20.3.3. RoleModule

Table 20.2. Comparision of RoleModule implementations

Features RoleModule  
LDAPRoleModuleImpl LDAPExtRoleModuleImpl  
Role creation X -
Role removal X -
Role search Flat - one level scope Flexible filter - sub tree scope

20.3.3.1. LDAPRoleModuleImpl

This is the base implementation of LDAP RoleModule. It supports user creation, but will retrieve roles and create them in strictly specified place in LDAP tree.
To enable it in your configuration you should have:
<module>
   <!--type used to correctly map in IdentityContext registry-->
   <type>Role</type>
   <implementation>LDAP</implementation>
   <config/>
</module>
org.jboss.portal.identity.ldap.LDAPRoleModuleImpl configuration option-groups options:
  • common:
    • roleCtxDN - DN that will be used as context for role searches.
    • ridAttributeID - attribute name under which role name is specified. Default value is "cn".
    • roleDisplayNameAttributeID - attribute name under which role display name is specified. Default value is "cn".
    • searchTimeLimit - The timeout in milliseconds for the roles searches. Defaults to 10000 (10 seconds).