Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapSecurityMappingHandler.java	(working copy)
@@ -98,8 +98,6 @@
         String fullPathName = new GroupPrincipalImpl(gpUid1).getName();
         logger.debug("Group full path name from testGetUserPrincipalsInGroup()[" + fullPathName + "]");
         Set userPrincipals = secHandler.getUserPrincipalsInGroup(fullPathName);
-        //assertTrue(userPrincipals.contains(new UserPrincipalImpl("uid=" + uid1 + ",ou=People,ou=OrgUnit1")));
-        //assertTrue(userPrincipals.contains(new UserPrincipalImpl("uid=" + uid2 + ",ou=People,ou=OrgUnit1")));
         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid1)));
         assertTrue(userPrincipals.contains(new UserPrincipalImpl(uid2)));
         
@@ -215,14 +213,34 @@
         secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
         secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
         secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
+        
 
+        String fullPathName = new RolePrincipalImpl(roleUid1).getName();
+        logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
+        assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
+        assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
+    }
+    
+    /**
+     * Adds 2 roles + 1 user to a group and checks their presence in the group.
+     * 
+     * @throws Exception
+     */
+    public void testGetRolePrincipalInGroupWithUsersInIt() throws Exception
+    {
+        secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
+        secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
+        secHandler.setRolePrincipalInGroup(gpUid2, ro1.getName());
+        secHandler.setUserPrincipalInGroup(uid1,gpUid1);
+        
 
         String fullPathName = new RolePrincipalImpl(roleUid1).getName();
         logger.debug("Role full path name from testGetUserPrincipalsInRole()[" + fullPathName + "]");
         assertEquals("The group should have 2 roles.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
         assertEquals("The group should have 1 role.", 1, secHandler.getRolePrincipalsInGroup(gpUid2).size());
-    } 
+    }     
     
+    
     /**
      * Adds 2 users to a group and checks their presence in the group
      * 
@@ -281,7 +299,6 @@
     {
         secHandler.setUserPrincipalInRole(uid1, ro1.getName());
         secHandler.setUserPrincipalInRole(uid1, ro2.getName());
-
         assertEquals("The user should have been in two roles.", 2, secHandler.getRolePrincipals(uid1).size());
 
         secHandler.removeUserPrincipalInRole(uid1, ro1.getName());
@@ -292,7 +309,23 @@
     }
     
    
+    /**
+     * @throws Exception
+     */
+    public void testRemoveRolePrincipalInGroup() throws Exception
+    {
+        secHandler.setRolePrincipalInGroup(gpUid1, ro1.getName());
+        secHandler.setRolePrincipalInGroup(gpUid1, ro2.getName());
+        assertEquals("The role should have been in two groups.", 2, secHandler.getRolePrincipalsInGroup(gpUid1).size());
 
+        secHandler.removeRolePrincipalInGroup(gpUid1,ro1.getName());
+        assertEquals("The role should have been in one group.", 1, secHandler.getRolePrincipalsInGroup(gpUid1).size());
+
+        secHandler.removeRolePrincipalInGroup(gpUid1, ro2.getName());
+        assertEquals("The role should have been in 0 roles.", 0, secHandler.getRolePrincipalsInGroup(gpUid1).size());
+    }
+    
+
     /**
      * @throws Exception
      */
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/AbstractLdapTest.java	(working copy)
@@ -49,6 +49,8 @@
  */
 public abstract class AbstractLdapTest extends TestCase
 {
+	private static final String LDAP_CONFIG = "apacheds/setup3";
+	
     /** The {@link UserSecurityHandler}. */
     UserSecurityHandler userHandler;
 
@@ -101,6 +103,7 @@
 
     /** The test password. */
     protected String password = "fred";
+    
 
     /**
      * @see junit.framework.TestCase#setUp()
@@ -108,7 +111,7 @@
     protected void setUp() throws Exception
     {
         super.setUp();
-        LdapBindingConfig ldapConfig = new LdapBindingConfig("apacheds");
+        LdapBindingConfig ldapConfig = new LdapBindingConfig(LDAP_CONFIG);
         ldapCredDao = new LdapUserCredentialDaoImpl(ldapConfig);
         ldapPrincipalDao = new LdapUserPrincipalDaoImpl(ldapConfig);
 
@@ -116,8 +119,6 @@
         crHandler = new LdapCredentialHandler(ldapCredDao);
         LdapDataHelper.setUserSecurityHandler(userHandler);
         LdapDataHelper.setCredentialHandler(crHandler);
-//        uid1 = Integer.toString(rand.nextInt());
-//        uid2 = Integer.toString(rand.nextInt());
         
         ldapGroupDao = new LdapGroupDaoImpl(ldapConfig);
         ldapRoleDao = new LdapRoleDaoImpl(ldapConfig);
@@ -126,11 +127,6 @@
         roleHandler = new LdapRoleSecurityHandler(ldapRoleDao);
         LdapDataHelper.setGroupSecurityHandler(grHandler);
         LdapDataHelper.setRoleSecurityHandler(roleHandler);
-//        gpUid1 = Integer.toString(rand.nextInt());
-//        gpUid2 = Integer.toString(rand.nextInt());
-//        
-//        roleUid1 = Integer.toString(rand.nextInt());
-//        roleUid2 = Integer.toString(rand.nextInt());        
         
         secHandler = new LdapSecurityMappingHandler(ldapPrincipalDao, ldapGroupDao, ldapRoleDao);
     }
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/org/apache/jetspeed/security/spi/ldap/TestLdapRoleSecurityHandler.java	(working copy)
@@ -51,7 +51,6 @@
     public void testGetRolePrincipal() throws Exception
     {
         String fullPath = (new RolePrincipalImpl(roleUid1)).getFullPath();
-        //RolePrincipal rolePrincipal = grHandler.getRolePrincipal(fullPath);
         RolePrincipal rolePrincipal = roleHandler.getRolePrincipal(roleUid1);
         assertNotNull("Role was not found.", rolePrincipal);
         assertEquals(roleUid1,rolePrincipal.getName());
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/ldap/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/ldap/ldap.properties	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/ldap/ldap.properties	(working copy)
@@ -1,11 +0,0 @@
-# Ldap Configuration.
-org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
-org.apache.jetspeed.ldap.ldapServerName=localhost
-org.apache.jetspeed.ldap.ldapServerPort=10389
-org.apache.jetspeed.ldap.rootDn=uid\=admin\,ou\=system
-org.apache.jetspeed.ldap.rootPassword=secret
-org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
-org.apache.jetspeed.ldap.defaultDnSuffix=
-org.apache.jetspeed.ldap.ou.users=people
-org.apache.jetspeed.ldap.ou.groups=groups
-org.apache.jetspeed.ldap.ou.roles=roles
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi.xml	(working copy)
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: CommonQueries -->
-  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
-  	   init-method="init"
-  >  	   
-  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
-		name="SecurityCommonQueries" >
-		<property name="proxyInterfaces">
-			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
-		</property>
-		<property name="target">
-			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
-		</property>
-		<property name="transactionAttributes">
-			<props>				
-				<prop key="remove*">PROPAGATION_REQUIRED</prop>
-				<prop key="set*">PROPAGATION_REQUIRED</prop>
-				<prop key="*">PROPAGATION_SUPPORTS</prop>
-			</props>
-		</property>
-   </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/company1.ldif	(revision 0)
@@ -0,0 +1,224 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+memberOf: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+sn: admin
+cn: admin admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Manager\,o=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=memberOf
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=member
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/README.TXT
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/README.TXT	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/README.TXT	(revision 0)
@@ -0,0 +1,39 @@
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+	DESC 'RFC2256: a group of names (DNs)'
+	SUP top STRUCTURAL
+	MUST ( member $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+	
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+	SUP top STRUCTURAL
+	MUST (uniqueMember $  cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+
+objectclass	( 2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+	DESC 'RFC2798: Internet Organizational Person'
+    SUP organizationalPerson
+    STRUCTURAL
+	MAY (
+		memberOf $ audio $ businessCategory $ carLicense $ departmentNumber $
+		displayName $ employeeNumber $ employeeType $ givenName $
+		homePhone $ homePostalAddress $ initials $ jpegPhoto $
+		labeledURI $ mail $ manager $ mobile $ o $ pager $
+		photo $ roomNumber $ secretary $ uid $ userCertificate $
+		x500uniqueIdentifier $ preferredLanguage $
+		userSMIMECertificate $ userPKCS12 )
+	)
+
+
+
+Notice how the memberOf attribute was added to the inetOrgPerson objectclass.
+OpenLDAP doesn't support this attribute out of the box, so the attribute had to be created 
+
+attributetype ( 9.9.9.9 NAME 'memberOf'
+	DESC 'determines group membership on the user object'
+	SUP distinguishedName )
+	
+The attribute was added to support setting group membership on the user object.		
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup1/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value>memberOf</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value></value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value>member</value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/company1.ldif	(revision 0)
@@ -0,0 +1,221 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uniqueMember: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Manager\,o=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=uniqueMember
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup2/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>uniqueMember</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/company1.ldif	(revision 0)
@@ -0,0 +1,221 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+memberOf: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+memberOf: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+sn: admin
+cn: admin admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Manager\,o=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=memberOf
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=memberOf
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=member
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup3/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value>memberOf</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value></value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value>memberOf</value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value></value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value>member</value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/company1.ldif	(working copy)
@@ -1,197 +0,0 @@
-# Sample LDIF file for populating an OpenLDAP
-
-dn: ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organizationalunit
-ou: OrgUnit1
-
-dn: ou=OrgUnit2,o=sevenSeas
-ou: OrgUnit2
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=OrgUnit3,o=sevenSeas
-ou: OrgUnit3
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit1,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=People,ou=OrgUnit2,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit3,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Group1
-
-dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Group2
-
-dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Group3
-
-dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-uniqueMember:uid=admin,ou=People,ou=OrgUnit1
-cn: admin
-
-dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-uniqueMember:uid=admin,ou=People,ou=OrgUnit1
-cn: manager
-
-dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role1
-
-
-dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role2
-
-
-dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role3
-
-dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-uniqueMember: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
-cn: admin
-
-dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: manager
-
-dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User1
-givenName: OrgUnit1User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit1User1
-cn: OrgUnit1User1 OrgUnit1User1
-
-dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User2
-givenName: OrgUnit1User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit1User2
-cn: OrgUnit1User2 OrgUnit1User2
-
-dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User1
-givenName: OrgUnit2User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit2User1
-cn: OrgUnit2User1 OrgUnit2User1
-
-dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User2
-givenName: OrgUnit2User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit2User2
-cn: OrgUnit2User2 OrgUnit2User2
-
-
-dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User1
-givenName: OrgUnit3User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit3User1
-cn: OrgUnit3User1 OrgUnit3User1
-
-dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User2
-givenName: OrgUnit3User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit3User2
-cn: OrgUnit3User2 OrgUnit3User2
-
-dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: admin
-givenName: admin
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: admin
-sn: admin
-cn: admin admin
-
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/company1.ldif	(revision 0)
@@ -0,0 +1,176 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=People,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: cn=OrgUnit1User1,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit1User2,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit2User1,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit2User2,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit3User1,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit3User2,ou=People,o=sevenSeas
+uniqueMember: cn=adminuser,ou=People,o=sevenSeas
+cn: Group1
+
+dn: cn=Group2,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: cn=OrgUnit1User1,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit2User1,ou=People,o=sevenSeas
+uniqueMember: cn=OrgUnit3User1,ou=People,o=sevenSeas
+uniqueMember: cn=adminuser,ou=People,o=sevenSeas
+cn: Group2
+
+dn: cn=Group3,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: cn=OrgUnit1User1,ou=People,o=sevenSeas
+cn: Group3
+
+dn: cn=adminGroup,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: adminGroup
+
+dn: cn=managerGroup,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: cn=adminuser,ou=People,o=sevenSeas
+cn: managerGroup
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+member: cn=OrgUnit1User2,ou=People,o=sevenSeas
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+member: cn=OrgUnit1User2,ou=People,o=sevenSeas
+member: cn=OrgUnit2User2,ou=People,o=sevenSeas
+member: cn=OrgUnit3User2,ou=People,o=sevenSeas
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member:
+member: cn=OrgUnit1User1,ou=People,o=sevenSeas
+member: cn=OrgUnit1User2,ou=People,o=sevenSeas
+member: cn=OrgUnit2User1,ou=People,o=sevenSeas
+member: cn=OrgUnit2User2,ou=People,o=sevenSeas
+member: cn=OrgUnit3User1,ou=People,o=sevenSeas
+member: cn=OrgUnit3User2,ou=People,o=sevenSeas
+member: cn=adminuser,ou=People,o=sevenSeas
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: cn=adminuser,ou=People,o=sevenSeas
+cn: admin
+
+dn: cn=manager,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+member: cn=adminuser,ou=People,o=sevenSeas
+cn: manager
+
+dn: cn=OrgUnit1User1,ou=People,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=adminuser,ou=People,o=sevenSeas
+uid: adminuser
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: adminuser
+cn: adminuser
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Manager,o=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=ou=People
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=cn
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup4/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/company1.ldif	(revision 0)
@@ -0,0 +1,219 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: uid=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+member:
+cn: Role1
+uid: Role1
+
+
+dn: uid=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+member:
+cn: Role2
+uid: Role2
+
+
+dn: uid=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+member:
+cn: Role3
+uid: Role3
+
+dn: uid=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+member: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: admin
+uid: admin
+
+dn: uid=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupOfNames
+objectClass: uidObject
+member: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+cn: manager
+uid: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Manager\,o=sevenSeas
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,uidObject\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=uid
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=uid
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=cn={u}
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/setup5/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,uidObject,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>uid</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>uid</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>cn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/ldap.properties	(working copy)
@@ -1,59 +0,0 @@
-# Ldap Configuration.
-
-org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
-org.apache.jetspeed.ldap.ldapServerName=localhost
-org.apache.jetspeed.ldap.ldapServerPort=389
-org.apache.jetspeed.ldap.rootDn=cn\=Manager\,o\=sevenSeas
-org.apache.jetspeed.ldap.rootPassword=secret
-org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
-#org.apache.jetspeed.ldap.defaultDnSuffix=
-#org.apache.jetspeed.ldap.ou.users=people
-#org.apache.jetspeed.ldap.ou.groups=groups
-#org.apache.jetspeed.ldap.ou.roles=roles
-
-# define the filters needed to search for roles/groups/users
-org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
-org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
-org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
-
-org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
-
-# define the way role membership occurs
-# if RoleMembershipAttributes is used, membership attr will be stored on role
-# if UserRoleMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
-org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
-
-# define the way group membership occurs
-# if GroupMembershipAttributes is used, membership attr will be stored on group
-# if UserGroupMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
-org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
-
-# define the way group membership occurs 
-# if GroupMembershipAttributes is used, membership attr will be stored on group
-# if UserGroupMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
-org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
-
-
-
-# define the default search base. (=rootContext)
-org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
-
-# define the path to roles,groups and users
-# needs to be defined without the defaultsearchbase
-org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
-org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
-org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
-
-org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
-org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
-org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
-
-# define the ID attribute used to search roles/groups/users
-org.apache.jetspeed.ldap.RoleIdAttribute=cn
-org.apache.jetspeed.ldap.GroupIdAttribute=cn
-org.apache.jetspeed.ldap.UserIdAttribute=uid
-
-
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-atz.xml	(working copy)
@@ -1,60 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->  
-  <!-- Security SPI: RoleSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
-    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-  </bean>
-  
-  <!-- Security SPI: GroupSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
-  </bean>
-
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-
-  
-  <!-- Security SPI: SecurityMappingHandler -->
-  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
-    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
-  >	
-  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
-  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
-  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-
-  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  </bean>
-  
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap-atn.xml	(working copy)
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: LdapUserCredentialDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: LdapPrincipalDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: CredentialHandler -->
-  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
-       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
-  >       
-       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
-  </bean>
-  
-  <!-- Security SPI: UserSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
-  </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/openldap/security-spi-ldap.xml	(working copy)
@@ -1,79 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Ldap Configuration ************** -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
-      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
-      <!-- The LDAP initial context factory. -->
-      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
-      <!-- The LDAP server name. -->
-      <constructor-arg index="1"><value>localhost</value></constructor-arg>
-      <!-- The LDAP server port. -->
-      <constructor-arg index="2"><value>389</value></constructor-arg>
-      <!-- The LDAP server default dn suffix. -->
-      <constructor-arg index="3"><value></value></constructor-arg>
-      <!-- The LDAP server root context. -->
-      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The LDAP server root dn. -->
-      <constructor-arg index="5"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
-      <!-- The LDAP server root password. -->
-      <constructor-arg index="6"><value>secret</value></constructor-arg>
-      <!-- The roles filter. -->
-      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
-      <!-- The groups filter. -->
-      <constructor-arg index="8"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
-      <!-- The user filter. -->
-      <constructor-arg index="9"><value>(&amp;(objectclass=inetorgperson)(objectclass=organizationalPerson))</value></constructor-arg>
-      <!-- The userAuthenticationFiler. -->
-      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
-      <!-- The roleMembershipAttributes. -->
-      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
-      <!-- The userRoleMembershipAttributes. -->
-      <constructor-arg index="12"><value></value></constructor-arg>
-      <!-- The groupMembershipAttributes. -->
-      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
-      <!-- The userGroupMembershipAttributes. -->
-      <constructor-arg index="14"><value></value></constructor-arg>
-      <!-- The groupMembershipForRoleAttributes. -->
-      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
-      <!-- The roleGroupMembershipForRoleAttributes. -->
-      <constructor-arg index="16"><value></value></constructor-arg>      
-      <!-- The defaultSearchBase. -->
-      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The roleFilterBase. -->
-      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
-      <!-- The groupFilterBase. -->
-      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
-      <!-- The userFilterBase. -->
-      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
-      <!-- The roleObjectClasses. -->
-      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
-      <!-- The groupObjectClasses. -->
-      <constructor-arg index="22"><value>top,groupOfUniqueNames</value></constructor-arg>
-      <!-- The userObjectClasses. -->
-      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
-      <!-- The roleIdAttribute. -->
-      <constructor-arg index="24"><value>cn</value></constructor-arg>
-      <!-- The groupIdAttribute. -->
-      <constructor-arg index="25"><value>cn</value></constructor-arg>
-	  <!-- The userIdAttribute. -->
-      <constructor-arg index="26"><value>uid</value></constructor-arg>
-  </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/company.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/company.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/company.ldif	(revision 0)
@@ -0,0 +1,255 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfNames
+#
+# Roles have an empty memberOf attribute upon creation (required by schema)
+# Groups have an empty uniqueMember attribute upon creation (required by schema)
+#
+# Roles, Group and Users are stored under different organizational units.
+#
+dn: ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=ECS
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=ECS
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=People,ou=OrgUnit1
+uniqueMember: CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+uniqueMember: CN=OrgUnit1User2,OU=people,OU=orgunit1,O=ECS
+uniqueMember: CN=Role1,OU=roles,OU=orgunit1,O=ECS
+uniqueMember: CN=Role2,OU=roles,OU=orgunit1,O=ECS
+uniqueMember: CN=Role3,OU=roles,OU=orgunit1,O=ECS
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+uniqueMember: CN=Role1,OU=roles,OU=orgunit1,O=ECS
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+cn: Group3
+
+dn: cn=Group4,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+cn: Group4
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:cn=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:cn=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member:CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+member:CN=OrgUnit1User2,OU=people,OU=orgunit1,O=ECS
+member:CN=admin,OU=people,OU=orgunit1,O=ECS
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member:CN=OrgUnit1User1,OU=people,OU=orgunit1,O=ECS
+member:CN=OrgUnit1User2,OU=people,OU=orgunit1,O=ECS
+member:CN=admin,OU=people,OU=orgunit1,O=ECS
+cn: Role2
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member:CN=admin,OU=people,OU=orgunit1,O=ECS
+cn: Role3
+
+dn: cn=Role4,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role4
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member: cn=admin,ou=People,ou=OrgUnit1,o=ECS
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+member: cn=admin,ou=People,ou=OrgUnit1,o=ECS
+cn: manager
+
+dn: cn=OrgUnit1User1,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=admin,ou=People,ou=OrgUnit1,o=ECS
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin admin
+
+dn: cn=user1,ou=People,ou=OrgUnit1,o=ECS
+uid: user1
+givenName: user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: user1
+sn: user1
+cn: user1
+
+dn: cn=user2,ou=People,ou=OrgUnit1,o=ECS
+uid: user2
+givenName: user2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: user2
+sn: user2
+cn: user2
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/ldap.properties	(revision 0)
@@ -0,0 +1,65 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=Davy De Waele
+org.apache.jetspeed.ldap.rootPassword=adminadmin2
+org.apache.jetspeed.ldap.rootContext=o=ECS
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=roles\,ou=orgunit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=groups\,ou=orgunit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=people\,ou=orgunit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=cn
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup1/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=ECS</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>Davy De Waele</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>adminadmin2</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=roles,ou=orgunit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=groups,ou=orgunit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=people,ou=orgunit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/company.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/company.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/company.ldif	(revision 0)
@@ -0,0 +1,323 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# THIS SCRIPT REQUIRES US TO PUT THE uniqueMember ATTR ON organizationalPerson
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+# Roles and Groups are stored on the same level (o=ECS)
+#
+###########################################################
+# OrgUnits (objectClass: organizationalunit) 
+# Act as containers for different organizations
+###########################################################
+dn: ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=ECS
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=OrgUnit3,o=ECS
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+###########################################################
+# Subcontainers (objectClass: organizationalunit)
+# Subcontainers for People,Roles & Groups
+###########################################################
+dn: ou=People,ou=OrgUnit1,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+###########################################################
+# The groups (objectClass: groupOfUniqueNames)
+###########################################################
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: 
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: 
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Group1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group1
+
+dn: cn=Group2,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: 
+cn: Group2
+
+dn: cn=Group3,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: 
+cn: Group3
+
+dn: cn=adminGroup,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=managerGroup,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+###########################################################
+# The roles (objectClass: groupOfUniqueNames)
+###########################################################
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+dn: cn=Role2,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+dn: cn=Role3,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+###########################################################
+# The users (objectClass: organizationalPerson)
+###########################################################
+
+dn: cn=OrgUnit1User1,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=admin,ou=People,ou=OrgUnit1,o=ECS
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
+
+
+dn: cn=adminuser,o=ECS
+uid: adminuser
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+uniqueMember: CN=admin,o=ECS
+sn: admin
+cn: adminuser
+
+dn: cn=user1,o=ECS
+uid: user1
+givenName: user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: user1
+sn: user1
+cn: user1
+
+dn: cn=user2,o=ECS
+uid: user2
+givenName: user2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: user2
+sn: user2
+cn: user2
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/README.TXT
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/README.TXT	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/README.TXT	(revision 0)
@@ -0,0 +1,15 @@
+In order for this schema setup to work, modify the Domino schema 
+so that uniqueMember becomes an optional attribute for 
+organizationPerson
+
+Domino doesn't support putting role/group membership on the user
+object by default.
+
+objectclasses: (
+  2.5.6.7
+  NAME 'organizationalPerson'
+  DESC 'Defines entries for people employed by or associated with an organization.'
+  SUP person
+  STRUCTURAL
+  MAY ( uniqueMember $ title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ ou $ st $ l )
+  )
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/ldap.properties	(revision 0)
@@ -0,0 +1,65 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=Davy De Waele
+org.apache.jetspeed.ldap.rootPassword=adminadmin2
+org.apache.jetspeed.ldap.rootContext=o=ECS
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=uniqueMember
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=uniqueMember
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=uniqueMember
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=uniqueMember
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=cn
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup2/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=ECS</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>Davy De Waele</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>adminadmin2</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value>uniqueMember</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value></value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value>uniqueMember</value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value></value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value>uniqueMember</value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value></value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>uniqueMember</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/company.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/company.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/company.ldif	(revision 0)
@@ -0,0 +1,344 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# THIS SCRIPT REQUIRES US TO PUT THE uniqueMember ATTR ON organizationalPerson
+#
+# Group objectClass = groupOfNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+# Roles and Groups are stored on the same level (o=ECS)
+#
+###########################################################
+# OrgUnits (objectClass: organizationalunit) 
+# Act as containers for different organizations
+###########################################################
+dn: ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,o=ECS
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=OrgUnit3,o=ECS
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+###########################################################
+# Subcontainers (objectClass: organizationalunit)
+# Subcontainers for People,Roles & Groups
+###########################################################
+dn: ou=People,ou=OrgUnit1,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=ECS
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,o=ECS
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,o=ECS
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+###########################################################
+# The groups (objectClass: groupOfUniqueNames)
+###########################################################
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member: 
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member: 
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: manager
+
+dn: cn=Group1,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: Group1
+
+dn: cn=Group2,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member: 
+cn: Group2
+
+dn: cn=Group3,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member: 
+cn: Group3
+
+dn: cn=adminGroup,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: admin
+
+dn: cn=managerGroup,o=ECS
+objectClass: top
+objectClass: groupOfNames
+objectClass: dominoGroup
+member:
+cn: manager
+
+###########################################################
+# The roles (objectClass: groupOfUniqueNames)
+###########################################################
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+dn: cn=Role2,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+dn: cn=Role3,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+uniqueMember: cn=adminuser,o=ECS
+cn: admin
+
+dn: cn=manager,o=ECS
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+###########################################################
+# The users (objectClass: organizationalPerson)
+###########################################################
+
+dn: cn=OrgUnit1User1,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,ou=OrgUnit1,o=ECS
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,ou=OrgUnit2,o=ECS
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,ou=OrgUnit3,o=ECS
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=admin,ou=People,ou=OrgUnit1,o=ECS
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: admin
+sn: admin
+cn: admin
+
+
+dn: cn=adminuser,o=ECS
+uid: adminuser
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: admin
+uniqueMember: CN=admin,o=ECS
+sn: admin
+cn: adminuser
+
+dn: cn=user1,o=ECS
+uid: user1
+givenName: user1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: user1
+sn: user1
+cn: user1
+
+dn: cn=user2,o=ECS
+uid: user2
+givenName: user2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+objectClass: dominoPerson
+userPassword: user2
+sn: user2
+cn: user2
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/ldap.properties	(revision 0)
@@ -0,0 +1,65 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=Davy De Waele
+org.apache.jetspeed.ldap.rootPassword=adminadmin2
+org.apache.jetspeed.ldap.rootContext=o=ECS
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=groupOfUniqueNames)(!(objectClass=dominoGroup)))
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=dominoGroup)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)(objectclass=dominoPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=member
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfNames\,dominoGroup
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson\,dominoPerson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=uniqueMember
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=member
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=cn
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/domino/setup3/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=ECS</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>Davy De Waele</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>adminadmin2</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(&(objectclass=groupOfUniqueNames)(!(objectClass=dominoGroup)))</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=dominoGroup)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)(objectclass=dominoPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>member</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value></value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfNames,dominoGroup</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson,dominoPerson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>uniqueMember</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>member</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},uid={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi.xml	(working copy)
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: CommonQueries -->
-  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
-  	   init-method="init"
-  >  	   
-  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
-		name="SecurityCommonQueries" >
-		<property name="proxyInterfaces">
-			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
-		</property>
-		<property name="target">
-			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
-		</property>
-		<property name="transactionAttributes">
-			<props>				
-				<prop key="remove*">PROPAGATION_REQUIRED</prop>
-				<prop key="set*">PROPAGATION_REQUIRED</prop>
-				<prop key="*">PROPAGATION_SUPPORTS</prop>
-			</props>
-		</property>
-   </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/company1.ldif	(revision 0)
@@ -0,0 +1,210 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,ou=system
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,ou=system
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: cn=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin_group,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager_group,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+
+dn: cn=Role2,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+
+dn: cn=Role3,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=adminuser,ou=system
+cn: admin
+
+dn: cn=manager,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: manager
+
+dn: cn=OrgUnit1User1,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: cn=OrgUnit1User2,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: cn=OrgUnit2User1,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: cn=OrgUnit2User2,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: cn=OrgUnit3User1,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: cn=OrgUnit3User2,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: cn=adminuser,ou=system
+uid: adminuser
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=uid=admin\,ou=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=ou=system
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=cn
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}\,uid={u}
+org.apache.jetspeed.ldap.roleAttributes=
+org.apache.jetspeed.ldap.groupAttributes=
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup1/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Manager,o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value></value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>cn</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value></value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value></value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/company1.ldif	(revision 0)
@@ -0,0 +1,154 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+
+dn: ou=People,ou=system
+objectClass: top
+objectClass: organizationalunit
+ou: People
+
+dn: uid=OrgUnit1User1,ou=People,ou=system
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=system
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=system
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=system
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=system
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=system
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: cn=Group1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin_group,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: admin
+
+dn: cn=manager_group,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: manager
+
+dn: cn=Role1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role1
+
+
+dn: cn=Role2,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role2
+
+
+dn: cn=Role3,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role3
+
+dn: cn=admin,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: admin
+
+dn: cn=manager,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: 
+cn: manager
+
+dn: uid=admin,ou=People,ou=system
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+member: cn=admin,ou=system
+sn: admin
+cn: admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=uid=admin\,ou=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=ou=system
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=member
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=member
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=
+org.apache.jetspeed.ldap.UserFilterBase=ou=People
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=sn={u}
+org.apache.jetspeed.ldap.groupAttributes=sn={u}
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup2/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>ou=system</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value>member</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value></value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value>member</value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value></value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>sn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value>sn={u}</value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/company1.ldif	(revision 0)
@@ -0,0 +1,210 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfNames
+# Role objectClass = groupOfNames
+#
+# Roles and groups have an empty member attribute (required by schema)
+#
+dn: ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,ou=system
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,ou=system
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,ou=system
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=uid=admin\,ou=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=ou=system
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used\, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=member
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=member
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=member
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=member
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=member
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=sn={u}
+org.apache.jetspeed.ldap.groupAttributes=sn={u}
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup3/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>ou=system</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>member</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>member</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>member</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>member</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>member</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>sn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value>sn={u}</value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/company1.ldif	(working copy)
@@ -1,231 +0,0 @@
-#
-# filters
-#   USER FILTER
-#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
-#
-#   GROUP FILTER
-#   (objectclass=groupofuniquenames)
-#
-#   ROLE FILTER
-#
-#   (objectclass=nsroledefinition)
-#
-#
-#
-#
-
-
-dn: o=sevenSeas
-aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
-aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
-  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
-aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
-aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
-aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
-o: Company2
-objectClass: top
-objectClass: organization
-creatorsname: cn=directory manager
-
-
-dn: ou=OrgUnit1,o=sevenSeas
-ou: OrgUnit1
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=OrgUnit2,o=sevenSeas
-ou: OrgUnit2
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=OrgUnit3,o=sevenSeas
-ou: OrgUnit3
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit1,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit1,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=People,ou=OrgUnit2,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit2,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit2,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit3,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Groups,ou=OrgUnit3,o=sevenSeas
-ou: Groups
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=Roles,ou=OrgUnit3,o=sevenSeas
-ou: Roles
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organization
-cn: Group1
-
-dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organization
-cn: Group2
-
-
-dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organization
-cn: Group3
-
-dn: cn=admin,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organization
-member: uid=admin,ou=People,ou=OrgUnit1
-cn: admin
-
-dn: cn=manager,ou=Groups,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: organization
-member: uid=admin,ou=People,ou=OrgUnit1
-cn: manager
-
-dn: cn=Role1,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role1
-
-
-dn: cn=Role2,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role2
-
-
-dn: cn=Role3,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Role3
-
-dn: cn=admin,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: admin
-
-dn: cn=manager,ou=Roles,ou=OrgUnit1,o=sevenSeas
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: manager
-
-dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User1
-givenName: OrgUnit1User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
-userPassword: x
-sn: OrgUnit1User1
-cn: OrgUnit1User1 OrgUnit1User1
-
-dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User2
-givenName: OrgUnit1User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit1User2
-cn: OrgUnit1User2 OrgUnit1User2
-
-dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User1
-givenName: OrgUnit2User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
-uniqueMember: cn=Role3,ou=Roles,ou=OrgUnit1
-userPassword: x
-sn: OrgUnit2User1
-cn: OrgUnit2User1 OrgUnit2User1
-
-dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User2
-givenName: OrgUnit2User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit2User2
-cn: OrgUnit2User2 OrgUnit2User2
-
-
-dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User1
-givenName: OrgUnit3User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-uniqueMember: cn=Role1,ou=Roles,ou=OrgUnit1
-sn: OrgUnit3User1
-cn: OrgUnit3User1 OrgUnit3User1
-
-dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User2
-givenName: OrgUnit3User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit3User2
-cn: OrgUnit3User2 OrgUnit3User2
-
-dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: admin
-givenName: admin
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-uniqueMember: cn=admin,ou=Roles,ou=OrgUnit1
-userPassword: admin
-sn: admin
-cn: admin admin
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/company1.ldif	(revision 0)
@@ -0,0 +1,210 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Group objectClass = groupOfUniqueNames
+# Role objectClass = groupOfUniqueNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,ou=system
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,ou=system
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,ou=system
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=uid=admin\,ou=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=ou=system
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=uniqueMember
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=sn={u}
+org.apache.jetspeed.ldap.groupAttributes=sn={u}
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup4/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>ou=system</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>uniqueMember</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>sn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value>sn={u}</value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/company1.ldif	(revision 0)
@@ -0,0 +1,210 @@
+# Sample LDIF file for populating Lotus LDAP Server
+#
+# Role objectClass = groupOfUniqueNames
+# Group objectClass = groupOfNames
+#
+# Roles and groups have an empty uniqueMember attribute (required by schema)
+#
+dn: ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: organizationalunit
+ou: OrgUnit1
+
+dn: ou=OrgUnit2,ou=system
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,ou=system
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit1,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit1,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=People,ou=OrgUnit2,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit2,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit2,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,ou=system
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit3,ou=system
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Roles,ou=OrgUnit3,ou=system
+ou: Roles
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member: uid=admin,ou=People,ou=OrgUnit1
+cn: Group1
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Group2
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:
+cn: Group3
+
+dn: cn=admin,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:uid=admin,ou=People,ou=OrgUnit1
+cn: admin
+
+dn: cn=manager,ou=Groups,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfNames
+member:uid=admin,ou=People,ou=OrgUnit1
+cn: manager
+
+dn: cn=Role1,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role1
+
+
+dn: cn=Role2,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role2
+
+
+dn: cn=Role3,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember:
+cn: Role3
+
+dn: cn=admin,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: admin
+
+dn: cn=manager,ou=Roles,ou=OrgUnit1,ou=system
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=admin,ou=People,ou=OrgUnit1,ou=system
+cn: manager
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,ou=system
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,ou=system
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,ou=system
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,ou=system
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+sn: admin
+cn: admin admin
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=uid=admin\,ou=system
+org.apache.jetspeed.ldap.rootPassword=secret
+org.apache.jetspeed.ldap.rootContext=ou=system
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=member
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=ou=Roles\,ou=OrgUnit1
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupOfNames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=uniqueMember
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=member
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=sn={u}
+org.apache.jetspeed.ldap.groupAttributes=sn={u}
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/setup5/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>ou=system</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>uid=admin,ou=system</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>secret</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value>uniqueMember</value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value></value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>member</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value></value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,groupOfUniqueNames</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupOfNames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value>uniqueMember</value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>member</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>sn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value>sn={u}</value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/ldap.properties	(working copy)
@@ -1,59 +0,0 @@
-# Ldap Configuration.
-
-org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
-org.apache.jetspeed.ldap.ldapServerName=localhost
-org.apache.jetspeed.ldap.ldapServerPort=10389
-org.apache.jetspeed.ldap.rootDn=uid\=admin\,ou\=system
-org.apache.jetspeed.ldap.rootPassword=secret
-org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
-#org.apache.jetspeed.ldap.defaultDnSuffix=
-#org.apache.jetspeed.ldap.ou.users=people
-#org.apache.jetspeed.ldap.ou.groups=groups
-#org.apache.jetspeed.ldap.ou.roles=roles
-
-# define the filters needed to search for roles/groups/users
-#org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
-org.apache.jetspeed.ldap.RoleFilter=(objectClass=groupOfUniqueNames)
-org.apache.jetspeed.ldap.GroupFilter=(objectclass=organization)
-org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)
-
-
-org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
-
-# define the way role membership occurs
-# if RoleMembershipAttributes is used, membership attr will be stored on role
-# if UserRoleMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.RoleMembershipAttributes=member
-org.apache.jetspeed.ldap.UserRoleMembershipAttributes=
-
-# define the way group membership occurs
-# if GroupMembershipAttributes is used, membership attr will be stored on group
-# if UserGroupMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.GroupMembershipAttributes=
-org.apache.jetspeed.ldap.UserGroupMembershipAttributes=uniqueMember
-
-# define the way group membership occurs 
-# if GroupMembershipAttributes is used, membership attr will be stored on group
-# if UserGroupMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
-org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
-
-# define the default search base. (=rootContext)
-org.apache.jetspeed.ldap.DefaultSearchBase=o\=sevenSeas
-
-# define the path to roles,groups and users
-# needs to be defined without the defaultsearchbase
-org.apache.jetspeed.ldap.RoleFilterBase=ou\=Roles\,ou\=OrgUnit1
-org.apache.jetspeed.ldap.GroupFilterBase=ou\=Groups\,ou\=OrgUnit1
-org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
-
-org.apache.jetspeed.ldap.RoleObjectClasses=top\,groupOfUniqueNames
-org.apache.jetspeed.ldap.GroupObjectClasses=top\,organization
-org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
-
-# define the ID attribute used to search roles/groups/users
-org.apache.jetspeed.ldap.RoleIdAttribute=cn
-org.apache.jetspeed.ldap.GroupIdAttribute=cn
-org.apache.jetspeed.ldap.UserIdAttribute=uid
-
-
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-atz.xml	(working copy)
@@ -1,60 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->  
-  <!-- Security SPI: RoleSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
-    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-  </bean>
-  
-  <!-- Security SPI: GroupSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
-  </bean>
-
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-
-  
-  <!-- Security SPI: SecurityMappingHandler -->
-  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
-    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
-  >	
-  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
-  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
-  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-
-  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  </bean>
-  
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap-atn.xml	(working copy)
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: LdapUserCredentialDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: LdapPrincipalDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: CredentialHandler -->
-  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
-       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
-  >       
-       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
-  </bean>
-  
-  <!-- Security SPI: UserSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
-  </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/apacheds/security-spi-ldap.xml	(working copy)
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Ldap Configuration ************** -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
-      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
-      <!-- The LDAP initial context factory. -->
-      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
-      <!-- The LDAP server name. -->
-      <constructor-arg index="1"><value>localhost</value></constructor-arg>
-      <!-- The LDAP server port. -->
-      <constructor-arg index="2"><value>10389</value></constructor-arg>
-      <!-- The LDAP server default dn suffix. -->
-      <constructor-arg index="3"><value></value></constructor-arg>
-      <!-- The LDAP server root context. -->
-      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The LDAP server root dn. -->
-      <constructor-arg index="5"><value>uid=admin,ou=system</value></constructor-arg>
-      <!-- The LDAP server root password. -->
-      <constructor-arg index="6"><value>secret</value></constructor-arg>
-      <!-- The roles filter. -->
-		<!-- 
-      <constructor-arg index="7"><value>(&amp;(objectclass=ldapsubentry) (objectclass=nsroledefinition))</value></constructor-arg>
-       -->
-       <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames))</value></constructor-arg>
-      <!-- The groups filter. -->
-      <constructor-arg index="8"><value>(objectClass=organization)</value></constructor-arg>
-      <!-- The user filter. -->
-      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
-      <!-- The userAuthenticationFiler. -->
-      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
-      <!-- The roleMembershipAttributes. -->
-      <constructor-arg index="11"><value></value></constructor-arg>
-      <!-- The userRoleMembershipAttributes. -->
-      <constructor-arg index="12"><value>uniqueMember</value></constructor-arg>
-      <!-- The groupMembershipAttributes. -->
-      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
-      <!-- The userGroupMembershipAttributes. -->
-      <constructor-arg index="14"><value></value></constructor-arg>
-      <!-- The groupMembershipForRoleAttributes. -->
-      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
-      <!-- The roleGroupMembershipForRoleAttributes. -->
-      <constructor-arg index="16"><value></value></constructor-arg>      
-      <!-- The defaultSearchBase. -->
-      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The roleFilterBase. -->
-      <constructor-arg index="18"><value>ou=Roles,ou=OrgUnit1</value></constructor-arg>
-      <!-- The groupFilterBase. -->
-      <constructor-arg index="19"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
-      <!-- The userFilterBase. -->
-      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
-      <!-- The roleObjectClasses. -->
-      <constructor-arg index="21"><value>top,groupOfUniqueNames</value></constructor-arg>
-      <!-- The groupObjectClasses. -->
-      <constructor-arg index="22"><value>top,organization</value></constructor-arg>
-      <!-- The userObjectClasses. -->
-      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
-      <!-- The roleIdAttribute. -->
-      <constructor-arg index="24"><value>cn</value></constructor-arg>
-      <!-- The groupIdAttribute. -->
-      <constructor-arg index="25"><value>cn</value></constructor-arg>
-	  <!-- The userIdAttribute. -->
-      <constructor-arg index="26"><value>uid</value></constructor-arg>
-</bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi.xml	(working copy)
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: CommonQueries -->
-  <bean id="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"
-  	   init-method="init"
-  >  	   
-  	   <constructor-arg ><value>JETSPEED-INF/ojb/security_repository.xml</value></constructor-arg>  	   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.SecurityAccess" parent="baseTransactionProxy" 
-		name="SecurityCommonQueries" >
-		<property name="proxyInterfaces">
-			<value>org.apache.jetspeed.security.spi.SecurityAccess</value>
-		</property>
-		<property name="target">
-			<ref bean="org.apache.jetspeed.security.spi.impl.SecurityAccessImpl"/>
-		</property>
-		<property name="transactionAttributes">
-			<props>				
-				<prop key="remove*">PROPAGATION_REQUIRED</prop>
-				<prop key="set*">PROPAGATION_REQUIRED</prop>
-				<prop key="*">PROPAGATION_SUPPORTS</prop>
-			</props>
-		</property>
-   </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/company1.ldif	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/company1.ldif	(revision 0)
@@ -0,0 +1,194 @@
+#
+# filters
+#   USER FILTER
+#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
+#
+#   GROUP FILTER
+#   (objectclass=groupofuniquenames)
+#
+#   ROLE FILTER
+#
+#   (objectclass=nsroledefinition)
+#
+#
+#
+#
+
+
+
+
+
+dn: ou=OrgUnit1,o=sevenSeas
+ou: OrgUnit1
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=Groups,ou=OrgUnit1,o=sevenSeas
+ou: Groups
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Group1,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group1
+
+
+dn: cn=Group2,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uniqueMember: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+cn: Group2
+
+
+dn: cn=Group3,ou=Groups,ou=OrgUnit1,o=sevenSeas
+objectClass: top
+objectClass: groupofuniquenames
+cn: Group3
+
+
+dn: ou=OrgUnit2,o=sevenSeas
+ou: OrgUnit2
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: ou=OrgUnit3,o=sevenSeas
+ou: OrgUnit3
+objectClass: top
+objectClass: organizationalunit
+
+
+dn: cn=Role1,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role1
+
+
+dn: cn=Role2,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role2
+
+
+dn: cn=Role3,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: Role3
+
+dn: cn=admin,o=sevenSeas
+objectClass: top
+objectClass: ldapsubentry
+objectClass: nsroledefinition
+objectClass: nssimpleroledefinition
+objectClass: nsmanagedroledefinition
+cn: admin
+
+
+dn: ou=People,ou=OrgUnit1,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit2,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: ou=People,ou=OrgUnit3,o=sevenSeas
+ou: People
+objectClass: top
+objectClass: organizationalunit
+
+dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User1
+givenName: OrgUnit1User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+nsroledn: cn=Role1,o=sevenSeas
+nsrole: cn=role1,o=sevenSeas
+sn: OrgUnit1User1
+cn: OrgUnit1User1 OrgUnit1User1
+
+dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: OrgUnit1User2
+givenName: OrgUnit1User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit1User2
+cn: OrgUnit1User2 OrgUnit1User2
+
+dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
+uid: admin
+givenName: admin
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: admin
+nsroledn: cn=admin,o=sevenSeas
+nsrole: cn=admin,o=sevenSeas
+sn: admin
+cn: admin admin
+
+dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User1
+givenName: OrgUnit2User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User1
+cn: OrgUnit2User1 OrgUnit2User1
+
+dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
+uid: OrgUnit2User2
+givenName: OrgUnit2User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit2User2
+cn: OrgUnit2User2 OrgUnit2User2
+
+
+dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User1
+givenName: OrgUnit3User1
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User1
+cn: OrgUnit3User1 OrgUnit3User1
+
+dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
+uid: OrgUnit3User2
+givenName: OrgUnit3User2
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+userPassword: x
+sn: OrgUnit3User2
+cn: OrgUnit3User2 OrgUnit3User2s
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/ldap.properties	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/ldap.properties	(revision 0)
@@ -0,0 +1,67 @@
+# Connection parameters
+org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+org.apache.jetspeed.ldap.ldapServerName=localhost
+org.apache.jetspeed.ldap.ldapServerPort=389
+org.apache.jetspeed.ldap.rootDn=cn=Directory Manager
+org.apache.jetspeed.ldap.rootPassword=adminadmin
+org.apache.jetspeed.ldap.rootContext=o=sevenSeas
+
+# define the filters needed to search for roles/groups/users
+org.apache.jetspeed.ldap.RoleFilter=(objectclass=ldapsubentry) (objectclass=nsroledefinition)
+org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
+org.apache.jetspeed.ldap.UserFilter=(objectclass=inetorgperson)(objectclass=organizationalPerson)
+
+# define the way role membership occurs
+# if RoleMembershipAttributes is used, membership attr will be stored on role
+# if UserRoleMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.RoleMembershipAttributes=
+org.apache.jetspeed.ldap.UserRoleMembershipAttributes=nsroledn
+
+# define the way group membership occurs
+# if GroupMembershipAttributes is used, membership attr will be stored on group
+# if UserGroupMembershipAttributes is used, membership attr will be stored on user
+org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
+org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
+
+# define the way group membership occurs 
+# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
+# if RoleGroupMembershipForRoleAttributes is used, membership attr will be stored on role
+org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
+org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes=
+
+# define the default search base. (=rootContext)
+org.apache.jetspeed.ldap.DefaultSearchBase=o=sevenSeass
+
+# define the path to roles,groups and users
+# needs to be defined without the defaultsearchbase
+org.apache.jetspeed.ldap.RoleFilterBase=
+org.apache.jetspeed.ldap.GroupFilterBase=ou=Groups\,ou=OrgUnit1
+org.apache.jetspeed.ldap.UserFilterBase=ou=People\,ou=OrgUnit1
+
+org.apache.jetspeed.ldap.RoleObjectClasses=top\,ldapsubentry\,nsroledefinition\,nssimpleroledefinition\,nsmanagedroledefinition
+org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupofuniquenames
+org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
+
+# define the attributes that are required upon role/group creation
+org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses=
+org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses=uniqueMember
+
+# define the ID attribute used to search roles/groups/users
+org.apache.jetspeed.ldap.RoleIdAttribute=cn
+org.apache.jetspeed.ldap.GroupIdAttribute=cn
+org.apache.jetspeed.ldap.UserIdAttribute=uid
+
+org.apache.jetspeed.ldap.UidAttribute=uid
+org.apache.jetspeed.ldap.MemberShipSearchScope=1
+
+org.apache.jetspeed.ldap.roleUidAttribute=cn
+org.apache.jetspeed.ldap.groupUidAttribute=cn
+org.apache.jetspeed.ldap.userUidAttribute=uid	
+
+org.apache.jetspeed.ldap.userAttributes=sn={u}\,cn={u}
+org.apache.jetspeed.ldap.roleAttributes=cn={u}
+org.apache.jetspeed.ldap.groupAttributes=cn={u}
+
+org.apache.jetspeed.ldap.userPasswordAttribute=userPassword
+
+org.apache.jetspeed.ldap.knownAttributes=cn\,sn\,o\,uid\,ou\,objectClass\,nsroledn\,userPassword\,member\,uniqueMember\,memberOf
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/security-spi-ldap.xml	(revision 0)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/setup1/security-spi-ldap.xml	(revision 0)
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+<!--
+Copyright 2004 The Apache Software Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<beans>
+
+
+
+  <!-- ************** Ldap Configuration ************** -->
+  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
+      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
+      <!-- The LDAP initial context factory. -->
+      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
+      <!-- The LDAP server name. -->
+      <constructor-arg index="1"><value>localhost</value></constructor-arg>
+      <!-- The LDAP server port. -->
+      <constructor-arg index="2"><value>389</value></constructor-arg>
+      <!-- The LDAP server root context. -->
+      <constructor-arg index="3"><value>o=sevenSeas</value></constructor-arg>
+      <!-- The LDAP server root dn. -->
+      <constructor-arg index="4"><value>cn=Directory Manager</value></constructor-arg>
+      <!-- The LDAP server root password. -->
+      <constructor-arg index="5"><value>adminadmin</value></constructor-arg>
+      <!-- The roles filter. -->
+      <constructor-arg index="6"><value>(objectclass=ldapsubentry) (objectclass=nsroledefinition)</value></constructor-arg>
+      <!-- The groups filter. -->
+      <constructor-arg index="7"><value>(objectclass=groupOfUniqueNames)</value></constructor-arg>
+      <!-- The user filter. -->
+      <constructor-arg index="8"><value>(objectclass=inetorgperson)(objectclass=organizationalPerson)</value></constructor-arg>
+      <!-- The roleMembershipAttributes. -->
+      <constructor-arg index="9"><value></value></constructor-arg>
+      <!-- The userRoleMembershipAttributes. -->
+      <constructor-arg index="10"><value>nsroledn</value></constructor-arg>
+      <!-- The groupMembershipAttributes. -->
+      <constructor-arg index="11"><value>uniqueMember</value></constructor-arg>
+      <!-- The userGroupMembershipAttributes. -->
+      <constructor-arg index="12"><value></value></constructor-arg>
+      <!-- The groupMembershipForRoleAttributes. -->
+      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
+      <!-- The roleGroupMembershipForRoleAttributes. -->
+      <constructor-arg index="14"><value></value></constructor-arg>      
+      <!-- The defaultSearchBase. -->
+      <constructor-arg index="15"><value>o=sevenSeass</value></constructor-arg>
+      <!-- The roleFilterBase. -->
+      <constructor-arg index="16"><value></value></constructor-arg>
+      <!-- The groupFilterBase. -->
+      <constructor-arg index="17"><value>ou=Groups,ou=OrgUnit1</value></constructor-arg>
+      <!-- The userFilterBase. -->
+      <constructor-arg index="18"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
+      <!-- The roleObjectClasses. -->
+      <constructor-arg index="19"><value>top,ldapsubentry,nsroledefinition,nssimpleroledefinition,nsmanagedroledefinition</value></constructor-arg>
+      <!-- The groupObjectClasses. -->
+      <constructor-arg index="20"><value>top,groupofuniquenames</value></constructor-arg>
+      <!-- The userObjectClasses. -->
+      <constructor-arg index="21"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
+      <!-- The roleIdAttribute. -->
+      <constructor-arg index="22"><value>cn</value></constructor-arg>
+      <!-- The groupIdAttribute. -->
+      <constructor-arg index="23"><value>cn</value></constructor-arg>
+	  	<!-- The userIdAttribute. -->
+      <constructor-arg index="24"><value>uid</value></constructor-arg>
+      <!-- The UidAttribute. -->
+      <constructor-arg index="25"><value>uid</value></constructor-arg>
+      <!-- The MemberShipSearchScope. -->
+      <constructor-arg index="26"><value>1</value></constructor-arg>
+      <!-- The roleUidAttribute. -->
+      <constructor-arg index="27"><value>cn</value></constructor-arg>
+      <!-- The groupUidAttribute. -->
+      <constructor-arg index="28"><value>cn</value></constructor-arg>
+	  <!-- The userUidAttribute. -->
+      <constructor-arg index="29"><value>uid</value></constructor-arg>
+	  <!-- The roleObjectRequiredAttributeClasses. -->
+      <constructor-arg index="30"><value></value></constructor-arg>
+	  <!-- The groupObjectRequiredAttributeClasses. -->
+      <constructor-arg index="31"><value>uniqueMember</value></constructor-arg>
+	  <!-- The userAttributes. -->
+      <constructor-arg index="32"><value>sn={u},cn={u}</value></constructor-arg>
+	  <!-- The roleAttributes. -->
+      <constructor-arg index="33"><value>cn={u}</value></constructor-arg>
+	  <!-- The groupAttributes. -->
+      <constructor-arg index="34"><value>cn={u}</value></constructor-arg>
+	  <!-- The userPasswordAttribute. -->
+      <constructor-arg index="35"><value>userPassword</value></constructor-arg>
+	  <!-- The knownAttributes. -->
+      <constructor-arg index="36"><value>cn,sn,o,uid,ou,objectClass,userPassword,member,nsroledn,uniqueMember,memberOf</value></constructor-arg>
+  </bean>
+
+</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/company1.ldif	(working copy)
@@ -1,199 +0,0 @@
-#
-# filters
-#   USER FILTER
-#   (&(uid=OrgUnit3User2)(objectClass=inetorgperson))
-#
-#   GROUP FILTER
-#   (objectclass=groupofuniquenames)
-#
-#   ROLE FILTER
-#
-#   (objectclass=nsroledefinition)
-#
-#
-#
-#
-
-
-dn: o=sevenSeas
-aci: (targetattr != "userPassword") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
-aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version
-  3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
-aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin,ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
-aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
-aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///o=sevenSeas";)
-o: sevenSeas
-objectClass: top
-objectClass: organization
-creatorsname: cn=directory manager
-
-
-dn: cn=Group1,o=sevenSeas
-objectClass: top
-objectClass: groupofuniquenames
-cn: Group1
-
-
-dn: cn=Group2,o=sevenSeas
-objectClass: top
-objectClass: groupofuniquenames
-uniqueMember: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
-uniqueMember: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
-cn: Group2
-
-
-dn: cn=Group3,o=sevenSeas
-objectClass: top
-objectClass: groupofuniquenames
-cn: Group3
-
-
-dn: ou=OrgUnit1,o=sevenSeas
-ou: OrgUnit1
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=OrgUnit2,o=sevenSeas
-ou: OrgUnit2
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: ou=OrgUnit3,o=sevenSeas
-ou: OrgUnit3
-objectClass: top
-objectClass: organizationalunit
-
-
-dn: cn=Role1,o=sevenSeas
-objectClass: top
-objectClass: ldapsubentry
-objectClass: nsroledefinition
-objectClass: nssimpleroledefinition
-objectClass: nsmanagedroledefinition
-cn: Role1
-
-
-dn: cn=Role2,o=sevenSeas
-objectClass: top
-objectClass: ldapsubentry
-objectClass: nsroledefinition
-objectClass: nssimpleroledefinition
-objectClass: nsmanagedroledefinition
-cn: Role2
-
-
-dn: cn=Role3,o=sevenSeas
-objectClass: top
-objectClass: ldapsubentry
-objectClass: nsroledefinition
-objectClass: nssimpleroledefinition
-objectClass: nsmanagedroledefinition
-cn: Role3
-
-dn: cn=admin,o=sevenSeas
-objectClass: top
-objectClass: ldapsubentry
-objectClass: nsroledefinition
-objectClass: nssimpleroledefinition
-objectClass: nsmanagedroledefinition
-cn: admin
-
-
-dn: ou=People,ou=OrgUnit1,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit2,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: ou=People,ou=OrgUnit3,o=sevenSeas
-ou: People
-objectClass: top
-objectClass: organizationalunit
-
-dn: uid=OrgUnit1User1,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User1
-givenName: OrgUnit1User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-nsroledn: cn=Role1,o=sevenSeas
-nsrole: cn=role1,o=sevenSeas
-sn: OrgUnit1User1
-cn: OrgUnit1User1 OrgUnit1User1
-
-dn: uid=OrgUnit1User2,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: OrgUnit1User2
-givenName: OrgUnit1User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit1User2
-cn: OrgUnit1User2 OrgUnit1User2
-
-dn: uid=admin,ou=People,ou=OrgUnit1,o=sevenSeas
-uid: admin
-givenName: admin
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: admin
-nsroledn: cn=admin,o=sevenSeas
-nsrole: cn=admin,o=sevenSeas
-sn: admin
-cn: admin admin
-
-dn: uid=OrgUnit2User1,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User1
-givenName: OrgUnit2User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit2User1
-cn: OrgUnit2User1 OrgUnit2User1
-
-dn: uid=OrgUnit2User2,ou=People,ou=OrgUnit2,o=sevenSeas
-uid: OrgUnit2User2
-givenName: OrgUnit2User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit2User2
-cn: OrgUnit2User2 OrgUnit2User2
-
-
-dn: uid=OrgUnit3User1,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User1
-givenName: OrgUnit3User1
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit3User1
-cn: OrgUnit3User1 OrgUnit3User1
-
-dn: uid=OrgUnit3User2,ou=People,ou=OrgUnit3,o=sevenSeas
-uid: OrgUnit3User2
-givenName: OrgUnit3User2
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetorgperson
-userPassword: x
-sn: OrgUnit3User2
-cn: OrgUnit3User2 OrgUnit3User2s
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/ldap.properties	(working copy)
@@ -1,48 +0,0 @@
-# Ldap Configuration.
-org.apache.jetspeed.ldap.initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
-org.apache.jetspeed.ldap.ldapServerName=localhost
-org.apache.jetspeed.ldap.ldapServerPort=389
-org.apache.jetspeed.ldap.rootDn=cn=Directory Manager
-org.apache.jetspeed.ldap.rootPassword=adminmanager
-org.apache.jetspeed.ldap.rootContext=o\=sevenSeas
-
-# define the filters needed to search for roles/groups/users
-org.apache.jetspeed.ldap.RoleFilter=(&(objectclass=ldapsubentry) (objectclass=nsroledefinition))
-org.apache.jetspeed.ldap.GroupFilter=(objectclass=groupOfUniqueNames)
-org.apache.jetspeed.ldap.UserFilter=(&(objectclass=inetorgperson)(objectclass=organizationalPerson))
-
-
-org.apache.jetspeed.ldap.UserAuthenticationFiler=(&(uid=%u)(objectclass=inetorgperson))
-
-# define the way role membership occurs for users
-# if RoleMembershipAttributes is used, membership attr will be stored on role
-# if UserRoleMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.RoleMembershipAttributes=
-org.apache.jetspeed.ldap.UserRoleMembershipAttributes=nsroledn
-
-# define the way group membership occurs for users
-# if GroupMembershipAttributes is used, membership attr will be stored on group
-# if UserGroupMembershipAttributes is used, membership attr will be stored on user
-org.apache.jetspeed.ldap.GroupMembershipAttributes=uniqueMember
-org.apache.jetspeed.ldap.UserGroupMembershipAttributes=
-
-# define the way group membership occurs for roles 
-# if GroupMembershipForRoleAttributes is used, membership attr will be stored on group
-# if RoleGroupMembershipAttributes is used, membership attr will be stored on role
-org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes=uniqueMember
-org.apache.jetspeed.ldap.RoleGroupMembershipAttributes=
-
-# define the path to roles,groups and users
-# needs to be defined without the defaultsearchbase
-org.apache.jetspeed.ldap.RoleFilterBase=
-org.apache.jetspeed.ldap.GroupFilterBase=
-org.apache.jetspeed.ldap.UserFilterBase=ou\=People\,ou\=OrgUnit1
-
-org.apache.jetspeed.ldap.RoleObjectClasses=top\,ldapsubentry\,nsroledefinition\,nssimpleroledefinition\,nsmanagedroledefinition
-org.apache.jetspeed.ldap.GroupObjectClasses=top\,groupofuniquenames
-org.apache.jetspeed.ldap.UserObjectClasses=top\,person\,organizationalPerson\,inetorgperson
-
-# define the ID attribute used to search roles/groups/users
-org.apache.jetspeed.ldap.RoleIdAttribute=cn
-org.apache.jetspeed.ldap.GroupIdAttribute=cn
-org.apache.jetspeed.ldap.UserIdAttribute=uid
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-atz.xml	(working copy)
@@ -1,60 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->  
-  <!-- Security SPI: RoleSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.RoleSecurityHandler" 
-    	   class="org.apache.jetspeed.security.spi.impl.LdapRoleSecurityHandler">  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-  </bean>
-  
-  <!-- Security SPI: GroupSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.GroupSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapGroupSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>
-  </bean>
-
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl" 
-  	   class="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"
-  >  	
-  <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>   
-  </bean>
-  
-
-  
-  <!-- Security SPI: SecurityMappingHandler -->
-  <bean id="org.apache.jetspeed.security.spi.SecurityMappingHandler" 
-    	class="org.apache.jetspeed.security.spi.impl.LdapSecurityMappingHandler"
-  >	
-  	   <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg>   
-  	   <constructor-arg index="1"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapGroupDaoImpl"/></constructor-arg>   
-  	   <constructor-arg index="2"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapRoleDaoImpl"/></constructor-arg>
-
-  	   <!-- Default role hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  	   <!-- Default group hierarchy strategy is by generalization.  Add contructor-arg to change the strategy. -->
-  </bean>
-  
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap-atn.xml	(working copy)
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Security SPI Handlers ************** -->
-  <!-- Security SPI: LdapUserCredentialDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: LdapPrincipalDao -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao" 
-       class="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDaoImpl"
-  >       
-       <constructor-arg index="0"><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"/></constructor-arg>       
-  </bean>
-  
-  <!-- Security SPI: CredentialHandler -->
-  <bean id="org.apache.jetspeed.security.spi.CredentialHandler" 
-       class="org.apache.jetspeed.security.spi.impl.LdapCredentialHandler"
-  >       
-       <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDao"/></constructor-arg>    
-  </bean>
-  
-  <!-- Security SPI: UserSecurityHandler -->
-  <bean id="org.apache.jetspeed.security.spi.UserSecurityHandler" 
-  	   class="org.apache.jetspeed.security.spi.impl.LdapUserSecurityHandler"
-  >  	   
-  	   <constructor-arg ><ref bean="org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao"/></constructor-arg> 	   
-  </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/test/JETSPEED-INF/directory/config/sunds/security-spi-ldap.xml	(working copy)
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
-<!--
-Copyright 2004 The Apache Software Foundation
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-<beans>
-
-  <!-- ************** Ldap Configuration ************** -->
-  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
-      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
-      <!-- The LDAP initial context factory. -->
-      <constructor-arg index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
-      <!-- The LDAP server name. -->
-      <constructor-arg index="1"><value>localhost</value></constructor-arg>
-      <!-- The LDAP server port. -->
-      <constructor-arg index="2"><value>389</value></constructor-arg>
-      <!-- The LDAP server default dn suffix. -->
-      <constructor-arg index="3"><value></value></constructor-arg>
-      <!-- The LDAP server root context. -->
-      <constructor-arg index="4"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The LDAP server root dn. -->
-      <constructor-arg index="5"><value>cn=Directory Manager</value></constructor-arg>
-      <!-- The LDAP server root password. -->
-      <constructor-arg index="6"><value>adminmanager</value></constructor-arg>
-      <!-- The roles filter. -->
-      <constructor-arg index="7"><value>(&amp;(objectclass=ldapsubentry) (objectclass=nsroledefinition))</value></constructor-arg>
-      <!-- The groups filter. -->
-      <constructor-arg index="8"><value>(objectClass=groupOfUniqueNames)</value></constructor-arg>
-      <!-- The user filter. -->
-      <constructor-arg index="9"><value>(objectclass=inetorgperson)</value></constructor-arg>
-      <!-- The userAuthenticationFiler. -->
-      <constructor-arg index="10"><value>(&amp;(uid=%u)(objectclass=inetorgperson))</value></constructor-arg>
-      <!-- The roleMembershipAttributes. -->
-      <constructor-arg index="11"><value></value></constructor-arg>
-      <!-- The userRoleMembershipAttributes. -->
-      <constructor-arg index="12"><value>nsroledn</value></constructor-arg>
-      <!-- The groupMembershipAttributes. -->
-      <constructor-arg index="13"><value>uniqueMember</value></constructor-arg>
-      <!-- The userGroupMembershipAttributes. -->
-      <constructor-arg index="14"><value></value></constructor-arg>
-      <!-- The groupMembershipForRoleAttributes. -->
-      <constructor-arg index="15"><value>uniqueMember</value></constructor-arg>
-      <!-- The roleGroupMembershipForRoleAttributes. -->
-      <constructor-arg index="16"><value></value></constructor-arg>      
-           <!-- The defaultSearchBase. -->
-      <constructor-arg index="17"><value>o=sevenSeas</value></constructor-arg>
-      <!-- The roleFilterBase. -->
-      <constructor-arg index="18"><value></value></constructor-arg>
-      <!-- The groupFilterBase. -->
-      <constructor-arg index="19"><value></value></constructor-arg>
-      <!-- The userFilterBase. -->
-      <constructor-arg index="20"><value>ou=People,ou=OrgUnit1</value></constructor-arg>
-
-      <!-- The roleObjectClasses. -->
-      <constructor-arg index="21"><value>top,ldapsubentry,nsroledefinition,nssimpleroledefinition,nsmanagedroledefinition</value></constructor-arg>
-      <!-- The groupObjectClasses. -->
-      <constructor-arg index="22"><value>top,groupofuniquenames</value></constructor-arg>
-      <!-- The userObjectClasses. -->
-      <constructor-arg index="23"><value>top,person,organizationalPerson,inetorgperson</value></constructor-arg>
-
-
-      <!-- The roleIdAttribute. -->
-      <constructor-arg index="24"><value>cn</value></constructor-arg>
-      <!-- The groupIdAttribute. -->
-      <constructor-arg index="25"><value>cn</value></constructor-arg>
-	  <!-- The userIdAttribute. -->
-      <constructor-arg index="26"><value>uid</value></constructor-arg>
-      
-  </bean>
-
-</beans>
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserCredentialDaoImpl.java	(working copy)
@@ -29,8 +29,10 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.jetspeed.i18n.KeyedMessage;
 import org.apache.jetspeed.security.SecurityException;
 
 /**
@@ -43,7 +45,6 @@
     private static final Log logger = LogFactory.getLog(LdapUserCredentialDaoImpl.class);
 
     /** The password attribute. */ 
-    private static final String PASSWORD_ATTR_NAME = "userPassword";
     
     /**
      * <p>
@@ -80,7 +81,9 @@
     {
         validateUid(uid);
         validatePassword(password);
+        logger.debug("changePassword for " + uid + " with " + password);
         String userDn = lookupByUid(uid);
+        logger.debug("userDn = " + userDn);
         try
         {
             setPassword(userDn, password);
@@ -110,12 +113,25 @@
         try
         {
 			Hashtable env = this.ctx.getEnvironment();
-			String savedPassword = String.valueOf(getPassword(uid));
+			//String savedPassword = String.valueOf(getPassword(uid));
 			String oldCredential = (String)env.get(Context.SECURITY_CREDENTIALS);
 			String oldUsername = (String)env.get(Context.SECURITY_PRINCIPAL);
-			env.put(Context.SECURITY_PRINCIPAL,"uid=" + uid + "," + getUserFilterBase() + "," + getRootContext());
+			
+			
+			String principal = getEntryPrefix() + "=" + uid;
+			
+			if (!StringUtils.isEmpty(getUserFilterBase()))
+				principal+="," + getUserFilterBase();
+			if (!StringUtils.isEmpty(getRootContext()))
+				principal+="," + getRootContext();
+			
+			if (lookupByUid(uid)==null)
+				throw new SecurityException(new KeyedMessage("User " + uid + " not found"));
+			
+			
+			env.put(Context.SECURITY_PRINCIPAL,principal);
 			env.put(Context.SECURITY_CREDENTIALS,password);
-			InitialContext ctx = new InitialContext(env);
+			new InitialContext(env);
 			env.put(Context.SECURITY_PRINCIPAL,oldUsername);
 			env.put(Context.SECURITY_CREDENTIALS,oldCredential);
 			return true;
@@ -160,10 +176,14 @@
      */
     private void setPassword(final String userDn, final String password) throws NamingException
     {
+    	logger.debug("setPassword userDn = " + userDn);
         String rdn = getSubcontextName(userDn);
+        if (!StringUtils.isEmpty(getUserFilterBase()))
+        	rdn+="," + getUserFilterBase();
+        logger.debug("setPassword rdn = " + rdn);
         Attributes attrs = new BasicAttributes(false);
 
-        attrs.put("userPassword", password);
+        attrs.put(getUserPasswordAttribute(), password);
         ctx.modifyAttributes(rdn, DirContext.REPLACE_ATTRIBUTE, attrs);
     }
 
@@ -179,14 +199,14 @@
      */
     private char[] getPassword(final NamingEnumeration results, final String uid) throws NamingException
     {
-        if (!results.hasMore())
+    	if (!results.hasMore())
         {
             throw new NamingException("Could not find any user with uid[" + uid + "]");
         }
 
         Attributes userAttributes = getFirstUser(results);
 
-        char[] rawPassword = convertRawPassword(getAttribute(PASSWORD_ATTR_NAME, userAttributes));
+        char[] rawPassword = convertRawPassword(getAttribute(getUserPasswordAttribute(), userAttributes));
         return rawPassword;
     }
 
@@ -264,20 +284,8 @@
         return answer;
     }
 
-    /**
-     * <p>
-     * A template method that returns the LDAP object class of the concrete DAO.
-     * </p>
-     * 
-     * @return A String containing the LDAP object class name.
-     */
-    protected String getObjectClass()
-    {
-        return "jetspeed-2-user";
-    }
-
 	protected String getEntryPrefix() {
-		return "uid";
+		return this.getUserIdAttribute();
 	}
 	
 	protected String getSearchSuffix() {
@@ -291,5 +299,9 @@
 	protected String[] getObjectClasses() {
 		return this.getUserObjectClasses();
 	}
+
+	protected String[] getAttributes() {
+		return this.getUserAttributes();
+	}
 	
 }
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapBindingConfig.java	(working copy)
@@ -40,17 +40,11 @@
     private String rootPassword;
     private String rootContext;
     
-    private String defaultDnSuffix;
-    
     private PropertiesConfiguration props = null;
 
-	private String roleFilter;
 	private String groupFilter;
 	private String userFilter;
 
-	private String userAuthenticationFiler;
-	
-	private String roleMembershipAttributes;
 	private String userRoleMembershipAttributes;
 
 	private String groupMembershipAttributes;
@@ -58,23 +52,42 @@
 
 	private String defaultSearchBase;
 
-	private String roleFilterBase;
 	private String groupFilterBase;
 	private String userFilterBase;
 	
-	private String roleIdAttribute;
 	private String groupIdAttribute;
 	private String userIdAttribute;
+	
+	private String uidAttribute;
+	private String memberShipSearchScope;
 
-	private String[] roleObjectClasses;
-
 	private String[] groupObjectClasses;
 
 	private String[] userObjectClasses;
 
+	private String groupMembershipForRoleAttributes;
+
+	private String groupUidAttribute;
+	private String userUidAttribute;	
+	
+	private String[] groupAttributes;
+	private String[] userAttributes;	
+		
+	private String groupObjectRequiredAttributeClasses;
+	
+	private String[] roleObjectClasses;
 	private String roleGroupMembershipForRoleAttributes;
+	private String[] roleAttributes;
+	private String roleObjectRequiredAttributeClasses;
+	private String roleFilter;
+	private String roleFilterBase;
+	private String roleIdAttribute;
+	private String roleUidAttribute;
+	private String roleMembershipAttributes;
+	
+	private String userPasswordAttribute;
 
-	private String groupMembershipForRoleAttributes;	
+	private String[] knownAttributes;
 
     /**
      * @param factory The initial context factory.
@@ -90,14 +103,12 @@
     public LdapBindingConfig(String factory, 
     		String name, 
     		String port, 
-    		String suffix, 
     		String context, 
     		String dn,
             String password, 
             String roleFilter,
     		String groupFilter,
     		String userFilter,
-			String userAuthenticationFiler,
 			String roleMembershipAttributes,
 			String userRoleMembershipAttributes,
 			String groupMembershipAttributes,
@@ -113,14 +124,25 @@
 			String userObjectClasses,			
 			String roleIdAttribute,
 			String groupIdAttribute,
-			String userIdAttribute)    
+			String userIdAttribute,
+			String uidAttribute,
+			String memberShipSearchScope,
+			String roleUidAttribute,
+			String groupUidAttribute,
+			String userUidAttribute,
+			String roleObjectRequiredAttributeClasses,
+			String groupObjectRequiredAttributeClasses,
+			String userAttributes,
+			String roleAttributes,
+			String groupAttributes,
+			String userPasswordAttribute,
+			String knownAttributes)    
     {
         try
         {
             initialContextFactory = factory;
             ldapServerName = name;
             ldapServerPort = port;
-            defaultDnSuffix = suffix;
             rootContext = context;
             rootDn = dn;
             rootPassword = password;
@@ -128,7 +150,6 @@
             this.roleFilter=roleFilter;
     		this.groupFilter=groupFilter;
     		this.userFilter=userFilter;
-    		this.userAuthenticationFiler=userAuthenticationFiler;
 			
     		this.roleMembershipAttributes=roleMembershipAttributes;
 			this.userRoleMembershipAttributes=userRoleMembershipAttributes;
@@ -153,6 +174,26 @@
     		this.groupIdAttribute=groupIdAttribute;
     		this.userIdAttribute=userIdAttribute;
     		
+    		this.uidAttribute = uidAttribute;
+    		this.memberShipSearchScope=memberShipSearchScope;
+    		
+
+    		this.roleUidAttribute=roleUidAttribute;
+    		this.groupUidAttribute=groupUidAttribute;
+    		this.userUidAttribute=userUidAttribute;	    		
+    		
+    		this.roleObjectRequiredAttributeClasses=roleObjectRequiredAttributeClasses;
+    		this.groupObjectRequiredAttributeClasses=groupObjectRequiredAttributeClasses;
+    		
+    		this.roleAttributes=StringUtils.split(roleAttributes,",");
+    		this.groupAttributes = StringUtils.split(groupAttributes,",");
+    		this.userAttributes = StringUtils.split(userAttributes,",");
+    		
+    		this.userPasswordAttribute = userPasswordAttribute;
+    		
+    		this.knownAttributes =  StringUtils.split(knownAttributes,",");
+    		
+    		
             new InitLdapSchema(this);
         }
         catch (SecurityException se)
@@ -175,11 +216,10 @@
     {
         try
         {
-            props = new PropertiesConfiguration("JETSPEED-INF/ldap/" + ldapType + "/ldap.properties");
+            props = new PropertiesConfiguration("JETSPEED-INF/directory/config/" + ldapType + "/ldap.properties");
             initialContextFactory = props.getString("org.apache.jetspeed.ldap.initialContextFactory");
             ldapServerName = props.getString("org.apache.jetspeed.ldap.ldapServerName");
             ldapServerPort = props.getString("org.apache.jetspeed.ldap.ldapServerPort");
-            defaultDnSuffix = props.getString("org.apache.jetspeed.ldap.defaultDnSuffix");
             rootContext = props.getString("org.apache.jetspeed.ldap.rootContext");
             rootDn = props.getString("org.apache.jetspeed.ldap.rootDn");
             rootPassword = props.getString("org.apache.jetspeed.ldap.rootPassword");
@@ -188,8 +228,6 @@
             groupFilter=props.getString("org.apache.jetspeed.ldap.GroupFilter");
             userFilter=props.getString("org.apache.jetspeed.ldap.UserFilter");
 
-            userAuthenticationFiler=props.getString("org.apache.jetspeed.ldap.UserAuthenticationFiler");
-
             roleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.RoleMembershipAttributes");
             userRoleMembershipAttributes=props.getString("org.apache.jetspeed.ldap.UserRoleMembershipAttributes");
 
@@ -199,6 +237,7 @@
             groupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.GroupMembershipForRoleAttributes");
             roleGroupMembershipForRoleAttributes=props.getString("org.apache.jetspeed.ldap.RoleGroupMembershipForRoleAttributes");
 
+            
             defaultSearchBase=props.getString("org.apache.jetspeed.ldap.DefaultSearchBase");
             
             roleFilterBase=props.getString("org.apache.jetspeed.ldap.RoleFilterBase");
@@ -213,6 +252,23 @@
             groupIdAttribute=props.getString("org.apache.jetspeed.ldap.GroupIdAttribute");
             userIdAttribute=props.getString("org.apache.jetspeed.ldap.UserIdAttribute");
 
+            uidAttribute =props.getString("org.apache.jetspeed.ldap.UidAttribute");
+            memberShipSearchScope = props.getString("org.apache.jetspeed.ldap.MemberShipSearchScope");
+            
+    		this.roleUidAttribute=props.getString("org.apache.jetspeed.ldap.roleUidAttribute");
+    		this.groupUidAttribute=props.getString("org.apache.jetspeed.ldap.groupUidAttribute");
+    		this.userUidAttribute=props.getString("org.apache.jetspeed.ldap.userUidAttribute");
+
+    		this.roleObjectRequiredAttributeClasses=props.getString("org.apache.jetspeed.ldap.roleObjectRequiredAttributeClasses");
+    		this.groupObjectRequiredAttributeClasses=props.getString("org.apache.jetspeed.ldap.groupObjectRequiredAttributeClasses");
+
+			this.roleAttributes=StringUtils.split(props.getString("org.apache.jetspeed.ldap.roleAttributes"),",");
+			this.groupAttributes=StringUtils.split(props.getString("org.apache.jetspeed.ldap.groupAttributes"),",");
+			this.userAttributes=StringUtils.split(props.getString("org.apache.jetspeed.ldap.userAttributes"),",");
+			this.userPasswordAttribute=props.getString("org.apache.jetspeed.ldap.userPasswordAttribute");
+			
+			this.knownAttributes=StringUtils.split(props.getString("org.apache.jetspeed.ldap.knownAttributes"),",");
+			
             new InitLdapSchema(this);
         }
         catch (ConfigurationException ce)
@@ -230,21 +286,6 @@
     }
 
     /**
-     * @return Returns the defaultDnSuffix.
-     */
-    public String getDefaultDnSuffix()
-    {
-        return defaultDnSuffix;
-    }
-
-    /**
-     * @param defaultDnSuffix The defaultDnSuffix to set.
-     */
-    public void setDefaultDnSuffix(String defaultDnSuffix)
-    {
-        this.defaultDnSuffix = defaultDnSuffix;
-    }
-    /**
      * @return Returns the initialContextFactory.
      */
     public String getInitialContextFactory()
@@ -340,38 +381,6 @@
         this.rootPassword = rootPassword;
     }
 
-	public String getRoleFilter() {
-		return roleFilter;
-	}
-
-	public void setRoleFilter(String roleFilter) {
-		this.roleFilter = roleFilter;
-	}
-
-	public String getRoleFilterBase() {
-		return roleFilterBase;
-	}
-
-	public void setRoleFilterBase(String roleFilterBase) {
-		this.roleFilterBase = roleFilterBase;
-	}
-
-	public String getRoleMembershipAttributes() {
-		return roleMembershipAttributes;
-	}
-
-	public void setRoleMembershipAttributes(String roleMembershipAttributes) {
-		this.roleMembershipAttributes = roleMembershipAttributes;
-	}
-
-	public String getUserAuthenticationFiler() {
-		return userAuthenticationFiler;
-	}
-
-	public void setUserAuthenticationFiler(String userAuthenticationFiler) {
-		this.userAuthenticationFiler = userAuthenticationFiler;
-	}
-
 	public String getUserFilter() {
 		return userFilter;
 	}
@@ -445,14 +454,7 @@
 		this.groupIdAttribute = groupIdAttribute;
 	}
 
-	public String getRoleIdAttribute() {
-		return roleIdAttribute;
-	}
 
-	public void setRoleIdAttribute(String roleIdAttribute) {
-		this.roleIdAttribute = roleIdAttribute;
-	}
-
 	public String getUserIdAttribute() {
 		return userIdAttribute;
 	}
@@ -469,13 +471,7 @@
 		this.groupObjectClasses = groupObjectClasses;
 	}
 
-	public String[] getRoleObjectClasses() {
-		return roleObjectClasses;
-	}
 
-	public void setRoleObjectClasses(String[] roleObjectClasses) {
-		this.roleObjectClasses = roleObjectClasses;
-	}
 
 	public String[] getUserObjectClasses() {
 		return userObjectClasses;
@@ -485,20 +481,165 @@
 		this.userObjectClasses = userObjectClasses;
 	}
 
-	public String getRoleGroupMembershipForRoleAttributes() {
-		return this.roleGroupMembershipForRoleAttributes;
-	}
 
 	public String getGroupMembershipForRoleAttributes() {
 		return this.groupMembershipForRoleAttributes;
 	}
 	
+
+
+	public void setGroupMembershipForRoleAttributes(String groupMembershipForRoleAttributes) {
+		this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+	}
+
+	public String getUidAttribute() {
+		return uidAttribute;
+	}
+
+	public void setUidAttribute(String uidAttribute) {
+		this.uidAttribute = uidAttribute;
+	}
+
+	public String getMemberShipSearchScope() {
+		return memberShipSearchScope;
+	}
+
+	public void setMemberShipSearchScope(String memberShipSearchScope) {
+		this.memberShipSearchScope = memberShipSearchScope;
+	}
+
+	public String getGroupUidAttribute() {
+		return this.groupUidAttribute;
+	}
+
+	public void setGroupUidAttribute(String groupUidAttribute) {
+		this.groupUidAttribute = groupUidAttribute;
+	}
+
+	public String getUserUidAttribute() {
+		return this.userUidAttribute;
+	}		
+	
+	public void setUserUidAttribute(String userUidAttribute) {
+		this.userUidAttribute = userUidAttribute;
+	}
+
+	public String getGroupObjectRequiredAttributeClasses() {
+		return groupObjectRequiredAttributeClasses;
+	}
+
+	public void setGroupObjectRequiredAttributeClasses(
+			String groupObjectRequiredAttributeClasses) {
+		this.groupObjectRequiredAttributeClasses = groupObjectRequiredAttributeClasses;
+	}
+
+
+
+	public String[] getGroupAttributes() {
+		return groupAttributes;
+	}
+
+	public void setGroupAttributes(String[] groupAttributes) {
+		this.groupAttributes = groupAttributes;
+	}
+
+	public String[] getUserAttributes() {
+		return userAttributes;
+	}
+
+	public void setUserAttributes(String[] userAttributes) {
+		this.userAttributes = userAttributes;
+	}	
+	
+	public String getRoleObjectRequiredAttributeClasses() {
+		return roleObjectRequiredAttributeClasses;
+	}
+
+	public void setRoleObjectRequiredAttributeClasses(
+			String roleObjectRequiredAttributeClasses) {
+		this.roleObjectRequiredAttributeClasses = roleObjectRequiredAttributeClasses;
+	}
+	
+	public String[] getRoleAttributes() {
+		return roleAttributes;
+	}
+
+	public void setRoleAttributes(String[] roleAttributes) {
+		this.roleAttributes = roleAttributes;
+	}
+	
+	public String[] getRoleObjectClasses() {
+		return roleObjectClasses;
+	}
+
+	public void setRoleObjectClasses(String[] roleObjectClasses) {
+		this.roleObjectClasses = roleObjectClasses;
+	}
+	
+
+	public String getRoleGroupMembershipForRoleAttributes() {
+		return this.roleGroupMembershipForRoleAttributes;
+	}
+	
 	public void setRoleGroupMembershipForRoleAttributes(String roleGroupMembershipForRoleAttributes) {
 		this.roleGroupMembershipForRoleAttributes=roleGroupMembershipForRoleAttributes;
 	}
 
-	public void setGroupMembershipForRoleAttributes(String groupMembershipForRoleAttributes) {
-		this.groupMembershipForRoleAttributes=groupMembershipForRoleAttributes;
+	public String getRoleFilter() {
+		return roleFilter;
+	}
+
+	public void setRoleFilter(String roleFilter) {
+		this.roleFilter = roleFilter;
+	}
+
+	public String getRoleFilterBase() {
+		return roleFilterBase;
+	}
+
+	public void setRoleFilterBase(String roleFilterBase) {
+		this.roleFilterBase = roleFilterBase;
+	}
+
+	public String getRoleMembershipAttributes() {
+		return roleMembershipAttributes;
+	}
+
+	public void setRoleMembershipAttributes(String roleMembershipAttributes) {
+		this.roleMembershipAttributes = roleMembershipAttributes;
+	}
+
+	public String getRoleUidAttribute() {
+		return this.roleUidAttribute;
+	}
+
+	public void setRoleUidAttribute(String roleUidAttribute) {
+		this.roleUidAttribute = roleUidAttribute;
+	}
+	
+
+	public String getRoleIdAttribute() {
+		return roleIdAttribute;
+	}
+
+	public void setRoleIdAttribute(String roleIdAttribute) {
+		this.roleIdAttribute = roleIdAttribute;
+	}
+
+	public String getUserPasswordAttribute() {
+		return userPasswordAttribute;
+	}
+
+	public void setUserPasswordAttribute(String userPasswordAttribute) {
+		this.userPasswordAttribute = userPasswordAttribute;
+	}
+
+	public String[] getKnownAttributes() {
+		return this.knownAttributes;
 	}	
 	
+	public void setKnownAttributes(String[] knownAttributes) {
+		this.knownAttributes = knownAttributes;
+	}	
+	
 }
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapMemberShipDaoImpl.java	(working copy)
@@ -6,7 +6,6 @@
 import java.util.Iterator;
 import java.util.List;
 
-import javax.naming.Name;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -16,10 +15,8 @@
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-import javax.naming.ldap.LdapName;
-*/
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.SecurityException;
@@ -28,6 +25,9 @@
 
 public class LdapMemberShipDaoImpl extends LdapPrincipalDaoImpl implements LdapMembershipDao {
 
+	/** The logger. */
+	private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
+
 	public LdapMemberShipDaoImpl() throws SecurityException {
 		super();
 	}
@@ -36,35 +36,28 @@
 		super(config);
 	}	
 
-	/** The logger. */
-    private static final Log logger = LogFactory.getLog(LdapMemberShipDaoImpl.class);
-
 	/* (non-Javadoc)
 	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchGroupMemberShipByGroup(java.lang.String, javax.naming.directory.SearchControls)
 	 */
 	public String[] searchGroupMemberShipByGroup(final String userPrincipalUid, SearchControls cons) throws NamingException {
-		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
-		String query = "(&(" + getGroupMembershipAttribute() + "=" + subfilter + ")" + getGroupFilter()  + ")";
 		
+		String query = "(&(" + getGroupMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getGroupFilter()  + ")";
+		
 	    if (logger.isDebugEnabled())
 	    {
 	        logger.debug("query[" + query + "]");
 	    }
+	    
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(getGroupFilterBase(),query , cons);	    
 
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-        Name name = new LdapName(getGroupFilterBase());
-	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
-*/
 	   List groupPrincipalUids = new ArrayList();
-/*       
 	    while (searchResults.hasMore())
 	    {
 	        SearchResult result = (SearchResult) searchResults.next();
 	        Attributes answer = result.getAttributes();
-	
 	        groupPrincipalUids.addAll(getAttributes(getAttribute(getGroupIdAttribute(), answer)));
 	    }
-*/        
 	    return (String[]) groupPrincipalUids.toArray(new String[groupPrincipalUids.size()]);
 	
 	}
@@ -79,39 +72,45 @@
 	    {
 	        throw new NamingException("Could not find any user with uid[" + userPrincipalUid + "]");
 	    }
-	
-	    Attributes userAttributes = getFirstUser(searchResults);
-	    List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes));
-	    return (String[]) uids.toArray(new String[uids.size()]);
+	    
+		Attributes userAttributes = getFirstUser(searchResults);
+		List groupUids = new ArrayList();
+		Attribute attr = getAttribute(getUserGroupMembershipAttribute(), userAttributes);
+		 List attrs = getAttributes(attr);
+		        Iterator it = attrs.iterator();
+		        while(it.hasNext()) {
+		        	String cnfull = (String)it.next();
+		        	if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) {
+			        	String cn = extractLdapAttr(cnfull,getRoleUidAttribute());
+			        	groupUids.add(cn);
+		        	}
+		        }
+	    //List uids = getAttributes(getAttribute(getUserGroupMembershipAttribute(), userAttributes),getGroupFilterBase());
+	    return (String[]) groupUids.toArray(new String[groupUids.size()]);
 	}
 
 	/* (non-Javadoc)
 	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchRoleMemberShipByRole(java.lang.String, javax.naming.directory.SearchControls)
 	 */
 	public String[] searchRoleMemberShipByRole(final String userPrincipalUid, SearchControls cons) throws NamingException {
-		String subfilter = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext(); 
-		String query = "(&(" + getRoleMembershipAttribute() + "=" + subfilter + ")" + getRoleFilter()  + ")";
+
+		String query = "(&(" + getRoleMembershipAttribute() + "=" + getUserDN(userPrincipalUid) + ")" + getRoleFilter()  + ")";
 		
 	    if (logger.isDebugEnabled())
 	    {
 	        logger.debug("query[" + query + "]");
 	    }
 
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-	    Name name = new LdapName(getRoleFilterBase()) ;
-	    NamingEnumeration searchResults = ((DirContext) ctx).search(name,query , cons);
-*/	
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration searchResults = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);
 	    List rolePrincipalUids = new ArrayList();
-/*        
 	     while (searchResults.hasMore())
 	     {
 	    	 
 	         SearchResult result = (SearchResult) searchResults.next();
 	         Attributes answer = result.getAttributes();
-	
 	         rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
 	     }
-*/         
 	     return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
 	}
 
@@ -134,37 +133,14 @@
 		        Iterator it = attrs.iterator();
 		        while(it.hasNext()) {
 		        	String cnfull = (String)it.next();
-		        	String cn = extractCn(cnfull);
-		        	newAttrs.add(cn);
+		        	if(cnfull.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1) {
+			        	String cn = extractLdapAttr(cnfull,getRoleUidAttribute());
+			        	newAttrs.add(cn);
+		        	}
 		        }
-		//List uids = getAttributes(attr);
 		return (String[]) newAttrs.toArray(new String[newAttrs.size()]);
 	}
 
-//	/**
-//	 * <p>
-//	 * Search user by group.
-//	 * </p>
-//	 * 
-//	 * @param groupPrincipalUid
-//	 * @param cons
-//	 * @return
-//	 * @throws NamingException A {@link NamingException}.
-//	 */
-//	private NamingEnumeration searchRolesByGroup(final String rolePrincipalUid, SearchControls cons)
-//	        throws NamingException
-//	{
-//	    String query = "(&(cn=" + (rolePrincipalUid) + ")" + getRoleFilter() + ")";
-//	
-//	    if (logger.isDebugEnabled())
-//	    {
-//	        logger.debug("query[" + query + "]");
-//	    }
-//	    NamingEnumeration searchResults = ((DirContext) ctx).search("",query , cons);
-//	
-//	    return searchResults;
-//	}
-
 	/* (non-Javadoc)
 	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromGroupByGroup(java.lang.String, javax.naming.directory.SearchControls)
 	 */
@@ -181,7 +157,8 @@
 	    
 	    ArrayList userPrincipalUids=new ArrayList();
 	    
-	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getGroupFilterBase(),query , cons);	    
 		
 	    while (results.hasMore())
 	    {
@@ -195,9 +172,12 @@
 	        Iterator it = attrs.iterator();
 	        while(it.hasNext()) {
 	        	String uidfull = (String)it.next();
-	        	String uid = extractUid(uidfull);
-	        	if (uidfull.indexOf(getUserFilterBase())!=-1)
-	        		newAttrs.add(uid);
+	        	if (!StringUtils.isEmpty(uidfull)) {
+		        	if (uidfull.toLowerCase().indexOf(getUserFilterBase().toLowerCase())!=-1) {
+			        	String uid = extractLdapAttr(uidfull,getUserIdAttribute());
+		        		newAttrs.add(uid);
+		        	}
+	        	}
 	        }
 	        userPrincipalUids.addAll(newAttrs);
 	    }
@@ -211,24 +191,22 @@
 	        throws NamingException
 	{
 		
-		String subfilter = getGroupIdAttribute() + "=" 	+  getGroupFilterBase(); 
-	    if (getGroupFilterBase()!=null && !getGroupFilterBase().equals("")) subfilter+="," + getGroupFilterBase();
-	    subfilter+="," + getRootContext();
-		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+		String query = "(&(" + getUserGroupMembershipAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getUserFilter() + ")";
 	    if (logger.isDebugEnabled())
 	    {
 	        logger.debug("query[" + query + "]");
 	    }
-	    NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-	
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);	    
+
 	    ArrayList userPrincipalUids = new ArrayList();
 	    
 	    while (results.hasMore())
 	    {
 	        SearchResult result = (SearchResult) results.next();
 	        Attributes answer = result.getAttributes();
-	
-	        userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+	        userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer)));
 	    }
 	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
 	}
@@ -236,8 +214,7 @@
 	public String[] searchRolesFromGroupByGroup(final String groupPrincipalUid,
 			SearchControls cons) throws NamingException {
 
-		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter()
-				+ ")";
+		String query = "(&(" + getGroupIdAttribute() + "=" + (groupPrincipalUid) + ")" + getGroupFilter() + ")";
 
 		if (logger.isDebugEnabled()) {
 			logger.debug("query[" + query + "]");
@@ -245,28 +222,26 @@
 
 		ArrayList rolePrincipalUids = new ArrayList();
 
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getGroupFilterBase(),query , cons);	    
 
 		while (results.hasMore()) {
 			SearchResult result = (SearchResult) results.next();
 			Attributes answer = result.getAttributes();
 
-			List newAttrs = new ArrayList();
-
-			Attribute userPrincipalUid = getAttribute(
-					getGroupMembershipForRoleAttribute(), answer);
-			List attrs = getAttributes(userPrincipalUid);
-			Iterator it = attrs.iterator();
+			Attribute rolesFromGroup = getAttribute(getGroupMembershipForRoleAttribute(), answer);
+			List roleDNs = getAttributes(rolesFromGroup,getRoleFilterBase());
+			Iterator it = roleDNs.iterator();
 			while (it.hasNext()) {
-				String uidfull = (String) it.next();
-				String uid = extractUid(uidfull);
-				if (uidfull.indexOf(getRoleFilterBase())!=-1)
-					newAttrs.add(uid);
+				String roleDN = (String) it.next();
+				if (!StringUtils.isEmpty(roleDN)) {
+					String roleId = extractLdapAttr(roleDN,getRoleUidAttribute());
+					if (roleId!=null && roleDN.toLowerCase().indexOf(getRoleFilterBase().toLowerCase())!=-1)
+						rolePrincipalUids.add(roleId);
+				}
 			}
-			rolePrincipalUids.addAll(newAttrs);
 		}
-		return (String[]) rolePrincipalUids
-				.toArray(new String[rolePrincipalUids.size()]);
+		return (String[]) rolePrincipalUids.toArray(new String[rolePrincipalUids.size()]);
 	}
 
 	/*
@@ -278,29 +253,27 @@
 	public String[] searchRolesFromGroupByRole(final String groupPrincipalUid,
 			SearchControls cons) throws NamingException {
 
-		String subfilter = getGroupIdAttribute() + "=" + groupPrincipalUid;
-		if (getGroupFilterBase() != null && !getGroupFilterBase().equals(""))
-			subfilter += "," + getGroupFilterBase() + "," + getRootContext();
-		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "="
-				+ subfilter + ")" + getUserFilter() + ")";
+		String query = "(&(" + getRoleGroupMembershipForRoleAttribute() + "=" + getGroupDN(groupPrincipalUid) + ")" + getRoleFilter() + ")";
+		
 		if (logger.isDebugEnabled()) {
 			logger.debug("query[" + query + "]");
 		}
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
+		
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);	    
 
-		ArrayList userPrincipalUids = new ArrayList();
+		ArrayList rolePrincipalUids = new ArrayList();
 
 		while (results.hasMore()) {
 			SearchResult result = (SearchResult) results.next();
 			Attributes answer = result.getAttributes();
-
-			userPrincipalUids
-					.addAll(getAttributes(getAttribute("uid", answer)));
+			rolePrincipalUids.addAll(getAttributes(getAttribute(getRoleIdAttribute(), answer)));
 		}
-		return (String[]) userPrincipalUids
-				.toArray(new String[userPrincipalUids.size()]);
-	}	
+		return (String[]) rolePrincipalUids
+				.toArray(new String[rolePrincipalUids.size()]);
+	}
 
+
 	/* (non-Javadoc)
 	 * @see org.apache.jetspeed.security.spi.impl.ldap.LdapMembershipDao#searchUsersFromRoleByRole(java.lang.String, javax.naming.directory.SearchControls)
 	 */
@@ -316,30 +289,25 @@
 	    }
 	    
 	    ArrayList userPrincipalUids=new ArrayList();
-	    
-	    NamingEnumeration results = ((DirContext) ctx).search("",query , cons);
+
+	    cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getRoleFilterBase(),query , cons);	    
 		
 	    while (results.hasMore())
 	    {
 	        SearchResult result = (SearchResult) results.next();
 	        Attributes answer = result.getAttributes();
 	        
-	        //List cUserPrincipalUid = getAttributes(getAttribute(getRoleMembershipAttribute(), answer));
-	        //TODO: better implementtion
-	        List newAttrs = new ArrayList();
-	        
 	        Attribute userPrincipalUid = getAttribute(getRoleMembershipAttribute(), answer);
 	        List attrs = getAttributes(userPrincipalUid);
 	        Iterator it = attrs.iterator();
 	        while(it.hasNext()) {
 	        	String uidfull = (String)it.next();
-	        	String uid = extractUid(uidfull);
-	        	newAttrs.add(uid);
+	        	if (!StringUtils.isEmpty(uidfull)) {	        	
+		        	String uid = extractLdapAttr(uidfull,getUserIdAttribute());
+		        	userPrincipalUids.add(uid);
+	        	}
 	        }
-	        userPrincipalUids.addAll(newAttrs);
-
-	        
-	        //userPrincipalUids.addAll(cUserPrincipalUid);
 	    }
 	    return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
 	}
@@ -351,29 +319,25 @@
 	throws NamingException
 	{
 	
-		//TODO: rename params / vars !!!
-		String subfilter = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-		if (getRoleFilterBase()!=null && !getRoleFilterBase().equals("")) subfilter+="," + getRoleFilterBase();
-		subfilter+="," + getRootContext();
-		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + subfilter + ")" + getUserFilter() + ")";
+		String query = "(&(" + getUserRoleMembershipAttribute() + "=" + getRoleDN(rolePrincipalUid) + ")" + getUserFilter() + ")";
 		if (logger.isDebugEnabled())
 		{
 		    logger.debug("query[" + query + "]");
 		}
-		NamingEnumeration results = ((DirContext) ctx).search("", query, cons);
-		
+	    
+		cons.setSearchScope(getSearchScope());
+	    NamingEnumeration results = ((DirContext) ctx).search(getUserFilterBase(),query , cons);	    
+
 		ArrayList userPrincipalUids = new ArrayList();
 		
 		while (results.hasMore())
 		{
 		    SearchResult result = (SearchResult) results.next();
 		    Attributes answer = result.getAttributes();
-		
-		    userPrincipalUids.addAll(getAttributes(getAttribute("uid", answer)));
+		    userPrincipalUids.addAll(getAttributes(getAttribute(getUserIdAttribute(), answer)));
 		}
 		return (String[]) userPrincipalUids.toArray(new String[userPrincipalUids.size()]);
 	}
-	
 
     /**
      * @param attr
@@ -382,13 +346,27 @@
      */
     protected List getAttributes(Attribute attr) throws NamingException
     {
+    	return getAttributes(attr, null);
+    }
+    /**
+     * @param attr
+     * @return
+     * @throws NamingException
+     */
+    protected List getAttributes(Attribute attr,String filter) throws NamingException
+    {
         List uids = new ArrayList();
         if (attr != null)
         {
             Enumeration groupUidEnum = attr.getAll();
             while (groupUidEnum.hasMoreElements())
             {
-                uids.add(groupUidEnum.nextElement());
+            	String groupDN = (String)groupUidEnum.nextElement();
+            	if (filter==null) {
+            		uids.add(groupDN);
+            	} else if (filter!=null && groupDN.toLowerCase().indexOf(filter.toLowerCase())!=-1) {
+            		uids.add(groupDN);
+            	}
             }
         }
         return uids;
@@ -407,13 +385,7 @@
         return answer;
     }
     
-	protected String getEntryPrefix() {
-		return "uid";
-	}
 
-	protected String getSearchSuffix() {
-		return this.getUserFilter();
-	}
 
 	/**
 	 * <p>
@@ -440,12 +412,12 @@
 	}
 
 	/**
-	     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-	     */
-	    protected String getDnSuffix()
-	    {
-	        return this.getUserFilterBase();
-	    }
+     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
+     */
+    protected String getDnSuffix()
+    {
+        return this.getUserFilterBase();
+    }
 
 	/**
 	 * <p>
@@ -460,21 +432,36 @@
 	    return new UserPrincipalImpl(principalUid);
 	}    
 	
-	private String extractUid(String ldapName) {
-		if (ldapName.indexOf(",")!=-1)
-			return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.indexOf(","));
-		return ldapName.substring(ldapName.indexOf("uid=")+4,ldapName.length());
+	private String extractLdapAttr(String dn,String ldapAttrName) {
+
+		String dnLowerCase = dn.toLowerCase();
+		String ldapAttrNameLowerCase = ldapAttrName.toLowerCase();
+		
+		if (dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")==-1)
+			return null;
+		
+		if (dn.indexOf(",")!=-1 && dnLowerCase.indexOf(ldapAttrNameLowerCase + "=")!=-1)
+			return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.indexOf(","));
+		return dn.substring(dnLowerCase.indexOf(ldapAttrNameLowerCase)+ldapAttrName.length()+1,dn.length());
 	}
-	
-	private String extractCn(String ldapName) {
-		if (ldapName.indexOf(",")!=-1)
-			return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.indexOf(","));
-		return ldapName.substring(ldapName.indexOf("cn=")+3,ldapName.length());
-	}
-	
+
 	protected String[] getObjectClasses() {
 		return this.getUserObjectClasses();
 	}
 	
-	
+	protected String getUidAttributeForPrincipal() {
+		return this.getUserUidAttribute();
+	}
+
+	protected String[] getAttributes() {
+		return getUserAttributes();
+	}
+
+	protected String getEntryPrefix() {
+		return "uid";
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}	
 }
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapGroupDaoImpl.java	(working copy)
@@ -21,6 +21,7 @@
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
 
@@ -77,6 +78,11 @@
         	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
         attrs.put(getEntryPrefix(), principalUid);
+        if(!StringUtils.isEmpty(getGroupObjectRequiredAttributeClasses()))
+        	attrs.put(getGroupObjectRequiredAttributeClasses(), "");
+        for (int i=0;i<getAttributes().length;i++)
+        	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
+                
         return attrs;
     }
 
@@ -117,6 +123,14 @@
 	protected String[] getObjectClasses() {
 		return this.getGroupObjectClasses();
 	}
+
+	protected String getUidAttributeForPrincipal() {
+		return this.getGroupUidAttribute();
+	}
+
+	protected String[] getAttributes() {
+		return this.getGroupAttributes();
+	}
 	
  	
 }
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/InitLdapSchema.java	(working copy)
@@ -67,6 +67,8 @@
     public void init() throws SecurityException
     {
     	initOu("OrgUnit1");
+    	initOu("People");
+    	initOu("Roles");
     	initOu("People","ou=OrgUnit1");
     	initOu("Groups","ou=OrgUnit1");
     	initOu("Roles","ou=OrgUnit1");
@@ -154,5 +156,9 @@
 		return null;
 	}
 
+	protected String[] getAttributes() {
+		return null;
+	}
 
+
 }
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapUserPrincipalDaoImpl.java	(working copy)
@@ -16,20 +16,15 @@
 package org.apache.jetspeed.security.spi.impl.ldap;
 
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
 
-import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attributes;
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
-import javax.naming.directory.SearchResult;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
+import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.UserPrincipalImpl;
 
@@ -39,9 +34,6 @@
  */
 public class LdapUserPrincipalDaoImpl extends LdapPrincipalDaoImpl implements LdapUserPrincipalDao
 {
-    /** The logger. */
-    private static final Log logger = LogFactory.getLog(LdapUserPrincipalDaoImpl.class);
-
     private LdapMembershipDao membership;
 
     /**
@@ -77,7 +69,7 @@
      */
     public void addGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))	
+    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))	
     		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -99,21 +91,14 @@
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
-        userDn+="," + getRootContext();
+
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
         	
-        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
-        		groupPrincipalUid+="," + getGroupFilterBase();
-        	groupPrincipalUid+="," + getRootContext();
-        	
-            String rdn = getSubcontextName(groupPrincipalUid);
             Attributes attrs = new BasicAttributes(false);
-            attrs.put(getGroupMembershipAttribute(), userDn);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            attrs.put(getGroupMembershipAttribute(), getUserDN(userPrincipalUid));
+            
+            ctx.modifyAttributes(getGroupDN(groupPrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -121,7 +106,9 @@
         }
     }
     
-    /**
+
+
+	/**
      * <p>
      * Replace or delete the user group attribute.
      * </p>
@@ -136,21 +123,13 @@
     {
         validateUid(userPrincipalUid);
         validateUid(groupPrincipalUid);
-        
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase();
+    	
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
-        	
-        	if (getGroupFilterBase()!=null && !getGroupFilterBase().equals(""))
-        		groupPrincipalUid+="," + getGroupFilterBase();
-        	groupPrincipalUid+="," + getRootContext();
-            String rdn = getSubcontextName(userDn);
-            Attributes attrs = new BasicAttributes(false);
+        	Attributes attrs = new BasicAttributes(false);
+            attrs.put(getUserGroupMembershipAttribute(), getGroupDN(groupPrincipalUid));
 
-            attrs.put(getUserGroupMembershipAttribute(), groupPrincipalUid);
-            logger.debug("modifying attrs on " + rdn + " with : " + attrs);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
             
         }
         catch (NamingException e)
@@ -165,7 +144,7 @@
      */
     public void removeGroup(String userPrincipalUid, String groupPrincipalUid) throws SecurityException
     {
-    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute()))
     		modifyUserGroupByUser(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyUserGroupByGroup(userPrincipalUid, groupPrincipalUid, DirContext.REMOVE_ATTRIBUTE);
@@ -178,7 +157,7 @@
      */
     public void addRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
     		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -200,20 +179,13 @@
     {
         validateUid(userPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupByUid(userPrincipalUid);
-        
+ 
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	rolePrincipalUid+="," + getRootContext();
-            String rdn = getSubcontextName(userDn);
-            Attributes attrs = new BasicAttributes(false);
+        	Attributes attrs = new BasicAttributes(false);
+            attrs.put(getUserRoleMembershipAttribute(), getRoleDN(rolePrincipalUid));
 
-            attrs.put(getUserRoleMembershipAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getUserDN(userPrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -237,33 +209,28 @@
     {
         validateUid(userPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = "uid=" + userPrincipalUid + "," + getUserFilterBase() + "," + getRootContext();
         
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(rolePrincipalUid);
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getRoleMembershipAttribute(), getUserDN(userPrincipalUid));
 
-            attrs.put(getRoleMembershipAttribute(), userDn);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
             throw new SecurityException(e);
         }
     }    
-    /**
+
+
+	/**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapUserPrincipalDao#removeGroup(java.lang.String,
      *      java.lang.String)
      */
     public void removeRole(String userPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute()))
     		modifyUserRoleByUser(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyUserRoleByRole(userPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
@@ -285,21 +252,17 @@
         for (int i=0;i<getObjectClasses().length;i++)
         	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
-        attrs.put("cn", principalUid);
-        attrs.put("sn", principalUid);
+
+        for (int i=0;i<getAttributes().length;i++)
+        	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
+        
         attrs.put(getEntryPrefix(), principalUid);
+        
         return attrs;
     }
+    
 
-    /**
-     * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDaoImpl#getDnSuffix()
-     */
-    protected String getDnSuffix()
-    {
 
-        return this.getUserFilterBase();
-    }
-
     /**
      * <p>
      * Creates a GroupPrincipal object.
@@ -319,7 +282,7 @@
      */
     public void addRoleToGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
-    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
     		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
     	else
     		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.ADD_ATTRIBUTE);
@@ -341,19 +304,13 @@
     {
         validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-        	groupPrincipalUid = getGroupIdAttribute() + "=" + groupPrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(userDn);
+
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getRoleGroupMembershipForRoleAttribute(), getGroupDN(groupPrincipalUid));
 
-            attrs.put(getRoleGroupMembershipForRoleAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getRoleDN(rolePrincipalUid,false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -376,19 +333,12 @@
     {
         validateUid(groupPrincipalUid);
         validateUid(rolePrincipalUid);
-        String userDn = lookupGroupByUid(groupPrincipalUid);
         try
         {
-        	rolePrincipalUid = getRoleIdAttribute() + "=" + rolePrincipalUid; 
-        	
-        	if (getRoleFilterBase()!=null && !getRoleFilterBase().equals(""))
-        		rolePrincipalUid+="," + getRoleFilterBase();
-        	
-            String rdn = getSubcontextName(userDn);
             Attributes attrs = new BasicAttributes(false);
+            attrs.put(getGroupMembershipForRoleAttribute(), getRoleDN(rolePrincipalUid));
 
-            attrs.put(getGroupMembershipForRoleAttribute(), rolePrincipalUid);
-            ctx.modifyAttributes(rdn, operationType, attrs);
+            ctx.modifyAttributes(getGroupDN(groupPrincipalUid, false), operationType, attrs);
         }
         catch (NamingException e)
         {
@@ -403,49 +353,40 @@
     public void removeRoleFromGroup(String groupPrincipalUid, String rolePrincipalUid) throws SecurityException
     {
         
-    	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals(""))
+    	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute()))
     		modifyRoleGroupByRole(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
     	else
     		modifyRoleGroupByGroup(groupPrincipalUid, rolePrincipalUid, DirContext.REMOVE_ATTRIBUTE);
         
     }        
-    
 
-	protected String getEntryPrefix() {
-		return this.getUserIdAttribute();
-	}
+    /**
+     * 
+     * Return the list of group IDs for a particular user
+     * 
+     * @param userPrincipalUid
+     * @return the array of group uids asociated with this user
+     * @throws SecurityException
+     */
+    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        SearchControls cons = setSearchControls();
+        try
+        {
+        	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { 
+        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
+        	}
+        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
+        	
+        	
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
 
-	protected String getSearchSuffix() {
-		return this.getUserFilter();
-	}
-
-	    /**
-	     * 
-	     * Return the list of group IDs for a particular user
-	     * 
-	     * @param userPrincipalUid
-	     * @return the array of group uids asociated with this user
-	     * @throws SecurityException
-	     */
-	    public String[] getGroupUidsForUser(String userPrincipalUid) throws SecurityException
-	    {
-	        validateUid(userPrincipalUid);
-	        SearchControls cons = setSearchControls();
-	        try
-	        {
-	        	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
-	        		return membership.searchGroupMemberShipByUser(userPrincipalUid,cons);
-	        	}
-	        	return membership.searchGroupMemberShipByGroup(userPrincipalUid,cons);
-	        	
-	        	
-	        }
-	        catch (NamingException e)
-	        {
-	            throw new SecurityException(e);
-	        }
-	    }
-
 	/**
 	 * <p>
 	 * Return an array of the roles that belong to a group.
@@ -462,7 +403,7 @@
 	        SearchControls cons = setSearchControls();
 	        try
 	        {
-	        	if (getRoleGroupMembershipForRoleAttribute()!=null && !getRoleGroupMembershipForRoleAttribute().equals("")) { 
+	        	if (!StringUtils.isEmpty(getRoleGroupMembershipForRoleAttribute())) { 
 	            	return membership.searchRolesFromGroupByRole(groupPrincipalUid,cons);
 	        	}
 	        	return membership.searchRolesFromGroupByGroup(groupPrincipalUid,cons);
@@ -475,32 +416,32 @@
 	}
 
 	    
-	    /**
-	     * 
-	     * Returns the role IDs for a particular user
-	     * 
-	     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
-	     * 
-	     * @param userPrincipalUid
-	     * @return the array of group uids asociated with this user
-	     * @throws SecurityException
-	     */
-	    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
-	    {
-	        validateUid(userPrincipalUid);
-	        SearchControls cons = setSearchControls();
-	        try
-	        {
-	        	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
-	            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
-	        	}
-	        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
-	        }
-	        catch (NamingException e)
-	        {
-	            throw new SecurityException(e);
-	        }
-	    }
+    /**
+     * 
+     * Returns the role IDs for a particular user
+     * 
+     * Looks up the user, and extracts the rolemembership attr (ex : uniquemember)
+     * 
+     * @param userPrincipalUid
+     * @return the array of group uids asociated with this user
+     * @throws SecurityException
+     */
+    public String[] getRoleUidsForUser(String userPrincipalUid) throws SecurityException
+    {
+        validateUid(userPrincipalUid);
+        SearchControls cons = setSearchControls();
+        try
+        {
+        	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { 
+            	return membership.searchRoleMemberShipByUser(userPrincipalUid,cons);
+        	}
+        	return membership.searchRoleMemberShipByRole(userPrincipalUid,cons);
+        }
+        catch (NamingException e)
+        {
+            throw new SecurityException(e);
+        }
+    }
 
 	/**
 	 * <p>
@@ -518,7 +459,7 @@
 	    SearchControls cons = setSearchControls();
 	    try
 	    {
-	    	if (getUserGroupMembershipAttribute()!=null && !getUserGroupMembershipAttribute().equals("")) { 
+	    	if (!StringUtils.isEmpty(getUserGroupMembershipAttribute())) { 
 	        	return membership.searchUsersFromGroupByUser(groupPrincipalUid,cons);
 	    	}
 	    	return membership.searchUsersFromGroupByGroup(groupPrincipalUid,cons);
@@ -544,7 +485,7 @@
 	    SearchControls cons = setSearchControls();
 	    try
 	    {
-	    	if (getUserRoleMembershipAttribute()!=null && !getUserRoleMembershipAttribute().equals("")) { 
+	    	if (!StringUtils.isEmpty(getUserRoleMembershipAttribute())) { 
 	            return membership.searchUsersFromRoleByUser(rolePrincipalUid,cons);
 	    	}
 	    	return membership.searchUsersFromRoleByRole(rolePrincipalUid,cons);
@@ -558,4 +499,25 @@
 	protected String[] getObjectClasses() {
 		return this.getUserObjectClasses();
 	}	
+	
+	protected String[] getAttributes() {
+		return this.getUserAttributes();
+	}	
+	
+	protected String getUidAttributeForPrincipal() {
+		return this.getUserUidAttribute();
+	}
+
+	protected String getEntryPrefix() {
+		return this.getUserIdAttribute();
+	}
+
+	protected String getSearchSuffix() {
+		return this.getUserFilter();
+	}
+
+	protected String getDnSuffix() {
+        return this.getUserFilterBase();
+    }
+	
 }
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/AbstractLdapDao.java	(working copy)
@@ -28,6 +28,8 @@
 import javax.naming.ldap.LdapContext;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.InvalidDnException;
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.InvalidUidException;
@@ -43,6 +45,9 @@
  */
 public abstract class AbstractLdapDao
 {
+	
+	private static final Log logger = LogFactory.getLog(AbstractLdapDao.class);
+	
     /** The ldap binding configuration. */
     private LdapBindingConfig ldapBindingConfig = null;
 
@@ -167,7 +172,7 @@
     protected SearchControls setSearchControls()
     {
         SearchControls controls = new SearchControls();
-        controls.setReturningAttributes(new String[] {"cn","sn","o","uid","ou","objectClass","nsroledn","userPassword","member","uniqueMember"});
+        controls.setReturningAttributes(getKnownAttributes());
         controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
         controls.setReturningObjFlag(true);
 
@@ -198,56 +203,56 @@
         }
     }
     
-    /**
-     * <p>
-     * Searches the LDAP server for the group with the specified uid attribute.
-     * </p>
-     * 
-     * @return the user's DN
-     */
-    public String lookupGroupByUid(final String uid) throws SecurityException
-    {
-        validateUid(uid);
+//    /**
+//     * <p>
+//     * Searches the LDAP server for the group with the specified uid attribute.
+//     * </p>
+//     * 
+//     * @return the user's DN
+//     */
+//    public String lookupGroupByUid(final String uid) throws SecurityException
+//    {
+//        validateUid(uid);
+//
+//        try
+//        {
+//            SearchControls cons = setSearchControls();
+//            NamingEnumeration searchResults = searchGroupByWildcardedUid(uid, cons);
+//
+//            return getFirstDnForUid(searchResults);
+//        }
+//        catch (NamingException e)
+//        {
+//            throw new SecurityException(e);
+//        }
+//    }    
+//    
+//    /**
+//     * <p>
+//     * Searches the LDAP server for the role with the specified uid attribute.
+//     * </p>
+//     * 
+//     * @return the user's DN
+//     */
+//    public String lookupRoleByUid(final String uid) throws SecurityException
+//    {
+//        validateUid(uid);
+//
+//        try
+//        {
+//            SearchControls cons = setSearchControls();
+//            NamingEnumeration searchResults = searchRoleByWildcardedUid(uid, cons);
+//
+//            return getFirstDnForUid(searchResults);
+//        }
+//        catch (NamingException e)
+//        {
+//            throw new SecurityException(e);
+//        }
+//    }        
 
-        try
-        {
-            SearchControls cons = setSearchControls();
-            NamingEnumeration searchResults = searchGroupByWildcardedUid(uid, cons);
-
-            return getFirstDnForUid(searchResults);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }    
-    
     /**
      * <p>
-     * Searches the LDAP server for the role with the specified uid attribute.
-     * </p>
-     * 
-     * @return the user's DN
-     */
-    public String lookupRoleByUid(final String uid) throws SecurityException
-    {
-        validateUid(uid);
-
-        try
-        {
-            SearchControls cons = setSearchControls();
-            NamingEnumeration searchResults = searchRoleByWildcardedUid(uid, cons);
-
-            return getFirstDnForUid(searchResults);
-        }
-        catch (NamingException e)
-        {
-            throw new SecurityException(e);
-        }
-    }        
-
-    /**
-     * <p>
      * Gets the first matching user for the given uid.
      * </p>
      * 
@@ -261,15 +266,7 @@
         while ((null != searchResults) && searchResults.hasMore())
         {
             SearchResult searchResult = (SearchResult) searchResults.next();
-            
-/* TODO: Java 5 dependency, needs to be resolved for Java 1.4 first before this can be enabled again
-            userDn = searchResult.getNameInNamespace();
-*/            
-//            if (searchResult.getObject() instanceof DirContext)
-//            {
-//                DirContext userEntry = (DirContext) searchResult.getObject();
-//                userDn = userEntry.getNameInNamespace();
-//            }
+            userDn = searchResult.getName();
         }
         return userDn;
     }
@@ -303,69 +300,81 @@
     protected NamingEnumeration searchByWildcardedUid(final String filter, SearchControls cons) throws NamingException
     {
     	// usa a template method to use users/groups/roles
-        String searchFilter = "";
-        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
-        	searchFilter = "(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+    	String query = "";
+        if (StringUtils.isEmpty(getSearchSuffix())) {
+        	query = "(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
         } else {
-        	searchFilter = "(&(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getSearchSuffix() + ")";
+        	query = "(&(" + getEntryPrefix() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getSearchSuffix() + ")";
         }
-        
-        NamingEnumeration searchResults = ((DirContext) ctx).search(getSearchDomain(), searchFilter, cons);
+        logger.debug("searchByWildCardedUid = " + query); 
 
-        return searchResults;
+	    cons.setSearchScope(getSearchScope());
+	    //TODO: added this here for OpenLDAP (when users are stored in ou=People,o=evenSeas)
+	    String searchBase = StringUtils.replace(getSearchDomain(), "," + getRootContext(), "");
+	    NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons);	
+
+        return results;
     }
     
-    /**
-     * <p>
-     * Search uid by wild card.
-     * </p>
-     * 
-     * @param filter The filter.
-     * @param cons The {@link SearchControls}
-     * @return The {@link NamingEnumeration}
-     * @throws NamingException Throws a {@link NamingEnumeration}.
-     */
-    protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException
-    {
-    	// usa a template method to use users/groups/roles
-        String searchFilter = "";
-        if (getSearchSuffix()==null || getSearchSuffix().equals("")) {
-        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
-        } else {
-        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getGroupFilter() + ")";
-        }        
-        
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
+//    /**
+//     * <p>
+//     * Search uid by wild card.
+//     * </p>
+//     * 
+//     * @param filter The filter.
+//     * @param cons The {@link SearchControls}
+//     * @return The {@link NamingEnumeration}
+//     * @throws NamingException Throws a {@link NamingEnumeration}.
+//     */
+//    protected NamingEnumeration searchGroupByWildcardedUid(final String filter, SearchControls cons) throws NamingException
+//    {
+//    	// usa a template method to use users/groups/roles
+//        String query = "";
+//        if (StringUtils.isEmpty(getGroupFilter())) {
+//        	query = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+//        } else {
+//        	query = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getGroupFilter() + ")";
+//        }        
+//        
+//	    String searchBase = "";
+//	    if (!StringUtils.isEmpty(getGroupFilterBase()))
+//	    	searchBase+=getGroupFilterBase();
+//	    cons.setSearchScope(getSearchScope());
+//	    NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons);	
+//
+//        return results;
+//    }   
+//    
+//    /**
+//     * <p>
+//     * Search uid by wild card.
+//     * </p>
+//     * 
+//     * @param filter The filter.
+//     * @param cons The {@link SearchControls}
+//     * @return The {@link NamingEnumeration}
+//     * @throws NamingException Throws a {@link NamingEnumeration}.
+//     */
+//    protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException
+//    {
+//        String query = "";
+//        if (StringUtils.isEmpty(getRoleFilter())) {
+//        	query = "(" + getRoleIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
+//        } else {
+//        	query = "(&(" + getRoleIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getRoleFilter() + ")";
+//        }  
+//        
+//	    String searchBase = "";
+//	    if (!StringUtils.isEmpty(getRoleFilterBase()))
+//	    	searchBase+=getRoleFilterBase();
+//	    cons.setSearchScope(getSearchScope());
+//	    NamingEnumeration results = ((DirContext) ctx).search(searchBase,query , cons);	
+//
+//        return results;
+//    }      
 
-        return searchResults;
-    }   
-    
     /**
      * <p>
-     * Search uid by wild card.
-     * </p>
-     * 
-     * @param filter The filter.
-     * @param cons The {@link SearchControls}
-     * @return The {@link NamingEnumeration}
-     * @throws NamingException Throws a {@link NamingEnumeration}.
-     */
-    protected NamingEnumeration searchRoleByWildcardedUid(final String filter, SearchControls cons) throws NamingException
-    {
-        //String searchFilter = "(&(uid=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ") (objectclass="+ "jetspeed-2-role" + "))";
-        String searchFilter = "";
-        if (getRoleFilter()==null || getRoleFilter().equals("")) {
-        	searchFilter = "(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")";
-        } else {
-        	searchFilter = "(&(" + getGroupIdAttribute() + "=" + (StringUtils.isEmpty(filter) ? "*" : filter) + ")" + getRoleFilter() + ")";
-        }      	
-        NamingEnumeration searchResults = ((DirContext) ctx).search("", searchFilter, cons);
-
-        return searchResults;
-    }      
-
-    /**
-     * <p>
      * Returns the default Group suffix dn.
      * </p>
      * 
@@ -501,14 +510,7 @@
     {
         return this.ldapBindingConfig.getUserFilter();
     }
-    
-    /**
-     * <p>
-     * Returns the default Group suffix dn.
-     * </p>
-     * 
-     * @return The defaultDnSuffix.
-     */
+
     protected String[] getUserObjectClasses()
     {
         return this.ldapBindingConfig.getUserObjectClasses();
@@ -560,6 +562,64 @@
         return this.ldapBindingConfig.getUserIdAttribute();
     }    
 
-	protected abstract String[] getObjectClasses();
-	
+    protected  String getUidAttribute()
+    {
+        return this.ldapBindingConfig.getUidAttribute();
+    }        
+    
+    protected  int getSearchScope()
+    {
+        return Integer.parseInt(this.ldapBindingConfig.getMemberShipSearchScope());
+    }        
+    
+    protected String getRoleUidAttribute()
+    {
+        return this.ldapBindingConfig.getRoleUidAttribute();
+    }        
+    
+    protected String getGroupUidAttribute()
+    {
+        return this.ldapBindingConfig.getGroupUidAttribute();
+    }        
+    
+    protected String getUserUidAttribute()
+    {
+        return this.ldapBindingConfig.getUserUidAttribute();
+    }        
+    
+    protected String getGroupObjectRequiredAttributeClasses()
+    {
+        return this.ldapBindingConfig.getGroupObjectRequiredAttributeClasses();
+    }        
+    
+    protected String getRoleObjectRequiredAttributeClasses()
+    {
+        return this.ldapBindingConfig.getRoleObjectRequiredAttributeClasses();
+    }        
+        
+    protected String[] getUserAttributes()
+    {
+        return this.ldapBindingConfig.getUserAttributes();
+    }        
+    
+    protected String[] getGroupAttributes()
+    {
+        return this.ldapBindingConfig.getGroupAttributes();
+    }        
+    
+    protected String[] getRoleAttributes()
+    {
+        return this.ldapBindingConfig.getRoleAttributes();
+    }        
+    
+    protected String getUserPasswordAttribute() {
+    	return this.ldapBindingConfig.getUserPasswordAttribute();
+    }
+    
+    protected String[] getKnownAttributes() {
+    	return this.ldapBindingConfig.getKnownAttributes();
+    }    
+
+    protected abstract String[] getObjectClasses();
+    protected abstract String[] getAttributes();
 }
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapPrincipalDaoImpl.java	(working copy)
@@ -27,6 +27,7 @@
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jetspeed.security.GroupPrincipal;
@@ -98,10 +99,14 @@
     public void create(final String principalUid) throws SecurityException
     {
         Attributes attrs = defineLdapAttributes(principalUid);
+        logger.debug("creating principal with " + attrs);
         try
         {
-            String userDn = getEntryPrefix() + "=" + principalUid;
-            if (getDnSuffix()!=null && !getDnSuffix().equals("")) userDn+="," + getDnSuffix();// + ',' + getDefaultSearchBase();
+        	String userDn = getEntryPrefix() + "=" + principalUid;
+            if (!StringUtils.isEmpty(getDnSuffix())) 
+            		userDn+="," + getDnSuffix();
+
+            logger.debug("userDn = " + userDn);
             
             ctx.createSubcontext(userDn, attrs);
             if (logger.isDebugEnabled())
@@ -125,6 +130,16 @@
     protected abstract String getDnSuffix();
 
     /**
+     * <p>
+     * Builds the dn suffix.
+     * </p>
+     * 
+     * @return The dn suffix.
+     */
+    protected abstract String getUidAttributeForPrincipal();
+
+    
+    /**
      * @see org.apache.jetspeed.security.spi.impl.ldap.LdapPrincipalDao#delete(java.lang.String)
      */
     public void delete(final String principalUid) throws SecurityException
@@ -140,6 +155,8 @@
         try
         {
             rdn = getSubcontextName(dn);
+            if(!StringUtils.isEmpty(getSearchDomain()))
+            	rdn+="," + getSearchDomain();
             ctx.destroySubcontext(rdn);
         }
         catch (NamingException e)
@@ -261,7 +278,7 @@
         {
             Attributes atts = searchResult.getAttributes();
 
-            String uid = (String) getAttribute(getEntryPrefix(), atts).getAll().next();
+            String uid = (String) getAttribute(getUidAttributeForPrincipal(), atts).getAll().next();
             Principal principal = makePrincipal(uid);
 
             principals.add(principal);
@@ -281,7 +298,7 @@
         {
             Attribute attr = (Attribute) ae.next();
 
-            if (attr.getID().equals(attributeName))
+            if (attr.getID().equalsIgnoreCase(attributeName))
             {
                 return attr;
             }
@@ -291,6 +308,53 @@
     
 	protected String getSearchDomain() {
 		return this.getUserFilterBase();
-	}    
+	}
 
+	protected String[] parseAttr(String attr, String replace) {
+		attr = StringUtils.replace(attr, "{u}", replace);
+		return StringUtils.split(attr,"=");
+	}
+
+	protected String getGroupDN(String groupPrincipalUid) {
+		return getGroupDN(groupPrincipalUid,true);
+	}
+
+	protected String getGroupDN(String groupPrincipalUid, boolean includeBaseDN) {
+		String groupDN = getGroupIdAttribute() + "=" + groupPrincipalUid;
+		if (!StringUtils.isEmpty(getGroupFilterBase()))
+			groupDN += "," + getGroupFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext()))
+			groupDN += "," + getRootContext();
+		return groupDN;
+	}	
+
+	protected String getRoleDN(String rolePrincipalUid) {
+		return getRoleDN(rolePrincipalUid,true);
+	}
+	
+	protected String getRoleDN(String rolePrincipalUid, boolean includeBaseDN) {
+		String roleDN = getRoleIdAttribute() + "=" + rolePrincipalUid; 
+		if (!StringUtils.isEmpty(getRoleFilterBase())) 
+			roleDN+="," + getRoleFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext())) 
+			roleDN+="," + getRootContext();
+		return roleDN;
+	}    	
+
+	protected String getUserDN(String userPrincipalUid) {
+		return getUserDN(userPrincipalUid,true);
+	}
+	
+	protected String getUserDN(String userPrincipalUid, boolean includeBaseDN) {
+		String userDN = getUserIdAttribute() + "=" + userPrincipalUid;
+		if (!StringUtils.isEmpty(getUserFilterBase()))
+			userDN += "," + getUserFilterBase();
+		if (includeBaseDN && !StringUtils.isEmpty(getRootContext()))
+			userDN += "," + getRootContext();
+		return userDN;
+	}	
+
+
+
+
 }
\ No newline at end of file
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/ldap/LdapRoleDaoImpl.java	(working copy)
@@ -21,6 +21,7 @@
 import javax.naming.directory.BasicAttribute;
 import javax.naming.directory.BasicAttributes;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.impl.RolePrincipalImpl;
 
@@ -76,6 +77,10 @@
         	classes.add(getObjectClasses()[i]);
         attrs.put(classes);
         attrs.put(getEntryPrefix(), principalUid);
+        if(!StringUtils.isEmpty(getRoleObjectRequiredAttributeClasses()))
+        	attrs.put(getRoleObjectRequiredAttributeClasses(), "");
+        for (int i=0;i<getAttributes().length;i++)
+        	attrs.put(parseAttr(getAttributes()[i],principalUid)[0], parseAttr(getAttributes()[i],principalUid)[1]);
         return attrs;
     }
 
@@ -115,6 +120,15 @@
 	protected String[] getObjectClasses() {
 		return this.getRoleObjectClasses();
 	}
+
+	protected String getUidAttributeForPrincipal() {
+		return this.getRoleUidAttribute();
+	}
+
+	protected String[] getAttributes() {
+		return getRoleAttributes();
+	}
 	
 	
 }
+
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/components/security/src/java/org/apache/jetspeed/security/spi/impl/LdapSecurityMappingHandler.java	(working copy)
@@ -159,7 +159,6 @@
      */
     public void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException
     {
-    	//TODO: check if this is ok
         verifyUserAndRoleExist(username, roleFullPathName);
         removeUserFromRole(username, roleFullPathName);
     }
Index: D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/.classpath
===================================================================
--- D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/.classpath	(revision 468102)
+++ D:/PROJECTS/ECLIPSE/JETSPEED2/jetspeed-2/.classpath	(working copy)
@@ -90,7 +90,6 @@
 	<classpathentry kind="var" path="MAVEN_REPO/jstl/jars/jstl-1.0.6.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/org.apache.pluto/jars/pluto-1.0.1.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/lucene/jars/lucene-1.4.1.jar"/>
-	<classpathentry kind="var" path="MAVEN_REPO/nekohtml/jars/nekohtml-0.9.3.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/oro/jars/oro-2.0.7.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/commons-codec/jars/commons-codec-1.3.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/rome/jars/rome-0.4.jar"/>
@@ -100,21 +99,20 @@
 	<classpathentry kind="var" path="MAVEN_REPO/myfaces/jars/tomahawk-1.1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/cglib/jars/cglib-full-2.0.2.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/springframework/jars/spring-1.1.5.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-beans-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-context-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-mock-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-portlet-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-web-2.0-m4.jar"/>
-    <classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-webmvc-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-beans-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-context-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-mock-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-portlet-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-web-2.0-m4.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.springframework/jars/spring-webmvc-2.0-m4.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/commons-fileupload/jars/commons-fileupload-1.0.jar"/>
-	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-common-1.0.jar"/>
-	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-frameworks-1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-jsf-1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-velocity-1.0.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/activation/jars/activation-1.0.2.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/javamail/jars/javamail-1.3.3.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/taglibs/jars/random-1.0.2.jar"/>
 	<classpathentry kind="var" path="MAVEN_REPO/xstream/jars/xstream-1.1.2.jar"/>
-	<classpathentry kind="var" path="MAVEN_REPO/jmx/jars/jmxri-1.2.1.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-common-1.0.1-dev.jar"/>
+	<classpathentry kind="var" path="MAVEN_REPO/org.apache.portals.bridges/jars/portals-bridges-frameworks-1.0.1-dev.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>