDAPStaticGroupMembershipModuleImpl LDAPStaticRoleMembershipModuleImpl  
Role assignment stored in LDAP role entry X -
Role assignment stored in LDAP user entry - X
User/Role relationship creation X X LDAPStaticGroupMembershipModuleImpl

This module support tree shape where role entries keep information about users that are their members.
To enable it in your configuration you should have:
   <!--type used to correctly map in IdentityContext registry-->
org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl configuration option-groups options:
  • common:
    • membershipAttributeID - LDAP attribute that defines member users ids. This will be used to retrieved users from role entry.
    • membershipAttributeIsDN - defines if values of attribute defined in membershipAttributeID are fully qualified LDAP DNs.