Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/.classpath
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/.classpath	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/.classpath	(working copy)
@@ -3,7 +3,6 @@
 	<classpathentry excluding="**/.svn/*" kind="src" path="portlet-api/src/java"/>
 	<classpathentry excluding="**/.svn/*" kind="src" path="components/webapp-logging/src/java"/>
 	<classpathentry kind="src" path="components/serializer/src/java"/>
-	<classpathentry kind="src" path="etc/log4j"/>
 	<classpathentry excluding="**/.svn/*" kind="src" path="jetspeed-api/src/java"/>
 	<classpathentry excluding="**/.svn/*" kind="src" path="commons/src/java"/>
 	<classpathentry excluding="**/.svn/*" kind="src" path="commons/src/test"/>
@@ -100,12 +99,6 @@
 	<classpathentry kind="var" path="MAVEN_REPO/myfaces/jars/tomahawk-1.1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/cglib/jars/cglib-full-2.0.2.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-1.1.5.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-beans-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-context-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-mock-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-portlet-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-web-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-webmvc-2.0-m4.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/commons-fileupload/jars/commons-fileupload-1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-common-1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-frameworks-1.0.jar"/>
@@ -115,6 +108,11 @@
 	<classpathentry kind="var" path="MAVEN_REPO/javamail/jars/javamail-1.3.3.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/taglibs/jars/random-1.0.2.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/xstream/jars/xstream-1.1.2.jar"/>
-	<classpathentry kind="var" path="MAVEN_REPO/jmx/jars/jmxri-1.2.1.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-beans-1.2.1.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-context-1.2.1.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-core-1.2.1.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-beans-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-core-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-portlet-2.0-m4.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/etc/security-spi-ldap.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/etc/security-spi-ldap.xml	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/etc/security-spi-ldap.xml	(working copy)
@@ -34,13 +34,45 @@
       <constructor-arg index="5"><value>uid=admin,ou=system</value></constructor-arg>
       <!-- The LDAP server root password. -->
       <constructor-arg index="6"><value>secret</value></constructor-arg>
-      <!-- The users org unit. -->
-      <constructor-arg index="7"><value>users</value></constructor-arg>
-      <!-- The groups org unit. -->
-      <constructor-arg index="8"><value>groups</value></constructor-arg>
-      <!-- The roles org unit. -->
-      <constructor-arg index="9"><value>roles</value></constructor-arg>
-      
+      <!-- The roles filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectClass=organization)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,organization</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
   </bean>
-
 </beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java	(working copy)
@@ -215,7 +215,7 @@
      */
     public Set getGroupPrincipals(String userPrincipalUid)
     {
-        Set groupPrincipals = new HashSet();
+    	Set groupPrincipals = new HashSet();
 
         String[] groups;
         try
@@ -276,13 +276,9 @@
     	//TODO: Check that this is correct
     	String[] fullPaths = {groupFullPathName};
 
-//        Preferences preferences = Preferences.userRoot().node(
-//                GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName));
-//        String[] fullPaths = groupHierarchyResolver.resolve(preferences);
-//        
         try
         {
-            getUserPrincipalsInGroup(userPrincipals, fullPaths);
+           getUserPrincipalsInGroup(userPrincipals, fullPaths);
         }
         catch (SecurityException e)
         {
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java	(working copy)
@@ -167,7 +167,7 @@
     protected SearchControls setSearchControls()
     {
         SearchControls controls = new SearchControls();
-
+        controls.setReturningAttributes(new String[] {"cn","sn","o","uid","ou","objectClass","nsroledn","userPassword","member","uniqueMember"});
         controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         controls.setReturningObjFlag(true);
 
@@ -261,12 +261,12 @@
         while ((null != searchResults) && searchResults.hasMore())
         {
             SearchResult searchResult = (SearchResult) searchResults.next();
-
-            if (searchResult.getObject() instanceof DirContext)
-            {
-                DirContext userEntry = (DirContext) searchResult.getObject();
-                userDn = userEntry.getNameInNamespace();
-            }
+            userDn = searchResult.getNameInNamespace();
+//            if (searchResult.getObject() instanceof DirContext)
+//            {
+//                DirContext userEntry = (DirContext) searchResult.getObject();
+//                userDn = userEntry.getNameInNamespace();
+//            }
         }
         return userDn;
     }
@@ -299,9 +299,15 @@
      */
     protected NamingEnumeration searchByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + getObjectClass() + "))";
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+    	// usa a template method to use users/groups/roles
+        String searchFilter = "";
+        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
+        	searchFilter = "(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getSearchSuffix() + ")";
+        }
+        
+        NamingEnumeration searchResults = ((DirContext) ctx).search(getSearchDomain(), searchFilter, cons);
 
         return searchResults;
     }
@@ -318,8 +324,14 @@
      */
     protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + "jetspeed-2-group" + "))";
+    	// usa a template method to use users/groups/roles
+        String searchFilter = "";
+        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
+        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getGroupFilter() + ")";
+        }        
+        
         NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
 
         return searchResults;
@@ -337,8 +349,13 @@
      */
     protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
-        String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="
-                + "jetspeed-2-role" + "))";
+        //String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="+ "jetspeed-2-role" + "))";
+        String searchFilter = "";
+        if (getRoleFilter()==null || getRoleFilter().equals("")) {
+        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+        } else {
+        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getRoleFilter() + ")";
+        }      	
         NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
 
         return searchResults;
@@ -346,7 +363,7 @@
 
     /**
      * <p>
-     * Returns the default suffix dn.
+     * Returns the default Group suffix dn.
      * </p>
      * 
      * @return The defaultDnSuffix.
@@ -351,21 +368,34 @@
      * 
      * @return The defaultDnSuffix.
      */
-    protected String getDefaultDnSuffix()
+    protected String getGroupFilterBase()
     {
-        return this.ldapBindingConfig.getDefaultDnSuffix();
+        return this.ldapBindingConfig.getGroupFilterBase();
     }
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String[] getGroupObjectClasses()
+    {
+        return this.ldapBindingConfig.getGroupObjectClasses();
+    }    
+    
 
     /**
      * <p>
-     * Returns the groups organization unit.
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The groupsOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getGroupsOu()
+    protected String getRoleFilterBase()
     {
-        return this.ldapBindingConfig.getGroupsOu();
+        return this.ldapBindingConfig.getRoleFilterBase();
     }
     
     /**
@@ -370,27 +400,54 @@
     
     /**
      * <p>
-     * Returns the roles .
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The rolesOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getRolesOu()
+    protected String[] getRoleObjectClasses()
     {
-        return this.ldapBindingConfig.getRolesOu();
+        return this.ldapBindingConfig.getRoleObjectClasses();
     }    
-
+    
     /**
      * <p>
-     * Returns the users organization unit.
+     * Returns the default Group suffix dn.
      * </p>
      * 
-     * @return The usersOu.
+     * @return The defaultDnSuffix.
      */
-    protected String getUsersOu()
+    protected String getUserFilterBase()
     {
-        return this.ldapBindingConfig.getUsersOu();
-    }
+        return this.ldapBindingConfig.getUserFilterBase();
+    }    
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String getGroupFilter()
+    {
+        return this.ldapBindingConfig.getGroupFilter();
+    }     
+    
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String getRoleFilter()
+    {
+        return this.ldapBindingConfig.getRoleFilter();
+    }     
+        
+    
 
     /**
      * <p>
@@ -403,16 +460,17 @@
     {
         return this.ldapBindingConfig.getRootContext();
     }
-
+    
     /**
      * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
+     * A template method that returns the LDAP entry prefix of the concrete DAO.
      * </p>
      * 
-     * @return a String containing the LDAP object class name.
-     */
-    protected abstract String getObjectClass();
-    
+     * TODO : this should be in spring config
+     * 
+     * @return a String containing the LDAP entry prefix name.
+     */    
+    protected abstract String getEntryPrefix();
     
     /**
      * <p>
@@ -423,6 +481,82 @@
      * 
      * @return a String containing the LDAP entry prefix name.
      */    
-    protected abstract String getEntryPrefix();
+    protected abstract String getSearchSuffix();
+    
+    /**
+     * <p>
+     * The domain in wich to perform a search
+     * </p>
+     * 
+     * TODO : this should be in spring config
+     * 
+     * @return a String containing the LDAP entry prefix name.
+     */    
+    protected abstract String getSearchDomain();    
+        
+    protected  String getUserFilter()
+    {
+        return this.ldapBindingConfig.getUserFilter();
+    }
+    
+    /**
+     * <p>
+     * Returns the default Group suffix dn.
+     * </p>
+     * 
+     * @return The defaultDnSuffix.
+     */
+    protected String[] getUserObjectClasses()
+    {
+        return this.ldapBindingConfig.getUserObjectClasses();
+    }    
+
+    protected  String getGroupMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getGroupMembershipAttributes();
+    }   
+    
+    protected  String getUserGroupMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getUserGroupMembershipAttributes();
+    }  
+     
+    
+    protected  String getGroupMembershipForRoleAttribute()
+    {
+        return this.ldapBindingConfig.getGroupMembershipForRoleAttributes();
+    }   
+    
+    protected  String getRoleGroupMembershipForRoleAttribute()
+    {
+        return this.ldapBindingConfig.getRoleGroupMembershipForRoleAttributes();
+    }    
+        
+    protected  String getRoleMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getRoleMembershipAttributes();
+    }
     
+    protected  String getUserRoleMembershipAttribute()
+    {
+        return this.ldapBindingConfig.getUserRoleMembershipAttributes();
+    }
+
+    protected  String getRoleIdAttribute()
+    {
+        return this.ldapBindingConfig.getRoleIdAttribute();
+    }    
+
+    protected  String getGroupIdAttribute()
+    {
+        return this.ldapBindingConfig.getGroupIdAttribute();
+    }    
+
+    protected  String getUserIdAttribute()
+    {
+        return this.ldapBindingConfig.getUserIdAttribute();
+    }    
+
+	protected abstract String[] getObjectClasses();
+	
 }
\ No newline at end of file
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java	(working copy)
@@ -1,125 +1,158 @@
-/*
- * Copyright 2000-2001,2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.security.spi.impl.ldap;
-
-import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.jetspeed.security.SecurityException;
-
-public class InitLdapSchema extends AbstractLdapDao
-{
-
-    /**
-     * <p>
-     * Default constructor.
-     * </p>
-     * 
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public InitLdapSchema() throws SecurityException
-    {
-        super();
-    }
-
-    /**
-     * <p>
-     * Initializes the LDAP schema.
-     * </p>
-     * 
-     * @param ldapConfig Holds the ldap binding configuration.
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public InitLdapSchema(LdapBindingConfig ldapConfig) throws SecurityException
-    {
-        super(ldapConfig);
-        init();
-    }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao#getObjectClass()
-     */
-    protected String getObjectClass()
-    {
-        // Implementation not required for initializing the ldap schema.
-        return null;
-    }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao#create(java.lang.String)
-     */
-    public void init() throws SecurityException
-    {
-        initOu(getUsersOu());
-        initOu(getGroupsOu());
-        initOu(getRolesOu());
-    }
-
-    /**
-     * <p>
-     * Inits a given ou.
-     * </p>
-     * 
-     * @param ou The org unit.
-     * @throws SecurityException
-     */
-    public void initOu(String ou) throws SecurityException
-    {
-        if (!StringUtils.isEmpty(ou))
-        {
-            Attributes attrs = defineLdapAttributes(ou);
-            try
-            {
-                String dn = "ou=" + ou;
-                ctx.createSubcontext(dn, attrs);
-            }
-            catch (NamingException e)
-            {
-                throw new SecurityException(e);
-            }
-        }
-    }
-
-    /**
-     * <p>
-     * A template method for defining the attributes for a particular LDAP class.
-     * </p>
-     * 
-     * @param principalUid The principal uid.
-     * @return the LDAP attributes object for the particular class.
-     */
-    protected Attributes defineLdapAttributes(String ou)
-    {
-        Attributes attrs = new BasicAttributes(true);
-        BasicAttribute classes = new BasicAttribute("objectclass");
-
-        classes.add("top");
-        classes.add("organizationalUnit");
-        attrs.put(classes);
-        attrs.put("ou", ou);
-
-        return attrs;
-    }
-
-	protected String getEntryPrefix()
-	{
-		return null;
-	}
-
-}
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.jetspeed.security.SecurityException;
+
+public class InitLdapSchema extends AbstractLdapDao
+{
+
+    /**
+     * <p>
+     * Default constructor.
+     * </p>
+     * 
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public InitLdapSchema() throws SecurityException
+    {
+        super();
+    }
+
+    /**
+     * <p>
+     * Initializes the LDAP schema.
+     * </p>
+     * 
+     * @param ldapConfig Holds the ldap binding configuration.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public InitLdapSchema(LdapBindingConfig ldapConfig) throws SecurityException
+    {
+        super(ldapConfig);
+        init();
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao#getObjectClass()
+     */
+    protected String getObjectClass()
+    {
+        // Implementation not required for initializing the ldap schema.
+        return null;
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao#create(java.lang.String)
+     */
+    public void init() throws SecurityException
+    {
+    	initOu("OrgUnit1");
+    	initOu("People","ou=OrgUnit1");
+    	initOu("Groups","ou=OrgUnit1");
+    	initOu("Roles","ou=OrgUnit1");
+//        initOu(getUsersOu());
+//        initOu(getGroupsOu());
+//        initOu(getRolesOu());
+    }
+
+    /**
+     * <p>
+     * Inits a given ou.
+     * </p>
+     * 
+     * @param ou The org unit.
+     * @throws SecurityException
+     */
+    public void initOu(String ou) throws SecurityException
+    {
+        if (!StringUtils.isEmpty(ou))
+        {
+            Attributes attrs = defineLdapAttributes(ou);
+            try
+            {
+                String dn = "ou=" + ou; // + "," + getDefaultSearchBase();
+                ctx.createSubcontext(dn, attrs);
+            }
+            catch (NamingException e)
+            {
+                throw new SecurityException(e);
+            }
+        }
+    }
+    
+    public void initOu(String ou,String folder) throws SecurityException
+    {
+        if (!StringUtils.isEmpty(ou))
+        {
+            Attributes attrs = defineLdapAttributes(ou);
+            try
+            {
+                ctx.createSubcontext("ou=" + ou + "," + folder, attrs);
+            }
+            catch (NamingException e)
+            {
+                throw new SecurityException(e);
+            }
+        }
+    }    
+
+    /**
+     * <p>
+     * A template method for defining the attributes for a particular LDAP class.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return the LDAP attributes object for the particular class.
+     */
+    protected Attributes defineLdapAttributes(String ou)
+    {
+        Attributes attrs = new BasicAttributes(true);
+        BasicAttribute classes = new BasicAttribute("objectclass");
+
+        classes.add("top");
+        classes.add("organizationalUnit");
+        attrs.put(classes);
+        attrs.put("ou", ou);
+
+        return attrs;
+    }
+
+	protected String getEntryPrefix()
+	{
+		return null;
+	}
+	
+	protected String getSearchSuffix() {
+		return null;
+	}
+
+	protected String getSearchDomain() {
+		return null;
+	}
+
+	protected String[] getObjectClasses() {
+		return null;
+	}
+
+
+}
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java	(working copy)
@@ -1,294 +1,504 @@
-/* Copyright 2004 Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.security.spi.impl.ldap;
-
-import org.apache.commons.configuration.ConfigurationException;
-import org.apache.commons.configuration.PropertiesConfiguration;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.security.SecurityException;
-
-/**
- * <p>
- * Holds the configuration for ldap binding.
- * </p>
- * 
- * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
- */
-public class LdapBindingConfig
-{
-    /** The logger. */
-    private static final Log logger = LogFactory.getLog(LdapBindingConfig.class);
-
-    /** The initial context factory for the LDAP provider. */
-    private String initialContextFactory;
-
-    /** The server name. */
-    private String ldapServerName;
-
-    /** The server port. */
-    private String ldapServerPort;
-
-    /** The root distinguished name. */
-    private String rootDn;
-
-    /** The root password. */
-    private String rootPassword;
-
-    /** The root context. */
-    private String rootContext;
-
-    /** The default suffix. */
-    private String defaultDnSuffix;
-
-    /** The users ou. */
-    private String usersOu;
-
-    /** The groups ou. */
-    private String groupsOu;
-    
-    /** The roles ou. */
-    private String rolesOu;    
-
-    /** The ldap properties. */
-    private PropertiesConfiguration props = null;
-
-    /**
-     * @param factory The initial context factory.
-     * @param name The ldap server name.
-     * @param port The ldap server port.
-     * @param suffix The default dn suffix.
-     * @param context The root context.
-     * @param dn The root dn.
-     * @param password The root password.
-     * @param uou The users organization unit.
-     * @param gou The groups organization unit.
-     */
-    public LdapBindingConfig(String factory, String name, String port, String suffix, String context, String dn,
-            String password, String uou, String goups,String roles)
-    {
-        try
-        {
-            initialContextFactory = factory;
-            ldapServerName = name;
-            ldapServerPort = port;
-            defaultDnSuffix = suffix;
-            rootContext = context;
-            rootDn = dn;
-            rootPassword = password;
-            usersOu = uou;
-            groupsOu = goups;
-            rolesOu = roles;
-            new InitLdapSchema(this);
-        }
-        catch (SecurityException se)
-        {
-            if (logger.isWarnEnabled())
-            {
-                logger.warn("The LDAP directory should already be initialized.  If this is not the case, an exception"
-                        + "occured during initialization.");
-            }
-        }
-    }
-
-    /**
-     * <p>
-     * Default constructor. By default instantiates LdapBindingConfig from
-     * JETSPEED-INF/ldap/ldap.properties in the classpath.
-     * </p>
-     */
-    public LdapBindingConfig()
-    {
-        try
-        {
-            props = new PropertiesConfiguration("JETSPEED-INF/ldap/ldap.properties");
-            initialContextFactory = props.getString("org.apache.jetspeed.ldap.initialContextFactory");
-            ldapServerName = props.getString("org.apache.jetspeed.ldap.ldapServerName");
-            ldapServerPort = props.getString("org.apache.jetspeed.ldap.ldapServerPort");
-            defaultDnSuffix = props.getString("org.apache.jetspeed.ldap.defaultDnSuffix");
-            rootContext = props.getString("org.apache.jetspeed.ldap.rootContext");
-            rootDn = props.getString("org.apache.jetspeed.ldap.rootDn");
-            rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
-            usersOu = props.getString("org.apache.jetspeed.ldap.ou.users");
-            groupsOu = props.getString("org.apache.jetspeed.ldap.ou.groups");
-            rolesOu = props.getString("org.apache.jetspeed.ldap.ou.roles");
-            new InitLdapSchema(this);
-        }
-        catch (ConfigurationException ce)
-        {
-            logger.error("Could not configure LdapBindingConfig: " + ce);
-        }
-        catch (SecurityException se)
-        {
-            if (logger.isWarnEnabled())
-            {
-                logger.warn("The LDAP directory should already be initialized.  If this is not the case, an exception"
-                        + "occured during initialization.");
-            }
-        }
-    }
-
-    /**
-     * @return Returns the defaultDnSuffix.
-     */
-    public String getDefaultDnSuffix()
-    {
-        return defaultDnSuffix;
-    }
-
-    /**
-     * @param defaultDnSuffix The defaultDnSuffix to set.
-     */
-    public void setDefaultDnSuffix(String defaultDnSuffix)
-    {
-        this.defaultDnSuffix = defaultDnSuffix;
-    }
-
-    /**
-     * @return Returns the groupsOu.
-     */
-    public String getGroupsOu()
-    {
-        return groupsOu;
-    }
-
-    /**
-     * @param groupsOu The groupsOu to set.
-     */
-    public void setGroupsOu(String groupsOu)
-    {
-        this.groupsOu = groupsOu;
-    }
-
-    /**
-     * @return Returns the initialContextFactory.
-     */
-    public String getInitialContextFactory()
-    {
-        return initialContextFactory;
-    }
-
-    /**
-     * @param initialContextFactory The initialContextFactory to set.
-     */
-    public void setInitialContextFactory(String initialContextFactory)
-    {
-        this.initialContextFactory = initialContextFactory;
-    }
-
-    /**
-     * @return Returns the ldapServerName.
-     */
-    public String getLdapServerName()
-    {
-        return ldapServerName;
-    }
-
-    /**
-     * @param ldapServerName The ldapServerName to set.
-     */
-    public void setLdapServerName(String ldapServerName)
-    {
-        this.ldapServerName = ldapServerName;
-    }
-
-    /**
-     * @return Returns the ldapServerPort.
-     */
-    public String getLdapServerPort()
-    {
-        return ldapServerPort;
-    }
-
-    /**
-     * @param ldapServerPort The ldapServerPort to set.
-     */
-    public void setLdapServerPort(String ldapServerPort)
-    {
-        this.ldapServerPort = ldapServerPort;
-    }
-
-    /**
-     * @return Returns the rootContext.
-     */
-    public String getRootContext()
-    {
-        return rootContext;
-    }
-
-    /**
-     * @param rootContext The rootContext to set.
-     */
-    public void setRootContext(String rootContext)
-    {
-        this.rootContext = rootContext;
-    }
-
-    /**
-     * @return Returns the rootDn.
-     */
-    public String getRootDn()
-    {
-        return rootDn;
-    }
-
-    /**
-     * @param rootDn The rootDn to set.
-     */
-    public void setRootDn(String rootDn)
-    {
-        this.rootDn = rootDn;
-    }
-
-    /**
-     * @return Returns the rootPassword.
-     */
-    public String getRootPassword()
-    {
-        return rootPassword;
-    }
-
-    /**
-     * @param rootPassword The rootPassword to set.
-     */
-    public void setRootPassword(String rootPassword)
-    {
-        this.rootPassword = rootPassword;
-    }
-
-    /**
-     * @return Returns the usersOu.
-     */
-    public String getUsersOu()
-    {
-        return usersOu;
-    }
-
-    /**
-     * @param usersOu The usersOu to set.
-     */
-    public void setUsersOu(String usersOu)
-    {
-        this.usersOu = usersOu;
-    }
-
-	public String getRolesOu() {
-		return rolesOu;
-	}
-
-	public void setRolesOu(String rolesOu) {
-		this.rolesOu = rolesOu;
-	}
-}
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.PropertiesConfiguration;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * Holds the configuration for ldap binding.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
+ */
+public class LdapBindingConfig
+{
+    /** The logger. */
+    private static final Log logger = LogFactory.getLog(LdapBindingConfig.class);
+
+    private String initialContextFactory;
+    private String ldapServerName;
+    private String ldapServerPort;
+    private String rootDn;
+    private String rootPassword;
+    private String rootContext;
+    
+    private String defaultDnSuffix;
+    
+    private PropertiesConfiguration props = null;
+
+	private String roleFilter;
+	private String groupFilter;
+	private String userFilter;
+
+	private String userAuthenticationFiler;
+	
+	private String roleMembershipAttributes;
+	private String userRoleMembershipAttributes;
+
+	private String groupMembershipAttributes;
+	private String userGroupMembershipAttributes;
+
+	private String defaultSearchBase;
+
+	private String roleFilterBase;
+	private String groupFilterBase;
+	private String userFilterBase;
+	
+	private String roleIdAttribute;
+	private String groupIdAttribute;
+	private String userIdAttribute;
+
+	private String[] roleObjectClasses;
+
+	private String[] groupObjectClasses;
+
+	private String[] userObjectClasses;
+
+	private String roleGroupMembershipForRoleAttributes;
+
+	private String groupMembershipForRoleAttributes;	
+
+    /**
+     * @param factory The initial context factory.
+     * @param name The ldap server name.
+     * @param port The ldap server port.
+     * @param suffix The default dn suffix.
+     * @param context The root context.
+     * @param dn The root dn.
+     * @param password The root password.
+     * @param uou The users organization unit.
+     * @param gou The groups organization unit.
+     */
+    public LdapBindingConfig(String factory, 
+    		String name, 
+    		String port, 
+    		String suffix, 
+    		String context, 
+    		String dn,
+            String password, 
+            String roleFilter,
+    		String groupFilter,
+    		String userFilter,
+			String userAuthenticationFiler,
+			String roleMembershipAttributes,
+			String userRoleMembershipAttributes,
+			String groupMembershipAttributes,
+			String userGroupMembershipAttributes,
+			String groupMembershipForRoleAttributes,
+			String roleGroupMembershipForRoleAttributes,			
+			String defaultSearchBase,
+			String roleFilterBase,
+			String groupFilterBase,
+			String userFilterBase,
+			String roleObjectClasses,
+			String groupObjectClasses,
+			String userObjectClasses,			
+			String roleIdAttribute,
+			String groupIdAttribute,
+			String userIdAttribute)    
+    {
+        try
+        {
+            initialContextFactory = factory;
+            ldapServerName = name;
+            ldapServerPort = port;
+            defaultDnSuffix = suffix;
+            rootContext = context;
+            rootDn = dn;
+            rootPassword = password;
+    
+            this.roleFilter=roleFilter;
+    		this.groupFilter=groupFilter;
+    		this.userFilter=userFilter;
+    		this.userAuthenticationFiler=userAuthenticationFiler;
+			
+    		this.roleMembershipAttributes=roleMembershipAttributes;
+			this.userRoleMembershipAttributes=userRoleMembershipAttributes;
+			
+			this.groupMembershipAttributes=groupMembershipAttributes;
+			this.userGroupMembershipAttributes=userGroupMembershipAttributes;
+			
+			this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+			this.roleGroupMembershipForRoleAttributes=roleGroupMembershipForRoleAttributes;
+			this.defaultSearchBase=defaultSearchBase;
+    		
+			this.roleFilterBase=roleFilterBase;
+    		this.groupFilterBase=groupFilterBase;
+    		this.userFilterBase=userFilterBase;
+    		
+    		
+    		this.roleObjectClasses=StringUtils.split(roleObjectClasses,",");
+    		this.groupObjectClasses=StringUtils.split(groupObjectClasses,",");
+    		this.userObjectClasses=StringUtils.split(userObjectClasses,",");
+    		
+    		this.roleIdAttribute=roleIdAttribute;
+    		this.groupIdAttribute=groupIdAttribute;
+    		this.userIdAttribute=userIdAttribute;
+    		
+            new InitLdapSchema(this);
+        }
+        catch (SecurityException se)
+        {
+            if (logger.isWarnEnabled())
+            {
+                logger.warn("The LDAP directory should already be initialized.  If this is not the case, an exception"
+                        + "occured during initialization.");
+            }
+        }
+    }
+
+    /**
+     * <p>
+     * Default constructor. By default instantiates LdapBindingConfig from
+     * JETSPEED-INF/ldap/ldap.properties in the classpath.
+     * </p>
+     */
+    public LdapBindingConfig(String ldapType)
+    {
+        try
+        {
+            props = new PropertiesConfiguration("JETSPEED-INF/ldap/" + ldapType + "/ldap.properties");
+            initialContextFactory = props.getString("org.apache.jetspeed.ldap.initialContextFactory");
+            ldapServerName = props.getString("org.apache.jetspeed.ldap.ldapServerName");
+            ldapServerPort = props.getString("org.apache.jetspeed.ldap.ldapServerPort");
+            defaultDnSuffix = props.getString("org.apache.jetspeed.ldap.defaultDnSuffix");
+            rootContext = props.getString("org.apache.jetspeed.ldap.rootContext");
+            rootDn = props.getString("org.apache.jetspeed.ldap.rootDn");
+            rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
+            
+            roleFilter=props.getString("org.apache.jetspeed.ldap.RoleFilter");
+            groupFilter=props.getString("org.apache.jetspeed.ldap.GroupFilter");
+            userFilter=props.getString("org.apache.jetspeed.ldap.UserFilter");
+
+            userAuthenticationFiler=props.getString("org.apache.jetspeed.ldap.UserAuthenticationFiler");
+
+            roleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.RoleMembershipAttributes");
+            userRoleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.UserRoleMembershipAttributes");
+
+            groupMembershipAttributes=props.getString("org.apache.jetspeed.ldap.GroupMembershipAttributes");
+            userGroupMembershipAttributes=props.getString("org.apache.jetspeed.ldap.UserGroupMembershipAttributes");
+
+            groupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes");
+            roleGroupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes");
+
+            defaultSearchBase=props.getString("org.apache.jetspeed.ldap.DefaultSearchBase");
+            
+            roleFilterBase=props.getString("org.apache.jetspeed.ldap.RoleFilterBase");
+            groupFilterBase=props.getString("org.apache.jetspeed.ldap.GroupFilterBase");
+            userFilterBase=props.getString("org.apache.jetspeed.ldap.UserFilterBase");
+            
+            this.roleObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.RoleObjectClasses"),",");
+    		this.groupObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.GroupObjectClasses"),",");
+    		this.userObjectClasses=StringUtils.split(props.getString("org.apache.jetspeed.ldap.UserObjectClasses"),",");
+    		
+    		roleIdAttribute=props.getString("org.apache.jetspeed.ldap.RoleIdAttribute");
+            groupIdAttribute=props.getString("org.apache.jetspeed.ldap.GroupIdAttribute");
+            userIdAttribute=props.getString("org.apache.jetspeed.ldap.UserIdAttribute");
+
+            new InitLdapSchema(this);
+        }
+        catch (ConfigurationException ce)
+        {
+            logger.error("Could not configure LdapBindingConfig: " + ce);
+        }
+        catch (SecurityException se)
+        {
+            if (logger.isWarnEnabled())
+            {
+                logger.warn("The LDAP directory should already be initialized.  If this is not the case, an exception"
+                        + "occured during initialization.");
+            }
+        }
+    }
+
+    /**
+     * @return Returns the defaultDnSuffix.
+     */
+    public String getDefaultDnSuffix()
+    {
+        return defaultDnSuffix;
+    }
+
+    /**
+     * @param defaultDnSuffix The defaultDnSuffix to set.
+     */
+    public void setDefaultDnSuffix(String defaultDnSuffix)
+    {
+        this.defaultDnSuffix = defaultDnSuffix;
+    }
+    /**
+     * @return Returns the initialContextFactory.
+     */
+    public String getInitialContextFactory()
+    {
+        return initialContextFactory;
+    }
+
+    /**
+     * @param initialContextFactory The initialContextFactory to set.
+     */
+    public void setInitialContextFactory(String initialContextFactory)
+    {
+        this.initialContextFactory = initialContextFactory;
+    }
+
+    /**
+     * @return Returns the ldapServerName.
+     */
+    public String getLdapServerName()
+    {
+        return ldapServerName;
+    }
+
+    /**
+     * @param ldapServerName The ldapServerName to set.
+     */
+    public void setLdapServerName(String ldapServerName)
+    {
+        this.ldapServerName = ldapServerName;
+    }
+
+    /**
+     * @return Returns the ldapServerPort.
+     */
+    public String getLdapServerPort()
+    {
+        return ldapServerPort;
+    }
+
+    /**
+     * @param ldapServerPort The ldapServerPort to set.
+     */
+    public void setLdapServerPort(String ldapServerPort)
+    {
+        this.ldapServerPort = ldapServerPort;
+    }
+
+    /**
+     * @return Returns the rootContext.
+     */
+    public String getRootContext()
+    {
+        return rootContext;
+    }
+
+    /**
+     * @param rootContext The rootContext to set.
+     */
+    public void setRootContext(String rootContext)
+    {
+        this.rootContext = rootContext;
+    }
+
+    /**
+     * @return Returns the rootDn.
+     */
+    public String getRootDn()
+    {
+        return rootDn;
+    }
+
+    /**
+     * @param rootDn The rootDn to set.
+     */
+    public void setRootDn(String rootDn)
+    {
+        this.rootDn = rootDn;
+    }
+
+    /**
+     * @return Returns the rootPassword.
+     */
+    public String getRootPassword()
+    {
+        return rootPassword;
+    }
+
+    /**
+     * @param rootPassword The rootPassword to set.
+     */
+    public void setRootPassword(String rootPassword)
+    {
+        this.rootPassword = rootPassword;
+    }
+
+	public String getRoleFilter() {
+		return roleFilter;
+	}
+
+	public void setRoleFilter(String roleFilter) {
+		this.roleFilter = roleFilter;
+	}
+
+	public String getRoleFilterBase() {
+		return roleFilterBase;
+	}
+
+	public void setRoleFilterBase(String roleFilterBase) {
+		this.roleFilterBase = roleFilterBase;
+	}
+
+	public String getRoleMembershipAttributes() {
+		return roleMembershipAttributes;
+	}
+
+	public void setRoleMembershipAttributes(String roleMembershipAttributes) {
+		this.roleMembershipAttributes = roleMembershipAttributes;
+	}
+
+	public String getUserAuthenticationFiler() {
+		return userAuthenticationFiler;
+	}
+
+	public void setUserAuthenticationFiler(String userAuthenticationFiler) {
+		this.userAuthenticationFiler = userAuthenticationFiler;
+	}
+
+	public String getUserFilter() {
+		return userFilter;
+	}
+
+	public void setUserFilter(String userFilter) {
+		this.userFilter = userFilter;
+	}
+
+	public String getUserFilterBase() {
+		return userFilterBase;
+	}
+
+	public void setUserFilterBase(String userFilterBase) {
+		this.userFilterBase = userFilterBase;
+	}
+
+	public String getUserGroupMembershipAttributes() {
+		return userGroupMembershipAttributes;
+	}
+
+	public void setUserGroupMembershipAttributes(
+			String userGroupMembershipAttributes) {
+		this.userGroupMembershipAttributes = userGroupMembershipAttributes;
+	}
+
+	public String getUserRoleMembershipAttributes() {
+		return userRoleMembershipAttributes;
+	}
+
+	public void setUserRoleMembershipAttributes(String userRoleMembershipAttributes) {
+		this.userRoleMembershipAttributes = userRoleMembershipAttributes;
+	}
+
+	public String getDefaultSearchBase() {
+		return defaultSearchBase;
+	}
+
+	public void setDefaultSearchBase(String defaultSearchBase) {
+		this.defaultSearchBase = defaultSearchBase;
+	}
+
+	public String getGroupFilter() {
+		return groupFilter;
+	}
+
+	public void setGroupFilter(String groupFilter) {
+		this.groupFilter = groupFilter;
+	}
+
+	public String getGroupFilterBase() {
+		return groupFilterBase;
+	}
+
+	public void setGroupFilterBase(String groupFilterBase) {
+		this.groupFilterBase = groupFilterBase;
+	}
+
+	public String getGroupMembershipAttributes() {
+		return groupMembershipAttributes;
+	}
+
+	public void setGroupMembershipAttributes(String groupMembershipAttributes) {
+		this.groupMembershipAttributes = groupMembershipAttributes;
+	}
+
+	public String getGroupIdAttribute() {
+		return groupIdAttribute;
+	}
+
+	public void setGroupIdAttribute(String groupIdAttribute) {
+		this.groupIdAttribute = groupIdAttribute;
+	}
+
+	public String getRoleIdAttribute() {
+		return roleIdAttribute;
+	}
+
+	public void setRoleIdAttribute(String roleIdAttribute) {
+		this.roleIdAttribute = roleIdAttribute;
+	}
+
+	public String getUserIdAttribute() {
+		return userIdAttribute;
+	}
+
+	public void setUserIdAttribute(String userIdAttribute) {
+		this.userIdAttribute = userIdAttribute;
+	}
+
+	public String[] getGroupObjectClasses() {
+		return groupObjectClasses;
+	}
+
+	public void setGroupObjectClasses(String[] groupObjectClasses) {
+		this.groupObjectClasses = groupObjectClasses;
+	}
+
+	public String[] getRoleObjectClasses() {
+		return roleObjectClasses;
+	}
+
+	public void setRoleObjectClasses(String[] roleObjectClasses) {
+		this.roleObjectClasses = roleObjectClasses;
+	}
+
+	public String[] getUserObjectClasses() {
+		return userObjectClasses;
+	}
+
+	public void setUserObjectClasses(String[] userObjectClasses) {
+		this.userObjectClasses = userObjectClasses;
+	}
+
+	public String getRoleGroupMembershipForRoleAttributes() {
+		return this.roleGroupMembershipForRoleAttributes;
+	}
+
+	public String getGroupMembershipForRoleAttributes() {
+		return this.groupMembershipForRoleAttributes;
+	}
+	
+	public void setRoleGroupMembershipForRoleAttributes(String roleGroupMembershipForRoleAttributes) {
+		this.roleGroupMembershipForRoleAttributes=roleGroupMembershipForRoleAttributes;
+	}
+
+	public void setGroupMembershipForRoleAttributes(String groupMembershipForRoleAttributes) {
+		this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+	}	
+	
+}
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java	(working copy)
@@ -17,13 +17,10 @@
 
 import java.security.Principal;
 
-import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
-import javax.naming.directory.DirContext;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 
@@ -76,13 +73,10 @@
         Attributes attrs = new BasicAttributes(true);
         BasicAttribute classes = new BasicAttribute("objectclass");
 
-        classes.add("top");
-        classes.add("uidObject");
-        classes.add("jetspeed-2-group");
+        for (int i=0 ; i<getObjectClasses().length ; i++) 
+        	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
-        attrs.put("uid", principalUid);
-        attrs.put("cn", principalUid);
-        attrs.put("ou", getGroupsOu());
+        attrs.put(getEntryPrefix(), principalUid);
         return attrs;
     }
 
@@ -91,16 +85,7 @@
      */
     protected String getDnSuffix()
     {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getGroupsOu()))
-        {
-            suffix += ",ou=" + getGroupsOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
+       return getGroupFilterBase();
     }
 
     /**
@@ -116,20 +101,21 @@
         return new GroupPrincipalImpl(principalUid);
     }
 
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-group";
-    }
 
 	protected String getEntryPrefix() {
-		return "cn";
+		return this.getGroupIdAttribute();
+	}
+	
+	protected String getSearchSuffix() {
+		return this.getGroupFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getGroupFilterBase();
+	}
+
+	protected String[] getObjectClasses() {
+		return this.getGroupObjectClasses();
 	}
 	
  	
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java	(revision 0)
@@ -0,0 +1,471 @@
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.naming.Name;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.LdapName;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
+
+
+public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao {
+
+	public LdapMemberShipDaoImpl() throws SecurityException {
+		super();
+	}
+	
+	public LdapMemberShipDaoImpl(LdapBindingConfig config) throws SecurityException {
+		super(config);
+	}	
+
+	/** The logger. */
+    private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
+		String query = "(&(" + getGroupMembershipAttribute() + "=" + subfilter + ")" + getGroupFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    Name name = new LdapName(getGroupFilterBase());
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
+	
+	   List groupPrincipalUids = new ArrayList();
+	    while (searchResults.hasMore())
+	    {
+	        SearchResult result = (SearchResult) searchResults.next();
+	        Attributes answer = result.getAttributes();
+	
+	        groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer)));
+	    }
+	    return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]);
+	
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchGroupMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		NamingEnumeration searchResults = searchByWildcardedUid(userPrincipalUid, cons);
+	    
+	    if (!searchResults.hasMore())
+	    {
+	        throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+	    }
+	
+	    Attributes userAttributes = getFirstUser(searchResults);
+	    List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes));
+	    return (String[]) uids.toArray(new String[uids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException {
+		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
+		String query = "(&(" + getRoleMembershipAttribute() + "=" + subfilter + ")" + getRoleFilter()  + ")";
+		
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    Name name = new LdapName(getRoleFilterBase()) ;
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
+	
+	    List rolePrincipalUids = new ArrayList();
+	     while (searchResults.hasMore())
+	     {
+	    	 
+	         SearchResult result = (SearchResult) searchResults.next();
+	         Attributes answer = result.getAttributes();
+	
+	         rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
+	     }
+	     return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRoleMemberShipByUser(final String userPrincipalUid, SearchControls cons) throws NamingException {
+	
+		NamingEnumeration results = searchByWildcardedUid(userPrincipalUid, cons);
+	
+		if (!results.hasMore())
+		{
+		    throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
+		}
+		
+		Attributes userAttributes = getFirstUser(results);
+		List newAttrs = new ArrayList();
+		Attribute attr = getAttribute(getUserRoleMembershipAttribute(), userAttributes);
+		 List attrs = getAttributes(attr);
+		        Iterator it = attrs.iterator();
+		        while(it.hasNext()) {
+		        	String cnfull = (String)it.next();
+		        	String cn = extractCn(cnfull);
+		        	newAttrs.add(cn);
+		        }
+		//List uids = getAttributes(attr);
+		return (String[]) newAttrs.toArray(new String[newAttrs.size()]);
+	}
+
+//	/**
+//	 * <p>
+//	 * Search user by group.
+//	 * </p>
+//	 * 
+//	 * @param groupPrincipalUid
+//	 * @param cons
+//	 * @return
+//	 * @throws NamingException A {@link NamingException}.
+//	 */
+//	private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
+//	        throws NamingException
+//	{
+//	    String query = "(&(cn=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
+//	
+//	    if (logger.isDebugEnabled())
+//	    {
+//	        logger.debug("query[" + query + "]");
+//	    }
+//	    NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
+//	
+//	    return searchResults;
+//	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByGroup(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByGroup(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+	    
+	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        List newAttrs = new ArrayList();
+	        
+	        Attribute userPrincipalUid = getAttribute(getGroupMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	String uid = extractUid(uidfull);
+	        	if (uidfull.indexOf(getUserFilterBase())!=-1)
+	        		newAttrs.add(uid);
+	        }
+	        userPrincipalUids.addAll(newAttrs);
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromGroupByUser(final String groupPrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+		
+		String subfilter = getGroupIdAttribute() + "=" 	+  getGroupFilterBase(); 
+	    if (getGroupFilterBase()!=null && !getGroupFilterBase().equals("")) subfilter+="," + getGroupFilterBase();
+	    subfilter+="," + getRootContext();
+		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+	    if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+	
+	    ArrayList userPrincipalUids = new ArrayList();
+	    
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	
+	        userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+	
+	public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter()
+				+ ")";
+
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+
+		ArrayList rolePrincipalUids = new ArrayList();
+
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+
+		while (results.hasMore()) {
+			SearchResult result = (SearchResult) results.next();
+			Attributes answer = result.getAttributes();
+
+			List newAttrs = new ArrayList();
+
+			Attribute userPrincipalUid = getAttribute(
+					getGroupMembershipForRoleAttribute(), answer);
+			List attrs = getAttributes(userPrincipalUid);
+			Iterator it = attrs.iterator();
+			while (it.hasNext()) {
+				String uidfull = (String) it.next();
+				String uid = extractUid(uidfull);
+				if (uidfull.indexOf(getRoleFilterBase())!=-1)
+					newAttrs.add(uid);
+			}
+			rolePrincipalUids.addAll(newAttrs);
+		}
+		return (String[]) rolePrincipalUids
+				.toArray(new String[rolePrincipalUids.size()]);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByUser(java.lang.String,
+	 *      javax.naming.directory.SearchControls)
+	 */
+	public String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException {
+
+		String subfilter = getGroupIdAttribute() + "=" + groupPrincipalUid;
+		if (getGroupFilterBase() != null && !getGroupFilterBase().equals(""))
+			subfilter += "," + getGroupFilterBase() + "," + getRootContext();
+		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "="
+				+ subfilter + ")" + getUserFilter() + ")";
+		if (logger.isDebugEnabled()) {
+			logger.debug("query[" + query + "]");
+		}
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+
+		ArrayList userPrincipalUids = new ArrayList();
+
+		while (results.hasMore()) {
+			SearchResult result = (SearchResult) results.next();
+			Attributes answer = result.getAttributes();
+
+			userPrincipalUids
+					.addAll(getAttributes(getAttribute("uid", answer)));
+		}
+		return (String[]) userPrincipalUids
+				.toArray(new String[userPrincipalUids.size()]);
+	}	
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByRole(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByRole(final String rolePrincipalUid, SearchControls cons)
+	        throws NamingException
+	{
+	
+		String query = "(&(" + getRoleIdAttribute() + "=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
+	    
+		if (logger.isDebugEnabled())
+	    {
+	        logger.debug("query[" + query + "]");
+	    }
+	    
+	    ArrayList userPrincipalUids=new ArrayList();
+	    
+	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+		
+	    while (results.hasMore())
+	    {
+	        SearchResult result = (SearchResult) results.next();
+	        Attributes answer = result.getAttributes();
+	        
+	        //List cUserPrincipalUid = getAttributes(getAttribute(getRoleMembershipAttribute(), answer));
+	        //TODO: better implementtion
+	        List newAttrs = new ArrayList();
+	        
+	        Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer);
+	        List attrs = getAttributes(userPrincipalUid);
+	        Iterator it = attrs.iterator();
+	        while(it.hasNext()) {
+	        	String uidfull = (String)it.next();
+	        	String uid = extractUid(uidfull);
+	        	newAttrs.add(uid);
+	        }
+	        userPrincipalUids.addAll(newAttrs);
+
+	        
+	        //userPrincipalUids.addAll(cUserPrincipalUid);
+	    }
+	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByUser(java.lang.String, javax.naming.directory.SearchControls)
+	 */
+	public String[] searchUsersFromRoleByUser(final String rolePrincipalUid, SearchControls cons)
+	throws NamingException
+	{
+	
+		//TODO: rename params / vars !!!
+		String subfilter = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+		if (getRoleFilterBase()!=null && !getRoleFilterBase().equals("")) subfilter+="," + getRoleFilterBase();
+		subfilter+="," + getRootContext();
+		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+		if (logger.isDebugEnabled())
+		{
+		    logger.debug("query[" + query + "]");
+		}
+		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+		
+		ArrayList userPrincipalUids = new ArrayList();
+		
+		while (results.hasMore())
+		{
+		    SearchResult result = (SearchResult) results.next();
+		    Attributes answer = result.getAttributes();
+		
+		    userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+		}
+		return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+	}
+	
+
+    /**
+     * @param attr
+     * @return
+     * @throws NamingException
+     */
+    protected List getAttributes(Attribute attr) throws NamingException
+    {
+        List uids = new ArrayList();
+        if (attr != null)
+        {
+            Enumeration groupUidEnum = attr.getAll();
+            while (groupUidEnum.hasMoreElements())
+            {
+                uids.add(groupUidEnum.nextElement());
+            }
+        }
+        return uids;
+    }	
+
+    /**
+     * @param results
+     * @return
+     * @throws NamingException
+     */
+    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
+    {
+        SearchResult result = (SearchResult) results.next();
+        Attributes answer = result.getAttributes();
+
+        return answer;
+    }
+    
+	protected String getEntryPrefix() {
+		return "uid";
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	/**
+	 * <p>
+	 * A template method for defining the attributes for a particular LDAP class.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return the LDAP attributes object for the particular class.
+	 */
+	protected Attributes defineLdapAttributes(final String principalUid)
+	{
+	    Attributes attrs = new BasicAttributes(true);
+	    BasicAttribute classes = new BasicAttribute("objectclass");
+	
+	    classes.add("top");
+	    classes.add("person");
+	    classes.add("organizationalPerson");
+	    classes.add("inetorgperson");
+	    attrs.put(classes);
+	    attrs.put("cn", principalUid);
+	    attrs.put("sn", principalUid);
+	
+	    return attrs;
+	}
+
+	/**
+	     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+	     */
+	    protected String getDnSuffix()
+	    {
+	        return this.getUserFilterBase();
+	    }
+
+	/**
+	 * <p>
+	 * Creates a GroupPrincipal object.
+	 * </p>
+	 * 
+	 * @param principalUid The principal uid.
+	 * @return A group principal object.
+	 */
+	protected Principal makePrincipal(String principalUid)
+	{
+	    return new UserPrincipalImpl(principalUid);
+	}    
+	
+	private String extractUid(String ldapName) {
+		if (ldapName.indexOf(",")!=-1)
+			return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.indexOf(","));
+		return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.length());
+	}
+	
+	private String extractCn(String ldapName) {
+		if (ldapName.indexOf(",")!=-1)
+			return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.indexOf(","));
+		return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.length());
+	}
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}
+	
+	
+}
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMembershipDao.java	(revision 0)
@@ -0,0 +1,86 @@
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import javax.naming.NamingException;
+import javax.naming.directory.SearchControls;
+
+public interface LdapMembershipDao {
+
+	public abstract String[] searchGroupMemberShipByGroup(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchGroupMemberShipByUser(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchRoleMemberShipByRole(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	public abstract String[] searchRoleMemberShipByUser(
+			final String userPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by group using the GroupMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromGroupByGroup(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by group using the UserGroupMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromGroupByUser(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by role using the RoleMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromRoleByRole(
+			final String rolePrincipalUid, SearchControls cons)
+			throws NamingException;
+
+	/**
+	 * <p>
+	 * Search user by role using the UserRoleMembershipAttribute.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid
+	 * @param cons
+	 * @return
+	 * @throws NamingException A {@link NamingException}.
+	 */
+	public abstract String[] searchUsersFromRoleByUser(
+			final String groupPrincipalUid, SearchControls cons)
+			throws NamingException;
+	
+	public abstract String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException;
+
+	public abstract String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
+			SearchControls cons) throws NamingException;
+
+}
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java	(working copy)
@@ -46,9 +46,7 @@
     /** The logger. */
     private static final Log logger = LogFactory.getLog(LdapPrincipalDaoImpl.class);
 
-    /** The uid attribute name. */
-    protected String UID_ATTR_NAME = "uid";
-
+    
     /**
      * <p>
      * Default constructor.
@@ -102,7 +100,9 @@
         Attributes attrs = defineLdapAttributes(principalUid);
         try
         {
-            String userDn = getEntryPrefix() + "=" + principalUid + getDnSuffix();
+            String userDn = getEntryPrefix() + "=" + principalUid;
+            if (getDnSuffix()!=null && !getDnSuffix().equals("")) userDn+="," + getDnSuffix();// + ',' + getDefaultSearchBase();
+            
             ctx.createSubcontext(userDn, attrs);
             if (logger.isDebugEnabled())
             {
@@ -261,7 +261,7 @@
         {
             Attributes atts = searchResult.getAttributes();
 
-            String uid = (String) getAttribute(UID_ATTR_NAME, atts).getAll().next();
+            String uid = (String) getAttribute(getEntryPrefix(), atts).getAll().next();
             Principal principal = makePrincipal(uid);
 
             principals.add(principal);
@@ -288,5 +288,9 @@
         }
         return null;
     }
+    
+	protected String getSearchDomain() {
+		return this.getUserFilterBase();
+	}    
 
 }
\ No newline at end of file
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java	(working copy)
@@ -1,133 +1,120 @@
-/*
- * Copyright 2000-2001,2004 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jetspeed.security.spi.impl.ldap;
-
-import java.security.Principal;
-
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.impl.RolePrincipalImpl;
-
-/**
- * <p>
- * DAO for handling group objects.
- * </p>
- * 
- * @author Davy De Waele
- */
-public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
-{
-
-	protected String UID_ATTR_NAME = "cn";
-	
-    /**
-     * <p>
-     * Default constructor.
-     * </p>
-     * 
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public LdapRoleDaoImpl() throws SecurityException
-    {
-        super();
-    }
-
-    /**
-     * <p>
-     * Initializes the dao.
-     * </p>
-     * 
-     * @param ldapConfig Holds the ldap binding configuration.
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
-    {
-        super(ldapConfig);
-    }
-
-    /**
-     * <p>
-     * A template method for defining the attributes for a particular LDAP class.
-     * </p>
-     * 
-     * @param principalUid The principal uid.
-     * @return The LDAP attributes object for the particular class.
-     */
-    protected Attributes defineLdapAttributes(final String principalUid)
-    {
-        Attributes attrs = new BasicAttributes(true);
-        BasicAttribute classes = new BasicAttribute("objectclass");
-
-        classes.add("top");
-        classes.add("uidObject");
-        classes.add("jetspeed-2-role");
-        attrs.put(classes);
-        attrs.put("uid", principalUid);
-        attrs.put("cn", principalUid);
-        attrs.put("ou", getRolesOu());
-        return attrs;
-    }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-     */
-    protected String getDnSuffix()
-    {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getRolesOu()))
-        {
-            suffix += ",ou=" + getRolesOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
-    }
-
-    /**
-     * <p>
-     * Creates a GroupPrincipal object.
-     * </p>
-     * 
-     * @param principalUid The principal uid.
-     * @return A group principal object.
-     */
-    protected Principal makePrincipal(String principalUid)
-    {
-        return new RolePrincipalImpl(principalUid);
-    }
-
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-role";
-    }
-
-	protected String getEntryPrefix() {
-		return "cn";
-	}
-}
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.impl.ldap;
+
+import java.security.Principal;
+
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * <p>
+ * DAO for handling group objects.
+ * </p>
+ * 
+ * @author Davy De Waele
+ */
+public class LdapRoleDaoImpl extends LdapPrincipalDaoImpl
+{
+
+    /**
+     * <p>
+     * Default constructor.
+     * </p>
+     * 
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl() throws SecurityException
+    {
+        super();
+    }
+
+    /**
+     * <p>
+     * Initializes the dao.
+     * </p>
+     * 
+     * @param ldapConfig Holds the ldap binding configuration.
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    public LdapRoleDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
+    {
+        super(ldapConfig);
+    }
+
+    /**
+     * <p>
+     * A template method for defining the attributes for a particular LDAP class.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return The LDAP attributes object for the particular class.
+     */
+    protected Attributes defineLdapAttributes(final String principalUid)
+    {
+        Attributes attrs = new BasicAttributes(true);
+        BasicAttribute classes = new BasicAttribute("objectclass");
+
+        for (int i=0;i<getObjectClasses().length;i++)
+        	classes.add(getObjectClasses()[i]);
+        attrs.put(classes);
+        attrs.put(getEntryPrefix(), principalUid);
+        return attrs;
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+     */
+    protected String getDnSuffix()
+    {
+        return this.getRoleFilterBase();
+    }
+
+    /**
+     * <p>
+     * Creates a GroupPrincipal object.
+     * </p>
+     * 
+     * @param principalUid The principal uid.
+     * @return A group principal object.
+     */
+    protected Principal makePrincipal(String principalUid)
+    {
+        return new RolePrincipalImpl(principalUid);
+    }
+
+	protected String getEntryPrefix() {
+		return this.getRoleIdAttribute();
+	}
+	
+	protected String getSearchSuffix() {
+		return this.getRoleFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getRoleFilterBase();
+	}	
+
+	protected String[] getObjectClasses() {
+		return this.getRoleObjectClasses();
+	}
+	
+	
+}
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java	(working copy)
@@ -113,7 +113,7 @@
 			String savedPassword = String.valueOf(getPassword(uid));
 			String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
 			String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
-			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + ",ou=" + getUsersOu() + "," +  getRootContext());
+			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + "," + getUserFilterBase() + "," + getRootContext());
 			env.put(Context.SECURITY_CREDENTIALS,password);
 			InitialContext ctx = new InitialContext(env);
 			env.put(Context.SECURITY_PRINCIPAL,oldUsername);
@@ -279,4 +279,17 @@
 	protected String getEntryPrefix() {
 		return "uid";
 	}
+	
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	protected String getSearchDomain() {
+		return this.getUserFilterBase();
+	}	
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}
+	
 }
\ No newline at end of file
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java	(working copy)
@@ -15,14 +15,12 @@
  */
 package org.apache.jetspeed.security.spi.impl.ldap;
 
-import java.util.List;
 import java.security.Principal;
 import java.util.ArrayList;
-import java.util.Enumeration;
+import java.util.List;
 
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
@@ -30,12 +28,9 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.jetspeed.security.GroupPrincipal;
 import org.apache.jetspeed.security.SecurityException;
-import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
 /**
@@ -47,11 +42,7 @@
     /** The logger. */
     private static final Log logger = LogFactory.getLog(LdapUserPrincipalDaoImpl.class);
 
-    /** The group attribute name. */
-    private static final String GROUP_ATTR_NAME = "j2-group";
-
-    /** The role attribute name. */    
-    private static final String ROLE_ATTR_NAME = "j2-role";
+    private LdapMembershipDao membership;
 
     /**
      * <p>
@@ -62,7 +53,8 @@
      */
     public LdapUserPrincipalDaoImpl() throws SecurityException
     {
-        super();
+    	super();
+    	membership=new LdapMemberShipDaoImpl();
     }
 
     /**
@@ -75,7 +67,8 @@
      */
     public LdapUserPrincipalDaoImpl(LdapBindingConfig ldapConfig) throws SecurityException
     {
-        super(ldapConfig);
+    	super(ldapConfig);
+    	membership=new LdapMemberShipDaoImpl(ldapConfig);
     }
 
     /**
@@ -84,7 +77,11 @@
      */
     public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-        modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))	
+    		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	
     }
 
     /**
@@ -97,7 +94,7 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyUserGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
+    private void modifyUserGroupByGroup(String userPrincipalUid, String groupPrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(userPrincipalUid);
@@ -102,14 +99,59 @@
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        String userDn = lookupByUid(userPrincipalUid);
+        
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
+        userDn+="," + getRootContext();
+        try
+        {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
+        		groupPrincipalUid+="," + getGroupFilterBase();
+        	groupPrincipalUid+="," + getRootContext();
+        	
+            String rdn = getSubcontextName(groupPrincipalUid);
+            Attributes attrs = new BasicAttributes(false);
+            attrs.put(getGroupMembershipAttribute(), userDn);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
+    
+    /**
+     * <p>
+     * Replace or delete the user group attribute.
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param groupPrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyUserGroupByUser(String userPrincipalUid, String groupPrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        validateUid(groupPrincipalUid);
+        
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
         try
         {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
+        		groupPrincipalUid+="," + getGroupFilterBase();
+        	groupPrincipalUid+="," + getRootContext();
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-group", groupPrincipalUid);
+            attrs.put(getUserGroupMembershipAttribute(), groupPrincipalUid);
+            logger.debug("modifying attrs on " + rdn + " with : " + attrs);
             ctx.modifyAttributes(rdn, operationType, attrs);
+            
         }
         catch (NamingException e)
         {
@@ -115,7 +157,7 @@
         {
             throw new SecurityException(e);
         }
-    }
+    }    
 
     /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
@@ -123,7 +165,11 @@
      */
     public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-        modifyUserGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))
+    		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	
     }
     
     /**
@@ -132,7 +178,10 @@
      */
     public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     }
 
     /**
@@ -138,6 +187,7 @@
     /**
      * <p>
      * Replace or delete the role attribute.
+     * 
      * </p>
      * 
      * @param userPrincipalUid
@@ -145,7 +195,7 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyUserRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+    private void modifyUserRoleByUser(String userPrincipalUid, String rolePrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(userPrincipalUid);
@@ -154,10 +204,15 @@
         
         try
         {
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	rolePrincipalUid+="," + getRootContext();
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-role", rolePrincipalUid);
+            attrs.put(getUserRoleMembershipAttribute(), rolePrincipalUid);
             ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
@@ -167,6 +222,42 @@
     }
 
     /**
+     * <p>
+     * Replace or delete the role attribute.
+     * 
+     * </p>
+     * 
+     * @param userPrincipalUid
+     * @param rolePrincipalUid
+     * @param operationType whether to replace or remove the specified user group from the user
+     * @throws SecurityException A {@link SecurityException}.
+     */
+    private void modifyUserRoleByRole(String userPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        validateUid(rolePrincipalUid);
+        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext();
+        
+        try
+        {
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
+            String rdn = getSubcontextName(rolePrincipalUid);
+            Attributes attrs = new BasicAttributes(false);
+
+            attrs.put(getRoleMembershipAttribute(), userDn);
+            ctx.modifyAttributes(rdn, operationType, attrs);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }    
+    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
      *      java.lang.String)
      */
@@ -172,7 +263,10 @@
      */
     public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyUserRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     }    
 
     /**
@@ -188,18 +282,12 @@
         Attributes attrs = new BasicAttributes(true);
         BasicAttribute classes = new BasicAttribute("objectclass");
 
-        classes.add("top");
-        classes.add("person");
-        classes.add("uidObject");
-        classes.add("organizationalPerson");
-        classes.add("inetorgperson");
-        classes.add("jetspeed-2-user");
+        for (int i=0;i<getObjectClasses().length;i++)
+        	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
         attrs.put("cn", principalUid);
-        attrs.put("uid", principalUid);
         attrs.put("sn", principalUid);
-        attrs.put("ou", getUsersOu());
-
+        attrs.put(getEntryPrefix(), principalUid);
         return attrs;
     }
 
@@ -208,16 +296,8 @@
      */
     protected String getDnSuffix()
     {
-        String suffix = "";
-        if (!StringUtils.isEmpty(getUsersOu()))
-        {
-            suffix += ",ou=" + getUsersOu();
-        }
-        if (!StringUtils.isEmpty(getDefaultDnSuffix()))
-        {
-            suffix += getDefaultDnSuffix();
-        }
-        return suffix;
+
+        return this.getUserFilterBase();
     }
 
     /**
@@ -234,84 +314,6 @@
     }
 
     /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return a String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-user";
-    }
-
-    /**
-     * <p>
-     * Return an array of the user principal UIDS that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
-    {
-        validateUid(groupPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            List userPrincipalUids = new ArrayList();
-            results = searchUserByGroup(groupPrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
-
-                userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
-    
-    /**
-     * <p>
-     * Return an array of the roles that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
-     * @throws SecurityException A {@link SecurityException}.
-     */
-    public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
-    {
-        validateUid(groupPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            List userPrincipalUids = new ArrayList();
-            results = searchRolesByGroup(groupPrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
-
-                userPrincipalUids.addAll(getAttributes(getAttribute(ROLE_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
-    
-    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#addGroup(java.lang.String,
      *      java.lang.String)
      */
@@ -317,7 +319,11 @@
      */
     public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+    	else
+    		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
+        
     }
 
     /**
@@ -330,7 +336,7 @@
      * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    private void modifyGroupRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+    private void modifyRoleGroupByRole(String groupPrincipalUid, String rolePrincipalUid, int operationType)
             throws SecurityException
     {
         validateUid(groupPrincipalUid);
@@ -338,10 +344,15 @@
         String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
+        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
             String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
 
-            attrs.put("j2-role", rolePrincipalUid);
+            attrs.put(getRoleGroupMembershipForRoleAttribute(), rolePrincipalUid);
             ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
@@ -349,92 +360,35 @@
             throw new SecurityException(e);
         }
     }
-
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
-     *      java.lang.String)
-     */
-    public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
-    {
-        modifyGroupRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
-    }        
     
-
     /**
      * <p>
-     * Search user by group.
+     * Replace or delete the user group attribute.
      * </p>
      * 
+     * @param userPrincipalUid
      * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
-     */
-    private NamingEnumeration searchUserByGroup(final String groupPrincipalUid, SearchControls cons)
-            throws NamingException
-    {
-        String query = "(&(" + GROUP_ATTR_NAME + "=" + (groupPrincipalUid) + ") (objectclass=" + getObjectClass() + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-
-        return searchResults;
-    }
-
-    /**
-     * <p>
-     * Search user by group.
-     * </p>
-     * 
-     * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
-     */
-    private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
-            throws NamingException
-    {
-        String query = "(&(" + UID_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + "jetspeed-2-group" + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-
-        return searchResults;
-    }
-    
-
-    
-    
-    /**
-     * <p>
-     * Return an array of the user principal UIDS that belong to a group.
-     * </p>
-     * 
-     * @param groupPrincipalUid The group principal uid.
-     * @return The array of user uids asociated with this group
+     * @param operationType whether to replace or remove the specified user group from the user
      * @throws SecurityException A {@link SecurityException}.
      */
-    public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+    private void modifyRoleGroupByGroup(String groupPrincipalUid, String rolePrincipalUid, int operationType)
+            throws SecurityException
     {
+        validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
+        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-            List userPrincipalUids = new ArrayList();
-            results = searchUserByRole(rolePrincipalUid, cons);
-            while (results.hasMore())
-            {
-                SearchResult result = (SearchResult) results.next();
-                Attributes answer = result.getAttributes();
+        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+        	
+        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
+        		rolePrincipalUid+="," + getRoleFilterBase();
+        	
+            String rdn = getSubcontextName(userDn);
+            Attributes attrs = new BasicAttributes(false);
 
-                userPrincipalUids.addAll(getAttributes(getAttribute(UID_ATTR_NAME, answer)));
-            }
-            return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
+            attrs.put(getGroupMembershipForRoleAttribute(), rolePrincipalUid);
+            ctx.modifyAttributes(rdn, operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -440,156 +394,168 @@
         {
             throw new SecurityException(e);
         }
-    }
+    }    
 
     /**
-     * <p>
-     * Search user by group.
-     * </p>
-     * 
-     * @param groupPrincipalUid
-     * @param cons
-     * @return
-     * @throws NamingException A {@link NamingException}.
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
+     *      java.lang.String)
      */
-    private NamingEnumeration searchUserByRole(final String rolePrincipalUid, SearchControls cons)
-            throws NamingException
+    public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-
-        String query = "(&(" + ROLE_ATTR_NAME + "=" + (rolePrincipalUid) + ") (objectclass=" + getObjectClass()
-                + "))";
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("query[" + query + "]");
-        }
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", query, cons);
-
-        return searchResults;
-    }
-    
+        
+    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+    	else
+    		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
+        
+    }        
     
-    /**
-     * @param userPrincipalUid
-     * @return the array of group uids asociated with this user
-     * @throws SecurityException
-     */
-    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
-    {
-        validateUid(userPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            results = searchByWildcardedUid(userPrincipalUid, cons);
-            return getGroups(results, userPrincipalUid);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
 
-    /**
-     * <p>
-     * Get the groups.
-     * </p>
-     * 
-     * @param results
-     * @param uid
-     * @return
-     * @throws NamingException
-     */
-    private String[] getGroups(final NamingEnumeration results, final String uid) throws NamingException
-    {
-        if (!results.hasMore())
-        {
-            throw new NamingException("Could not find any user with uid[" + uid + "]");
-        }
-
-        Attributes userAttributes = getFirstUser(results);
-
-        List uids = getAttributes(getAttribute(GROUP_ATTR_NAME, userAttributes));
-        return (String[]) uids.toArray(new String[uids.size()]);
-    }
+	protected String getEntryPrefix() {
+		return this.getUserIdAttribute();
+	}
 
-    
-    /**
-     * @param userPrincipalUid
-     * @return the array of group uids asociated with this user
-     * @throws SecurityException
-     */
-    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
-    {
-        validateUid(userPrincipalUid);
-        SearchControls cons = setSearchControls();
-        NamingEnumeration results;
-        try
-        {
-            results = searchByWildcardedUid(userPrincipalUid, cons);
-            return getRoles(results, userPrincipalUid);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
 
-    /**
-     * <p>
-     * Get the groups.
-     * </p>
-     * 
-     * @param results
-     * @param uid
-     * @return
-     * @throws NamingException
-     */
-    private String[] getRoles(final NamingEnumeration results, final String uid) throws NamingException
-    {
-        if (!results.hasMore())
-        {
-            throw new NamingException("Could not find any user with uid[" + uid + "]");
-        }
+	    /**
+	     * 
+	     * Return the list of group IDs for a particular user
+	     * 
+	     * @param userPrincipalUid
+	     * @return the array of group uids asociated with this user
+	     * @throws SecurityException
+	     */
+	    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
+	    {
+	        validateUid(userPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
+	        	}
+	        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
+	        	
+	        	
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }
 
-        Attributes userAttributes = getFirstUser(results);
+	/**
+	 * <p>
+	 * Return an array of the roles that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getRolesForGroup(String groupPrincipalUid) throws SecurityException
+	{
+	    {
+	        validateUid(groupPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals("")) { 
+	            	return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
+	        	}
+	        	return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }	    
+	}
 
-        List uids = getAttributes(getAttribute(ROLE_ATTR_NAME, userAttributes));
-        return (String[]) uids.toArray(new String[uids.size()]);
-    }    
-    
-    /**
-     * @param results
-     * @return
-     * @throws NamingException
-     */
-    private Attributes getFirstUser(NamingEnumeration results) throws NamingException
-    {
-        SearchResult result = (SearchResult) results.next();
-        Attributes answer = result.getAttributes();
+	    
+	    /**
+	     * 
+	     * Returns the role IDs for a particular user
+	     * 
+	     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
+	     * 
+	     * @param userPrincipalUid
+	     * @return the array of group uids asociated with this user
+	     * @throws SecurityException
+	     */
+	    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+	    {
+	        validateUid(userPrincipalUid);
+	        SearchControls cons = setSearchControls();
+	        try
+	        {
+	        	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
+	        	}
+	        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
+	        }
+	        catch (NamingException e)
+	        {
+	            throw new SecurityException(e);
+	        }
+	    }
 
-        return answer;
-    }
+	/**
+	 * <p>
+	 * Return an array of the user principal UIDS that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getUserUidsForGroup(String groupPrincipalUid) throws SecurityException
+	{
+		
+	    validateUid(groupPrincipalUid);
+	    SearchControls cons = setSearchControls();
+	    try
+	    {
+	    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	        	return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
+	    	}
+	    	return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
+	    }
+	    catch (NamingException e)
+	    {
+	        throw new SecurityException(e);
+	    }
+	}
 
-    /**
-     * @param attr
-     * @return
-     * @throws NamingException
-     */
-    private List getAttributes(Attribute attr) throws NamingException
-    {
-        List uids = new ArrayList();
-        if (attr != null)
-        {
-            Enumeration groupUidEnum = attr.getAll();
-            while (groupUidEnum.hasMoreElements())
-            {
-                uids.add(groupUidEnum.nextElement());
-            }
-        }
-        return uids;
-    }
-    
-	protected String getEntryPrefix() {
-		return "uid";
+	/**
+	 * <p>
+	 * Return an array of the user principal UIDS that belong to a group.
+	 * </p>
+	 * 
+	 * @param groupPrincipalUid The group principal uid.
+	 * @return The array of user uids asociated with this group
+	 * @throws SecurityException A {@link SecurityException}.
+	 */
+	public String[] getUserUidsForRole(String rolePrincipalUid) throws SecurityException
+	{
+	    validateUid(rolePrincipalUid);
+	    SearchControls cons = setSearchControls();
+	    try
+	    {
+	    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	            return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
+	    	}
+	    	return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
+	    }
+	    catch (NamingException e)
+	    {
+	        throw new SecurityException(e);
+	    }
 	}
+	
+	protected String[] getObjectClasses() {
+		return this.getUserObjectClasses();
+	}	
 }
\ No newline at end of file
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif	(revision 0)
@@ -0,0 +1,231 @@
+#
+# filters
+#   USER FILTER
+#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
+#
+#   GROUP FILTER
+#   (objectclass=groupofuniquenames)
+#
+#   ROLE FILTER
+#
+#   (objectclass=nsroledefinition)
+#
+#
+#
+#
+
+
+dn: o=sevenSeas
+aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
+aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
+  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
+aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
+o: Company2
+objectClass: top
+objectClass: organization
+creatorsname: cn=directory manager
+
+
+dn: ou=OrgUnit1,o=sevenSeas
+ou: OrgUnit1
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group2
+
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organization
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+uniqueMember: cn=Role3,ou=Roles,ou=OrgUnit1
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+uniqueMember: cn=admin,ou=Roles,ou=OrgUnit1
+userPassword: admin
+sn: admin
+cn: admin admin
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties	(revision 0)
@@ -0,0 +1,59 @@
+# Ldap Configuration.
+
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=10389
+org.apache.jetspeed.ldap.rootDn=uid\=admin\,ou\=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+#org.apache.jetspeed.ldap.defaultDnSuffix=
+#org.apache.jetspeed.ldap.ou.users=people
+#org.apache.jetspeed.ldap.ou.groups=groups
+#org.apache.jetspeed.ldap.ou.roles=roles
+
+# define the filters needed to search for roles/groups/users
+#org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
+org.apache.jetspeed.ldap.RoleFilter=(objectClass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=organization)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)
+
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=uniqueMember
+
+# define the way group membership occurs 
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,organization
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml	(revision 0)
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->  
+  <!-- Security SPI: RoleSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
+    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+  </bean>
+  
+  <!-- Security SPI: GroupSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+
+  
+  <!-- Security SPI: SecurityMappingHandler -->
+  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
+  >	
+  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
+  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
+  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+
+  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  </bean>
+  
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml	(revision 0)
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: LdapUserCredentialDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: LdapPrincipalDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: CredentialHandler -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
+  >       
+       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
+  </bean>
+  
+  <!-- Security SPI: UserSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
+  </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>10389</value></constructor-arg>
+      <!-- The LDAP server default dn suffix. -->
+      <constructor-arg index="3"><value></value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="5"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="6"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+		<!-- 
+      <constructor-arg index="7"><value>(&amp;(objectclass=ldapsubentry) (objectclass=nsroledefinition))</value></constructor-arg>
+       -->
+       <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectClass=organization)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value>uniqueMember</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,organization</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
+</bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml	(revision 0)
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+  	   init-method="init"
+  >  	   
+  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
+		name="SecurityCommonQueries" >
+		<property name="proxyInterfaces">
+			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+		</property>
+		<property name="target">
+			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+		</property>
+		<property name="transactionAttributes">
+			<props>				
+				<prop key="remove*">PROPAGATION_REQUIRED</prop>
+				<prop key="set*">PROPAGATION_REQUIRED</prop>
+				<prop key="*">PROPAGATION_SUPPORTS</prop>
+			</props>
+		</property>
+   </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif	(revision 0)
@@ -0,0 +1,197 @@
+# Sample LDIF file for populating an OpenLDAP
+
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin admin
+
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties	(revision 0)
@@ -0,0 +1,59 @@
+# Ldap Configuration.
+
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn\=Manager\,o\=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+#org.apache.jetspeed.ldap.defaultDnSuffix=
+#org.apache.jetspeed.ldap.ou.users=people
+#org.apache.jetspeed.ldap.ou.groups=groups
+#org.apache.jetspeed.ldap.ou.roles=roles
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml	(revision 0)
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->  
+  <!-- Security SPI: RoleSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
+    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+  </bean>
+  
+  <!-- Security SPI: GroupSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+
+  
+  <!-- Security SPI: SecurityMappingHandler -->
+  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
+  >	
+  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
+  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
+  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+
+  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  </bean>
+  
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml	(revision 0)
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: LdapUserCredentialDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: LdapPrincipalDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: CredentialHandler -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
+  >       
+       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
+  </bean>
+  
+  <!-- Security SPI: UserSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
+  </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server default dn suffix. -->
+      <constructor-arg index="3"><value></value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="5"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="6"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(&amp;(objectclass=inetorgperson)(objectclass=organizationalPerson))</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
+  </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml	(revision 0)
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+  	   init-method="init"
+  >  	   
+  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
+		name="SecurityCommonQueries" >
+		<property name="proxyInterfaces">
+			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+		</property>
+		<property name="target">
+			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+		</property>
+		<property name="transactionAttributes">
+			<props>				
+				<prop key="remove*">PROPAGATION_REQUIRED</prop>
+				<prop key="set*">PROPAGATION_REQUIRED</prop>
+				<prop key="*">PROPAGATION_SUPPORTS</prop>
+			</props>
+		</property>
+   </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif	(revision 0)
@@ -0,0 +1,199 @@
+#
+# filters
+#   USER FILTER
+#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
+#
+#   GROUP FILTER
+#   (objectclass=groupofuniquenames)
+#
+#   ROLE FILTER
+#
+#   (objectclass=nsroledefinition)
+#
+#
+#
+#
+
+
+dn: o=sevenSeas
+aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
+aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
+  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
+aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
+o: sevenSeas
+objectClass: top
+objectClass: organization
+creatorsname: cn=directory manager
+
+
+dn: cn=Group1,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group1
+
+
+dn: cn=Group2,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+cn: Group2
+
+
+dn: cn=Group3,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group3
+
+
+dn: ou=OrgUnit1,o=sevenSeas
+ou: OrgUnit1
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: admin
+
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+nsroledn: cn=Role1,o=sevenSeas
+nsrole: cn=role1,o=sevenSeas
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+nsroledn: cn=admin,o=sevenSeas
+nsrole: cn=admin,o=sevenSeas
+sn: admin
+cn: admin admin
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2s
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties	(revision 0)
@@ -0,0 +1,48 @@
+# Ldap Configuration.
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Directory Manager
+org.apache.jetspeed.ldap.rootPassword=adminmanager
+org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
+
+
+org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
+
+# define the way role membership occurs for users
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=nsroledn
+
+# define the way group membership occurs for users
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs for roles 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,ldapsubentry\,nsroledefinition\,nssimpleroledefinition\,nsmanagedroledefinition
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupofuniquenames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml	(revision 0)
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->  
+  <!-- Security SPI: RoleSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
+    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+  </bean>
+  
+  <!-- Security SPI: GroupSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
+  </bean>
+
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
+  >  	
+  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
+  </bean>
+  
+
+  
+  <!-- Security SPI: SecurityMappingHandler -->
+  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
+    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
+  >	
+  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
+  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
+  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
+
+  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
+  </bean>
+  
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml	(revision 0)
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: LdapUserCredentialDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: LdapPrincipalDao -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
+       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
+  >       
+       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
+  </bean>
+  
+  <!-- Security SPI: CredentialHandler -->
+  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
+       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
+  >       
+       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
+  </bean>
+  
+  <!-- Security SPI: UserSecurityHandler -->
+  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
+  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
+  >  	   
+  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
+  </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server default dn suffix. -->
+      <constructor-arg index="3"><value></value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="5"><value>cn=Directory Manager</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="6"><value>adminmanager</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="7"><value>(&amp;(objectclass=ldapsubentry) (objectclass=nsroledefinition))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="8"><value>(objectClass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
+      <!-- The userAuthenticationFiler. -->
+      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="11"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="12"><value>nsroledn</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="16"><value></value></constructor-arg>      
+           <!-- The defaultSearchBase. -->
+      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="18"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="19"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="21"><value>top,ldapsubentry,nsroledefinition,nssimpleroledefinition,nsmanagedroledefinition</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="22"><value>top,groupofuniquenames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+
+
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="25"><value>cn</value></constructor-arg>
+	  <!-- The userIdAttribute. -->
+      <constructor-arg index="26"><value>uid</value></constructor-arg>
+      
+  </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml	(revision 0)
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+  <!-- ************** Security SPI Handlers ************** -->
+  <!-- Security SPI: CommonQueries -->
+  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
+  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
+  	   init-method="init"
+  >  	   
+  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
+  </bean>
+  
+  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
+		name="SecurityCommonQueries" >
+		<property name="proxyInterfaces">
+			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
+		</property>
+		<property name="target">
+			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
+		</property>
+		<property name="transactionAttributes">
+			<props>				
+				<prop key="remove*">PROPAGATION_REQUIRED</prop>
+				<prop key="set*">PROPAGATION_REQUIRED</prop>
+				<prop key="*">PROPAGATION_SUPPORTS</prop>
+			</props>
+		</property>
+   </bean>
+
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java	(working copy)
@@ -30,6 +30,8 @@
 import org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl;
+import org.apache.jetspeed.security.spi.impl.ldap.LdapMemberShipDaoImpl;
+import org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl;
 import org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao;
@@ -73,6 +75,8 @@
     
     /** The {@link LdapGroupDao}. */
     LdapPrincipalDao ldapRoleDao;    
+    
+    LdapMembershipDao ldapMembershipDao;
 
     /** Random seed. */
     Random rand = new Random(System.currentTimeMillis());
@@ -78,22 +82,22 @@
     Random rand = new Random(System.currentTimeMillis());
 
     /** Group uid. */
-    protected String gpUid1;
+    protected String gpUid1 = "group1";
 
     /** Group uid. */
-    protected String gpUid2;
+    protected String gpUid2 = "group2";
     
     /** Role uid. */
-    protected String roleUid1;
+    protected String roleUid1 = "role1";
 
     /** Role uid. */
-    protected String roleUid2;    
+    protected String roleUid2 = "role2";    
 
     /** User uid. */
-    protected String uid1;
+    protected String uid1 = "user1";
 
     /** User uid. */
-    protected String uid2;
+    protected String uid2 = "user2";
 
     /** The test password. */
     protected String password = "fred";
@@ -104,7 +108,7 @@
     protected void setUp() throws Exception
     {
         super.setUp();
-        LdapBindingConfig ldapConfig = new LdapBindingConfig();
+        LdapBindingConfig ldapConfig = new LdapBindingConfig("apacheds");
         ldapCredDao = new LdapUserCredentialDaoImpl(ldapConfig);
         ldapPrincipalDao = new LdapUserPrincipalDaoImpl(ldapConfig);
 
@@ -112,11 +116,12 @@
         crHandler = new LdapCredentialHandler(ldapCredDao);
         LdapDataHelper.setUserSecurityHandler(userHandler);
         LdapDataHelper.setCredentialHandler(crHandler);
-        uid1 = Integer.toString(rand.nextInt());
-        uid2 = Integer.toString(rand.nextInt());
+//        uid1 = Integer.toString(rand.nextInt());
+//        uid2 = Integer.toString(rand.nextInt());
         
         ldapGroupDao = new LdapGroupDaoImpl(ldapConfig);
         ldapRoleDao = new LdapRoleDaoImpl(ldapConfig);
+        ldapMembershipDao = new LdapMemberShipDaoImpl(ldapConfig);
         grHandler = new LdapGroupSecurityHandler(ldapGroupDao);
         roleHandler = new LdapRoleSecurityHandler(ldapRoleDao);
         LdapDataHelper.setGroupSecurityHandler(grHandler);
@@ -121,11 +126,11 @@
         roleHandler = new LdapRoleSecurityHandler(ldapRoleDao);
         LdapDataHelper.setGroupSecurityHandler(grHandler);
         LdapDataHelper.setRoleSecurityHandler(roleHandler);
-        gpUid1 = Integer.toString(rand.nextInt());
-        gpUid2 = Integer.toString(rand.nextInt());
-        
-        roleUid1 = Integer.toString(rand.nextInt());
-        roleUid2 = Integer.toString(rand.nextInt());        
+//        gpUid1 = Integer.toString(rand.nextInt());
+//        gpUid2 = Integer.toString(rand.nextInt());
+//        
+//        roleUid1 = Integer.toString(rand.nextInt());
+//        roleUid2 = Integer.toString(rand.nextInt());        
         
         secHandler = new LdapSecurityMappingHandler(ldapPrincipalDao, ldapGroupDao, ldapRoleDao);
     }
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapGroupSecurityHandler.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapGroupSecurityHandler.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapGroupSecurityHandler.java	(working copy)
@@ -51,7 +51,11 @@
     public void testGetGroupPrincipal() throws Exception
     {
         String fullPath = (new GroupPrincipalImpl(gpUid1)).getFullPath();
-        assertNotNull("Group was not found.", grHandler.getGroupPrincipal(fullPath));
+        //GroupPrincipal groupPrincipal = grHandler.getGroupPrincipal(fullPath);
+        GroupPrincipal groupPrincipal = grHandler.getGroupPrincipal(gpUid1);
+        assertNotNull("Group was not found.", groupPrincipal);
+        assertEquals(gpUid1,groupPrincipal.getName());
+        assertEquals(fullPath,groupPrincipal.getFullPath());
     }
 
     /**
@@ -60,6 +64,17 @@
     public void testAddDuplicateGroupPrincipal() throws Exception
     {
         grHandler.setGroupPrincipal(new GroupPrincipalImpl(gpUid1));
+        List groups = grHandler.getGroupPrincipals("");
+        assertEquals(1,groups.size());
+    }
+    
+    /**
+     * @throws Exception
+     */
+    public void testGetNonExistingGroupPrincipal() throws Exception
+    {
+        GroupPrincipal group = grHandler.getGroupPrincipal(gpUid1 + "FAKE");
+        assertNull(group);
     }
 
     /**
@@ -69,7 +84,10 @@
     {
         GroupPrincipal gp = new GroupPrincipalImpl(gpUid1);
         grHandler.removeGroupPrincipal(gp);
-        assertNull("Group was found and should have been removed.", grHandler.getGroupPrincipal(gp.getFullPath()));
+        GroupPrincipal groupPrincipal = grHandler.getGroupPrincipal(gp.getFullPath());
+        assertNull("Group was found and should have been removed.", groupPrincipal);
+        List groups = grHandler.getGroupPrincipals("");
+        assertEquals(0,groups.size());        
     }
 
     /**
@@ -79,8 +97,9 @@
     {
         String localUid = Integer.toString(rand.nextInt()).toString();
         GroupPrincipal localPrin = new GroupPrincipalImpl(localUid);
-
         grHandler.removeGroupPrincipal(localPrin);
+        List groups = grHandler.getGroupPrincipals("");
+        assertEquals(1,groups.size());
     }
 
     /**
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java	(revision 0)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java	(revision 0)
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi.ldap;
+
+import java.util.List;
+
+import org.apache.jetspeed.security.RolePrincipal;
+import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+
+/**
+ * @author <a href="mailto:mike.long@dataline.com">Mike Long </a>, <a
+ *         href="mailto:dlestrat@apache.org">David Le Strat</a>
+ */
+public class TestLdapRoleSecurityHandler extends AbstractLdapTest
+{
+
+    /**
+     * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#setUp()
+     */
+    protected void setUp() throws Exception
+    {
+        super.setUp();
+        LdapDataHelper.seedRoleData(roleUid1);
+    }
+
+    /**
+     * @see org.apache.jetspeed.security.spi.ldap.AbstractLdapTest#tearDown()
+     */
+    protected void tearDown() throws Exception
+    {
+        super.tearDown();
+        LdapDataHelper.removeRoleData(roleUid1);
+    }
+
+    /**
+     * @throws Exception
+     */
+    public void testGetRolePrincipal() throws Exception
+    {
+        String fullPath = (new RolePrincipalImpl(roleUid1)).getFullPath();
+        //RolePrincipal rolePrincipal = grHandler.getRolePrincipal(fullPath);
+        RolePrincipal rolePrincipal = roleHandler.getRolePrincipal(roleUid1);
+        assertNotNull("Role was not found.", rolePrincipal);
+        assertEquals(roleUid1,rolePrincipal.getName());
+        assertEquals(fullPath,rolePrincipal.getFullPath());
+    }
+
+    /**
+     * @throws Exception
+     */
+    public void testAddDuplicateRolePrincipal() throws Exception
+    {
+    	roleHandler.setRolePrincipal(new RolePrincipalImpl(roleUid1));
+        List roles = roleHandler.getRolePrincipals("");
+        assertEquals(1,roles.size());
+    }
+    
+    /**
+     * @throws Exception
+     */
+    public void testGetNonExistingRolePrincipal() throws Exception
+    {
+        RolePrincipal role = roleHandler.getRolePrincipal(roleUid1 + "FAKE");
+        assertNull(role);
+    }
+
+    /**
+     * @throws Exception
+     */
+    public void testRemoveExistantUserPrincipal() throws Exception
+    {
+        RolePrincipal gp = new RolePrincipalImpl(roleUid1);
+        roleHandler.removeRolePrincipal(gp);
+        RolePrincipal rolePrincipal = roleHandler.getRolePrincipal(gp.getFullPath());
+        assertNull("Role was found and should have been removed.", rolePrincipal);
+        List roles = roleHandler.getRolePrincipals("");
+        assertEquals(0,roles.size());        
+    }
+
+    /**
+     * @throws Exception
+     */
+    public void testRemoveNonExistantUserPrincipal() throws Exception
+    {
+        String localUid = Integer.toString(rand.nextInt()).toString();
+        RolePrincipal localPrin = new RolePrincipalImpl(localUid);
+        roleHandler.removeRolePrincipal(localPrin);
+        List roles = roleHandler.getRolePrincipals("");
+        assertEquals(1,roles.size());
+    }
+
+    /**
+     * @throws Exception
+     */
+    public void testGetRolePrincipals() throws Exception
+    {
+        try
+        {
+            LdapDataHelper.seedRoleData(gpUid2);
+            assertTrue("getUserPrincipals should have returned more than one user.", roleHandler.getRolePrincipals("*")
+                    .size() > 1);
+
+            String fullPath = (new RolePrincipalImpl(roleUid1)).getFullPath();
+            List roles = roleHandler.getRolePrincipals(fullPath);
+            assertTrue("getRolePrincipals should have returned one role.", roles.size() == 1);
+            assertTrue("List should have consisted of RolePrincipal objects.", roles.get(0) instanceof RolePrincipal);
+
+            String localUid = Integer.toString(rand.nextInt()).toString();
+            assertTrue("getRolePrincipals should not have found any roles with the specified filter.", roleHandler
+                    .getRolePrincipals(new RolePrincipalImpl(localUid).getFullPath()).isEmpty());
+        }
+        finally
+        {
+            LdapDataHelper.removeRoleData(gpUid2);
+        }
+    }
+
+}
\ No newline at end of file
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java	(working copy)
@@ -16,6 +16,8 @@
 package org.apache.jetspeed.security.spi.ldap;
 
 
+import java.util.Set;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.GroupPrincipal;
@@ -23,6 +25,7 @@
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
+import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 import org.apache.jetspeed.security.spi.SecurityMappingHandler;
 
 /**
@@ -79,6 +82,8 @@
         LdapDataHelper.removeGroupData(gpUid2);
         LdapDataHelper.removeUserData(uid1);
         LdapDataHelper.removeUserData(uid2);
+        LdapDataHelper.removeRoleData(roleUid1);
+        LdapDataHelper.removeRoleData(roleUid2);
     }
 
     /**
@@ -90,12 +95,18 @@
     {
         secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
         secHandler.setUserPrincipalInGroup(uid2, gp1.getName());
-
         String fullPathName = new GroupPrincipalImpl(gpUid1).getName();
         logger.debug("Group full path name from testGetUserPrincipalsInGroup()[" + fullPathName + "]");
-        assertEquals("The user should have been in two groups.", 2, secHandler.getUserPrincipalsInGroup(fullPathName)
-                .size());
+        Set userPrincipals = secHandler.getUserPrincipalsInGroup(fullPathName);
+        //assertTrue(userPrincipals.contains(new UserPrincipalImpl("uid=" + uid1 + ",ou=People,ou=OrgUnit1")));
+        //assertTrue(userPrincipals.contains(new UserPrincipalImpl("uid=" + uid2 + ",ou=People,ou=OrgUnit1")));
+        assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
+        assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
+        
+        assertEquals("The user should have been in two groups.", 2, userPrincipals.size());
     }
+    
+
 
     /**
      * Adds 1 user to 2 groups, and checks its presence in both groups
@@ -109,6 +120,19 @@
         assertEquals("The user should have been in two groups.", 2, secHandler.getGroupPrincipals(uid1).size());
         
     }
+    
+
+    /**
+     * Adds 1 user to 2 groups, and checks its presence in both groups
+     * @throws Exception
+     */
+    public void testGetUserPrincipalInGroup() throws Exception
+    {
+        secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
+        secHandler.setUserPrincipalInGroup(uid1, gp2.getName());
+        secHandler.setUserPrincipalInRole(uid1, ro1.getName());
+        assertEquals(2, secHandler.getGroupPrincipals(uid1).size());
+    }    
 
     /**
      * @throws Exception
@@ -175,9 +199,49 @@
 
         String fullPathName = new RolePrincipalImpl(roleUid1).getName();
         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
-        assertEquals("The user should have been in two roles.", 2, secHandler.getUserPrincipalsInRole(fullPathName)
+        Set userPrincipals = secHandler.getUserPrincipalsInRole(fullPathName);
+        assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
+        assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
+        assertEquals("The user should have been in two roles.", 2, userPrincipals.size());
+    }
+    
+    /**
+     * Adds 2 users to a group and checks their presence in the group
+     * 
+     * @throws Exception
+     */
+    public void testGetRolePrincipalInGroup() throws Exception
+    {
+        secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
+        secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
+        secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
+
+
+        String fullPathName = new RolePrincipalImpl(roleUid1).getName();
+        logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
+        assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
+        assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
+    } 
+    
+    /**
+     * Adds 2 users to a group and checks their presence in the group
+     * 
+     * @throws Exception
+     */
+    public void testGetRolePrincipalInGroup2() throws Exception
+    {
+        secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
+        secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
+        secHandler.setUserPrincipalInRole(uid1, ro1.getName());
+        secHandler.setUserPrincipalInRole(uid1, ro2.getName());
+        String fullPathName = new RolePrincipalImpl(gpUid1).getName();
+        logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
+        assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
                 .size());
-    }
+        assertEquals("The group should have contained 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid1)
+                .size());
+        
+    }     
 
     /**
      * Adds 1 user to 2 roles, and checks its presence in both roles
@@ -187,10 +251,28 @@
     {
         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
-
-        assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size());
+        Set rolePrinciples = secHandler.getRolePrincipals(uid1);
+        assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
+        assertTrue(rolePrinciples.contains(ro1));
+        assertTrue(rolePrinciples.contains(ro2));
         
     }
+    
+    /**
+     * Adds 1 user to 2 roles & 1 group, and checks its presence in both roles
+     * @throws Exception
+     */
+    public void testSetUserPrincipalInRole2() throws Exception
+    {
+        secHandler.setUserPrincipalInRole(uid1, ro1.getName());
+        secHandler.setUserPrincipalInRole(uid1, ro2.getName());
+        secHandler.setUserPrincipalInGroup(uid1, gp1.getName());
+        Set rolePrinciples = secHandler.getRolePrincipals(uid1);
+        assertEquals("The user should have been in two roles.", 2, rolePrinciples.size());
+        assertTrue(rolePrinciples.contains(ro1));
+        assertTrue(rolePrinciples.contains(ro2));
+        
+    }    
 
     /**
      * @throws Exception
@@ -208,6 +290,8 @@
         secHandler.removeUserPrincipalInRole(uid1, ro2.getName());
         assertEquals("The user should have been in two roles.", 0, secHandler.getRolePrincipals(uid1).size());
     }
+    
+   
 
     /**
      * @throws Exception
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security-schema/src/main/schema/jetspeed.schema
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security-schema/src/main/schema/jetspeed.schema	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/components/security-schema/src/main/schema/jetspeed.schema	(working copy)
@@ -58,7 +58,7 @@
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.1 NAME 'jetspeed-2-group'
 	DESC 'Jetspeed-2 group'
 	SUP (groupOfUniqueNames)
-	MUST ( uid)
+	MUST ( j2-classname $ uid)
 	MAY ( j2-role $ creation-date $ modified-date $ cn $ ou) )
 
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.2 NAME 'jetspeed-2-permission'
@@ -63,7 +63,7 @@
 
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.2 NAME 'jetspeed-2-permission'
 	DESC 'Jetspeed-2 permission'
-	MUST ( uid)
+	MUST ( j2-classname $ uid)
 	MAY ( j2-action $ creation-date $ modified-date) )
 
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.3 NAME 'jetspeed-2-role'
@@ -69,7 +69,7 @@
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.3 NAME 'jetspeed-2-role'
 	DESC 'Jetspeed-2 role'
 	SUP (groupOfUniqueNames)
-	MUST ( uid)
+	MUST ( j2-classname $ uid)
 	MAY ( creation-date $ modified-date $ cn $ ou) )
 
 objectclass ( 1.3.6.1.4.1.8100.1.2.4.4 NAME 'jetspeed-2-user'
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/etc/apacheds/apacheds-server.xml
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/etc/apacheds/apacheds-server.xml	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/etc/apacheds/apacheds-server.xml	(working copy)
@@ -1,172 +1,171 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
-  "http://www.springframework.org/dtd/spring-beans.dtd">
-
-<beans>
-  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
-    <property name="properties">
-      <props>
-        <prop key="asn.1.berlib.provider">org.apache.ldap.common.berlib.asn1.SnickersProvider</prop>
-        <!--prop key="asn.1.berlib.provider">org.apache.asn1new.ldap.TwixProvider</prop-->
-        <prop key="java.naming.security.authentication">simple</prop>
-        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
-        <prop key="java.naming.security.credentials">secret</prop>
-        <prop key="java.naming.ldap.attributes.binary">photo personalSignature audio jpegPhoto javaSerializedData userPassword userCertificate cACertificate authorityRevocationList certificateRevocationList crossCertificatePair x500UniqueIdentifier krb5Key</prop>
-        <!--<prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
-        <!--<prop key="kdc.java.naming.security.credentials">secret</prop>-->
-        <!--<prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
-        <!--<prop key="changepw.java.naming.security.credentials">secret</prop>-->
-      </props>
-    </property>
-  </bean>
-  
-  <bean id="configuration" class="org.apache.ldap.server.configuration.MutableServerStartupConfiguration">
-    <property name="workingDirectory"><value>target/apacheds/example.com</value></property>
-
-    <!-- Uncomment below to have the server load entries on startup!        -->
-    <!-- ldifDirectory property can point to a relative file, directory or  -->
-    <!-- can point to an absolute path to either using the URL path         -->
-    <!-- notation: i.e. file:///Users/jack/apacheds/ldifs                   -->
-
-    <!-- Entries will optionally be filtered using LdifLoadFilters in the   -->
-    <!-- order specified.  The included Krb5KdcEntryFilter will filter      -->
-    <!-- kerberos principals creating keys for them using their             -->
-    <!-- userPassword attribute if present.                                 -->
-
-    <!--<property name="ldifDirectory">
-      <value>example.ldif</value>
-    </property>
-    <property name="ldifFilters">
-      <list>
-        <bean class="org.apache.protocol.common.store.Krb5KdcEntryFilter"/>
-      </list>
-    </property>-->
-
-    <property name="allowAnonymousAccess"><value>false</value></property>
-    <property name="accessControlEnabled"><value>false</value></property>
-    <property name="enableNtp"><value>false</value></property>
-    <property name="enableKerberos"><value>false</value></property>
-    <property name="enableChangePassword"><value>false</value></property>
-    <property name="ldapPort"><value>10389</value></property>
-    <property name="contextPartitionConfigurations">
-      <set>
-        <ref bean="examplePartitionConfiguration"/>
-      </set>
-    </property>
-    <property name="bootstrapSchemas">
-      <set>
-        <bean class="org.apache.ldap.server.schema.bootstrap.AutofsSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.CorbaSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.CoreSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.CosineSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.ApacheSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.CollectiveSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.InetorgpersonSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.JavaSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.Krb5kdcSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.NisSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.SystemSchema"/>
-        <bean class="org.apache.ldap.server.schema.bootstrap.ApachednsSchema"/>
-        <bean class="org.apache.jetspeed.security.ldap.JetspeedSchema"/>
-      </set>
-    </property>
-    
-    <property name="interceptorConfigurations">
-      <list>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>normalizationService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.normalization.NormalizationService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>authenticationService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.authn.AuthenticationService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>authorizationService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.authz.AuthorizationService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>oldAuthorizationService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.authz.OldAuthorizationService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>exceptionService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.exception.ExceptionService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>schemaService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.schema.SchemaService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>subentryService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.subtree.SubentryService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>operationalAttributeService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.operational.OperationalAttributeService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>collectiveAttributeService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.collective.CollectiveAttributeService" />
-          </property>
-        </bean>
-        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
-          <property name="name"><value>eventService</value></property>
-          <property name="interceptor">
-            <bean class="org.apache.ldap.server.event.EventService" />
-          </property>
-        </bean>
-      </list>
-    </property>
-  </bean>
-  
-  <bean id="examplePartitionConfiguration" class="org.apache.ldap.server.configuration.MutableDirectoryPartitionConfiguration">
-    <property name="name"><value>example</value></property>
-    <property name="suffix"><value>o=sevenSeas</value></property>
-    <property name="indexedAttributes">
-      <set>
-        <value>dc</value>
-        <value>ou</value>
-        <value>objectClass</value>
-        <value>krb5PrincipalName</value>
-        <value>uid</value>
-      </set>
-    </property>
-    <property name="contextEntry">
-      <value>
-        objectClass: top
-        objectClass: domain
-        objectClass: extensibleObject
-        dc: example
-      </value>
-    </property>
-  </bean>
-
-  <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
-    <property name="customEditors">
-      <map>
-        <entry key="javax.naming.directory.Attributes">
-          <bean class="org.apache.ldap.server.configuration.AttributesPropertyEditor"/>
-        </entry>
-      </map>
-   </property>
-  </bean>
-</beans>
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+  "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+    <property name="properties">
+      <props>
+        <prop key="asn.1.berlib.provider">org.apache.ldap.common.berlib.asn1.SnickersProvider</prop>
+        <!--prop key="asn.1.berlib.provider">org.apache.asn1new.ldap.TwixProvider</prop-->
+        <prop key="java.naming.security.authentication">simple</prop>
+        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+        <prop key="java.naming.security.credentials">secret</prop>
+        <prop key="java.naming.ldap.attributes.binary">photo personalSignature audio jpegPhoto javaSerializedData userPassword userCertificate cACertificate authorityRevocationList certificateRevocationList crossCertificatePair x500UniqueIdentifier krb5Key</prop>
+        <!--<prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
+        <!--<prop key="kdc.java.naming.security.credentials">secret</prop>-->
+        <!--<prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>-->
+        <!--<prop key="changepw.java.naming.security.credentials">secret</prop>-->
+      </props>
+    </property>
+  </bean>
+  
+  <bean id="configuration" class="org.apache.ldap.server.configuration.MutableServerStartupConfiguration">
+    <property name="workingDirectory"><value>target/apacheds/example.com</value></property>
+
+    <!-- Uncomment below to have the server load entries on startup!        -->
+    <!-- ldifDirectory property can point to a relative file, directory or  -->
+    <!-- can point to an absolute path to either using the URL path         -->
+    <!-- notation: i.e. file:///Users/jack/apacheds/ldifs                   -->
+
+    <!-- Entries will optionally be filtered using LdifLoadFilters in the   -->
+    <!-- order specified.  The included Krb5KdcEntryFilter will filter      -->
+    <!-- kerberos principals creating keys for them using their             -->
+    <!-- userPassword attribute if present.                                 -->
+
+    <!--<property name="ldifDirectory">
+      <value>example.ldif</value>
+    </property>
+    <property name="ldifFilters">
+      <list>
+        <bean class="org.apache.protocol.common.store.Krb5KdcEntryFilter"/>
+      </list>
+    </property>-->
+
+    <property name="allowAnonymousAccess"><value>false</value></property>
+    <property name="accessControlEnabled"><value>false</value></property>
+    <property name="enableNtp"><value>false</value></property>
+    <property name="enableKerberos"><value>false</value></property>
+    <property name="enableChangePassword"><value>false</value></property>
+    <property name="ldapPort"><value>10389</value></property>
+    <property name="contextPartitionConfigurations">
+      <set>
+        <ref bean="examplePartitionConfiguration"/>
+      </set>
+    </property>
+    <property name="bootstrapSchemas">
+      <set>
+        <bean class="org.apache.ldap.server.schema.bootstrap.AutofsSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.CorbaSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.CoreSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.CosineSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.ApacheSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.CollectiveSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.InetorgpersonSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.JavaSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.Krb5kdcSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.NisSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.SystemSchema"/>
+        <bean class="org.apache.ldap.server.schema.bootstrap.ApachednsSchema"/>
+      </set>
+    </property>
+    
+    <property name="interceptorConfigurations">
+      <list>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>normalizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.normalization.NormalizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authenticationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.authn.AuthenticationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.authz.AuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>oldAuthorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.authz.OldAuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>exceptionService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.exception.ExceptionService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>schemaService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.schema.SchemaService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>subentryService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.subtree.SubentryService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>operationalAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.operational.OperationalAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>collectiveAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.collective.CollectiveAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.ldap.server.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>eventService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.ldap.server.event.EventService" />
+          </property>
+        </bean>
+      </list>
+    </property>
+  </bean>
+  
+  <bean id="examplePartitionConfiguration" class="org.apache.ldap.server.configuration.MutableDirectoryPartitionConfiguration">
+    <property name="name"><value>example</value></property>
+    <property name="suffix"><value>o=sevenSeas</value></property>
+    <property name="indexedAttributes">
+      <set>
+        <value>dc</value>
+        <value>ou</value>
+        <value>objectClass</value>
+        <value>krb5PrincipalName</value>
+        <value>uid</value>
+      </set>
+    </property>
+    <property name="contextEntry">
+      <value>
+        objectClass: top
+        objectClass: domain
+        objectClass: extensibleObject
+        dc: example
+      </value>
+    </property>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+    <property name="customEditors">
+      <map>
+        <entry key="javax.naming.directory.Attributes">
+          <bean class="org.apache.ldap.server.configuration.AttributesPropertyEditor"/>
+        </entry>
+      </map>
+   </property>
+  </bean>
+</beans>
Index: /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/maven-plugin/plugin.jelly
===================================================================
--- /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/maven-plugin/plugin.jelly	(revision 446621)
+++ /home/davy/DEVELOPMENT/JAVA/WORKBENCH3/jetspeed-2/maven-plugin/plugin.jelly	(working copy)
@@ -829,7 +829,7 @@
       <arg value="-silent"/>
       <arg value="true"/>
       <arg value="-trace"/>
-      <arg value="false"/>
+      <arg value="true"/>
     </java>
   </goal>
     
@@ -923,7 +923,6 @@
     <echo file="target/apacheds/logs/apacheds.log">${maven.start.ldap.message}</echo>
     <java classname="org.apache.ldap.server.ServerMain" fork="yes">
       <classpath>
-        <pathelement path="${maven.repo.local}/${plugin.groupId}/jars/jetspeed-security-schema-${jetspeed.version}.jar"/>
         <pathelement path="${plugin.getDependencyPath('directory:apacheds-main')}"/>
       </classpath>
       <arg value="${org.apache.jetspeed.plugin.ldap.conf}"/>