X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.util%2Fsrc%2Forg%2Fargeo%2Futil%2Fdirectory%2Fldap%2FAbstractLdapDirectory.java;h=9e70e84ea34de2a96e7d928b8a35dec5bcf866f4;hb=25316bb35087da302a0916c1e0bdf2fc09e8feb0;hp=9c35e4660797a252a98505d701f711f4a709e4e6;hpb=d26a4ba8f367608590167fb4a866f1f0202ad1aa;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
index 9c35e4660..9e70e84ea 100644
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/AbstractLdapDirectory.java
@@ -19,6 +19,7 @@ import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttributes;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
 import javax.transaction.xa.XAResource;
@@ -253,8 +254,17 @@ public abstract class AbstractLdapDirectory implements Directory, XAResourceProv
 					Object value = values.next();
 					LdapName groupDn = new LdapName(value.toString());
 					LdapEntry group = doGetRole(groupDn);
-					if (group != null)
+					if (group != null) {
 						allRoles.add(group);
+					}else {
+						// user doesn't have the right to retrieve role, but we know it exists
+						// otherwise memberOf would not work
+						Attributes a = new BasicAttributes();
+						a.put(LdapNameUtils.getLastRdn(groupDn).getType(), LdapNameUtils.getLastRdn(groupDn).getValue());
+						a.put(LdapAttrs.objectClass.name(), LdapObjs.groupOfNames.name());
+						group = newGroup(groupDn, a);
+						allRoles.add(group);
+					}
 				}
 			} catch (NamingException e) {
 				throw new IllegalStateException("Cannot get memberOf groups for " + user, e);