From 56f7b839252635f6e49a50ab7a04c2fef8b5c18a Mon Sep 17 00:00:00 2001
From: Olivier Lamy <olamy@apache.org>
Date: Tue, 15 Jan 2013 13:20:57 +0000
Subject: [PATCH] add ldap rbac manager

git-svn-id: https://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk@1433395 13f79535-47bb-0310-9956-ffa450edef68
---
 pom.xml                                       |   2 +-
 redback-common/redback-common-ldap/pom.xml    |   5 +
 .../ldap/role/DefaultLdapRoleMapper.java      | 151 +++++
 .../common/ldap/role/LdapRoleMapper.java      |  17 +
 .../common/ldap/role/TestLdapRoleMapper.java  |   1 -
 .../{META-INF => }/spring-context.xml         |   0
 .../redback-rbac-ldap/pom.xml                 | 143 ++++
 .../redback/rbac/ldap/LdapRbacManager.java    | 630 ++++++++++++++++++
 .../resources/META-INF/spring-context.xml     |  34 +
 .../rbac/ldap/LdapRbacManagerTest.java        | 289 ++++++++
 .../src/test/resources/spring-context.xml     | 132 ++++
 .../src/test/security.properties              |  19 +
 .../tests/AbstractRbacManagerTestCase.java    |   1 -
 13 files changed, 1421 insertions(+), 3 deletions(-)
 rename redback-configuration/src/test/resources/{META-INF => }/spring-context.xml (100%)
 create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml
 create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
 create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml
 create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManagerTest.java
 create mode 100755 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml
 create mode 100644 redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/security.properties

diff --git a/pom.xml b/pom.xml
index 3b15ed2c8..d0e72b54e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -576,7 +576,7 @@
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>13.0</version>
+        <version>13.0.1</version>
       </dependency>
       <!--
       using apacheds client api rather than com.sun.jndi.ldap
diff --git a/redback-common/redback-common-ldap/pom.xml b/redback-common/redback-common-ldap/pom.xml
index 7f945e6d8..1165e6083 100644
--- a/redback-common/redback-common-ldap/pom.xml
+++ b/redback-common/redback-common-ldap/pom.xml
@@ -52,6 +52,10 @@
       <groupId>commons-lang</groupId>
       <artifactId>commons-lang</artifactId>
     </dependency>
+    <dependency>
+      <groupId>com.google.guava</groupId>
+      <artifactId>guava</artifactId>
+    </dependency>
 
     <dependency>
       <groupId>org.slf4j</groupId>
@@ -93,6 +97,7 @@
               org.apache.archiva.redback.users;version=${project.version},
               org.apache.commons.lang;version="[2.6,3)",
               org.springframework.stereotype;version="[3,4)",
+              com.google.common.collect,
               com.sun.jndi.ldap;resolution:=optional,
               org.slf4j;resolution:=optional
             </Import-Package>
diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
index fc902c626..f5a273e91 100644
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/DefaultLdapRoleMapper.java
@@ -18,6 +18,7 @@ package org.apache.archiva.redback.common.ldap.role;
  * under the License.
  */
 
+import com.google.common.collect.HashBiMap;
 import org.apache.archiva.redback.common.ldap.MappingException;
 import org.apache.archiva.redback.common.ldap.connection.LdapConnection;
 import org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory;
@@ -35,6 +36,9 @@ import javax.inject.Named;
 import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
 import javax.naming.directory.DirContext;
 import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
@@ -394,6 +398,153 @@ public class DefaultLdapRoleMapper
         return map;
     }
 
+    public boolean saveRole( String roleName )
+        throws MappingException
+    {
+
+        String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName );
+        if ( groupName == null )
+        {
+            log.warn( "skip group creation as no mapping fro roleName:'{}", roleName );
+            return false;
+        }
+
+        List<String> allGroups = getAllGroups();
+        if ( allGroups.contains( groupName ) )
+        {
+            log.info( "group {} already exists for role.", groupName, roleName );
+            return false;
+        }
+
+        Attributes attributes = new BasicAttributes( true );
+        BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+        objectClass.add( "top" );
+        objectClass.add( "groupOfUniqueNames" );
+        attributes.put( objectClass );
+        attributes.put( "cn", groupName );
+
+        // attribute mandatory when created a group so add admin as default member
+        // TODO make this default configurable
+        BasicAttribute basicAttribute = new BasicAttribute( "uniquemember" );
+        //
+        basicAttribute.add( "uid=admin," + getBaseDn() );
+
+        attributes.put( basicAttribute );
+
+        LdapConnection ldapConnection = null;
+
+        try
+        {
+            ldapConnection = ldapConnectionFactory.getConnection();
+
+            DirContext context = ldapConnection.getDirContext();
+
+            String dn = "cn=" + groupName + "," + this.groupsDn;
+
+            context.createSubcontext( dn, attributes );
+
+            log.debug( "created group with dn:'{}", dn );
+
+            return true;
+        }
+        catch ( LdapException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+
+        }
+        catch ( NamingException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+        }
+        finally
+        {
+            if ( ldapConnection != null )
+            {
+                ldapConnection.close();
+            }
+        }
+    }
+
+    public void removeAllRoles()
+        throws MappingException
+    {
+        //all mapped roles
+        Collection<String> groups = getLdapGroupMappings().keySet();
+
+        LdapConnection ldapConnection = null;
+        try
+        {
+            ldapConnection = ldapConnectionFactory.getConnection();
+
+            DirContext context = ldapConnection.getDirContext();
+
+            for ( String groupName : groups )
+            {
+
+                String dn = "cn=" + groupName + "," + this.groupsDn;
+
+                context.unbind( dn );
+
+                log.debug( "deleted group with dn:'{}", dn );
+            }
+
+        }
+        catch ( LdapException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+
+        }
+        catch ( NamingException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+        }
+        finally
+        {
+            if ( ldapConnection != null )
+            {
+                ldapConnection.close();
+            }
+        }
+    }
+
+    public void removeRole( String roleName )
+        throws MappingException
+    {
+
+        String groupName = HashBiMap.create( getLdapGroupMappings() ).inverse().get( roleName );
+
+        LdapConnection ldapConnection = null;
+        try
+        {
+            ldapConnection = ldapConnectionFactory.getConnection();
+
+            DirContext context = ldapConnection.getDirContext();
+
+            String dn = "cn=" + groupName + "," + this.groupsDn;
+
+            context.unbind( dn );
+
+            log.debug( "deleted group with dn:'{}", dn );
+
+        }
+        catch ( LdapException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+
+        }
+        catch ( NamingException e )
+        {
+            throw new MappingException( e.getMessage(), e );
+        }
+        finally
+        {
+            if ( ldapConnection != null )
+            {
+                ldapConnection.close();
+            }
+        }
+    }
+
     //---------------------------------
     // setters for unit tests
     //---------------------------------
diff --git a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java
index 43bb08d02..b00fafb98 100644
--- a/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/main/java/org/apache/archiva/redback/common/ldap/role/LdapRoleMapper.java
@@ -99,4 +99,21 @@ public interface LdapRoleMapper
     void setLdapGroupMappings( Map<String, String> mappings )
         throws MappingException;
 
+    /**
+     * will save a ldap group corresponding to the mapping.
+     * <b>will do nothing in group already exists.</b>
+     *
+     * @param roleName
+     * @return <code>true</code> if role was added, <code>false</code> if role already exists
+     * @throws MappingException
+     */
+    boolean saveRole( String roleName )
+        throws MappingException;
+
+    void removeAllRoles()
+        throws MappingException;
+
+    void removeRole( String roleName )
+        throws MappingException;
+
 }
diff --git a/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java b/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
index 60d5c5e1a..7742e6c91 100644
--- a/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
+++ b/redback-common/redback-common-ldap/src/test/java/org/apache/archiva/redback/common/ldap/role/TestLdapRoleMapper.java
@@ -122,7 +122,6 @@ public class TestLdapRoleMapper
         Attributes attributes = new BasicAttributes( true );
         attributes.put( objectClass );
         attributes.put( "organizationalUnitName", "foo" );
-        //attributes.put( "ou", "People" );
 
         apacheDs.getAdminContext().createSubcontext( suffix, attributes );
 
diff --git a/redback-configuration/src/test/resources/META-INF/spring-context.xml b/redback-configuration/src/test/resources/spring-context.xml
similarity index 100%
rename from redback-configuration/src/test/resources/META-INF/spring-context.xml
rename to redback-configuration/src/test/resources/spring-context.xml
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml
new file mode 100644
index 000000000..78d78f689
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/pom.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~  http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.apache.archiva.redback</groupId>
+    <artifactId>redback-rbac-providers</artifactId>
+    <version>2.1-SNAPSHOT</version>
+  </parent>
+
+  <artifactId>redback-rbac-ldap</artifactId>
+  <packaging>bundle</packaging>
+  <name>Redback :: RBAC Provider :: Ldap</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-system</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-authorization-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-rbac-model</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback.components.cache</groupId>
+      <artifactId>spring-cache-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback.components.cache</groupId>
+      <artifactId>spring-cache-ehcache</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>net.sf.ehcache</groupId>
+      <artifactId>ehcache-core</artifactId>
+    </dependency>     
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-context-support</artifactId>
+    </dependency>   
+    <dependency>
+      <groupId>javax.annotation</groupId>
+      <artifactId>jsr250-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-common-ldap</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-rbac-jdo</artifactId>      
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-rbac-cached</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-rbac-memory</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback</groupId>
+      <artifactId>redback-rbac-tests</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.hsqldb</groupId>
+      <artifactId>hsqldb</artifactId>
+      <scope>test</scope>
+    </dependency>    
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-simple</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.archiva.redback.components</groupId>
+      <artifactId>spring-apacheds</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.felix</groupId>
+        <artifactId>maven-bundle-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>build-helper-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>allocate-ldap-port</id>
+            <phase>process-classes</phase>
+            <goals>
+              <goal>reserve-network-port</goal>
+            </goals>
+            <configuration>
+              <portNames>
+                <portName>ldapPort</portName>
+              </portNames>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <configuration>
+          <systemPropertyVariables>
+            <ldapPort>${ldapPort}</ldapPort>
+            <basedir>${basedir}</basedir>
+          </systemPropertyVariables>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
new file mode 100644
index 000000000..b5fb8d85c
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManager.java
@@ -0,0 +1,630 @@
+package org.apache.archiva.redback.rbac.ldap;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.archiva.redback.common.ldap.MappingException;
+import org.apache.archiva.redback.common.ldap.role.LdapRoleMapper;
+import org.apache.archiva.redback.components.cache.Cache;
+import org.apache.archiva.redback.rbac.Operation;
+import org.apache.archiva.redback.rbac.Permission;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.RBACManagerListener;
+import org.apache.archiva.redback.rbac.RbacManagerException;
+import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
+import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
+import org.apache.archiva.redback.rbac.Resource;
+import org.apache.archiva.redback.rbac.Role;
+import org.apache.archiva.redback.rbac.UserAssignment;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * LdapRbacManager will read datas from ldap for mapping groups to role.
+ * Write operations will delegate to cached implementation.
+ *
+ * @author Olivier Lamy
+ */
+@Service( "rbacManager#ldap" )
+public class LdapRbacManager
+    implements RBACManager, RBACManagerListener
+{
+
+    private Logger log = LoggerFactory.getLogger( getClass() );
+
+    @Inject
+    @Named( value = "rbacManager#cached" )
+    private RBACManager rbacImpl;
+
+    @Inject
+    @Named( value = "ldapRoleMapper#default" )
+    private LdapRoleMapper ldapRoleMapper;
+
+    /**
+     * limited to role / group write
+     */
+    private boolean writableLdap = false;
+
+
+    public void addChildRole( Role role, Role childRole )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.addChildRole( role, childRole );
+    }
+
+    public void addListener( RBACManagerListener listener )
+    {
+        this.rbacImpl.addListener( listener );
+    }
+
+    public Operation createOperation( String name )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.createOperation( name );
+    }
+
+    public Permission createPermission( String name )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.createPermission( name );
+    }
+
+    public Permission createPermission( String name, String operationName, String resourceIdentifier )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.createPermission( name, operationName, resourceIdentifier );
+    }
+
+    public Resource createResource( String identifier )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.createResource( identifier );
+    }
+
+    public Role createRole( String name )
+    {
+        return this.rbacImpl.createRole( name );
+    }
+
+    public UserAssignment createUserAssignment( String username )
+        throws RbacManagerException
+    {
+        // TODO ldap cannot or isWritable ldap ?
+        return this.rbacImpl.createUserAssignment( username );
+    }
+
+    public void eraseDatabase()
+    {
+        if ( writableLdap )
+        {
+            try
+            {
+                ldapRoleMapper.removeAllRoles();
+            }
+            catch ( MappingException e )
+            {
+                log.warn( "skip error removing all roles {}", e.getMessage() );
+            }
+        }
+        this.rbacImpl.eraseDatabase();
+    }
+
+    /**
+     * @see org.apache.archiva.redback.rbac.RBACManager#getAllAssignableRoles()
+     */
+    public List<Role> getAllAssignableRoles()
+        throws RbacManagerException, RbacObjectNotFoundException
+    {
+        // TODO FROM ldap or from real impl ?
+        return this.rbacImpl.getAllAssignableRoles();
+    }
+
+    public List<Operation> getAllOperations()
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getAllOperations();
+    }
+
+    public List<Permission> getAllPermissions()
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getAllPermissions();
+    }
+
+    public List<Resource> getAllResources()
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getAllResources();
+    }
+
+    public List<Role> getAllRoles()
+        throws RbacManagerException
+    {
+        // TODO FROM ldap or from real impl ?
+        try
+        {
+            List<String> groups = ldapRoleMapper.getAllGroups();
+            return mapToRoles( groups );
+        }
+        catch ( MappingException e )
+        {
+            throw new RbacManagerException( e.getMessage(), e );
+        }
+        //return this.rbacImpl.getAllRoles();
+    }
+
+    public List<UserAssignment> getAllUserAssignments()
+        throws RbacManagerException
+    {
+        // TODO FROM ldap or from real impl ?
+        return this.rbacImpl.getAllUserAssignments();
+    }
+
+    public Map<String, List<Permission>> getAssignedPermissionMap( String username )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        // TODO here !!
+        return this.rbacImpl.getAssignedPermissionMap( username );
+    }
+
+    public Set<Permission> getAssignedPermissions( String username )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        // TODO here !!
+        return this.rbacImpl.getAssignedPermissions( username );
+    }
+
+    private List<Role> mapToRoles( List<String> groups )
+        throws MappingException, RbacManagerException
+    {
+        if ( groups == null || groups.isEmpty() )
+        {
+            return Collections.emptyList();
+        }
+
+        List<Role> roles = new ArrayList<Role>( groups.size() );
+        Map<String, String> mappedGroups = ldapRoleMapper.getLdapGroupMappings();
+        for ( String group : groups )
+        {
+            String roleName = mappedGroups.get( group );
+            if ( roleName != null )
+            {
+                Role role = getRole( roleName );
+                if ( role != null )
+                {
+                    roles.add( role );
+                }
+            }
+        }
+        return roles;
+
+    }
+
+    public Collection<Role> getAssignedRoles( String username )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        try
+        {
+            // TODO here !!
+            List<String> roleNames = ldapRoleMapper.getRoles( username );
+
+            if ( roleNames.isEmpty() )
+            {
+                return Collections.emptyList();
+            }
+
+            List<Role> roles = new ArrayList<Role>( roleNames.size() );
+
+            // TODO normally new Role with name must be enough
+
+            for ( String name : roleNames )
+            {
+                Role role = rbacImpl.getRole( name );
+                if ( role != null )
+                {
+                    roles.add( role );
+                }
+            }
+
+            return roles;
+        }
+        catch ( MappingException e )
+        {
+            throw new RbacManagerException( e.getMessage(), e );
+        }
+    }
+
+    public Collection<Role> getAssignedRoles( UserAssignment userAssignment )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        // TODO here !!
+        return this.rbacImpl.getAssignedRoles( userAssignment );
+    }
+
+    public Map<String, Role> getChildRoles( Role role )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getChildRoles( role );
+    }
+
+    public Map<String, Role> getParentRoles( Role role )
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getParentRoles( role );
+    }
+
+    public Collection<Role> getEffectivelyAssignedRoles( String username )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        // TODO here !!
+        return this.rbacImpl.getEffectivelyAssignedRoles( username );
+    }
+
+    public Collection<Role> getEffectivelyUnassignedRoles( String username )
+        throws RbacManagerException, RbacObjectNotFoundException
+    {
+        // TODO here !!
+        return this.rbacImpl.getEffectivelyUnassignedRoles( username );
+    }
+
+    public Set<Role> getEffectiveRoles( Role role )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getEffectiveRoles( role );
+    }
+
+    public Resource getGlobalResource()
+        throws RbacManagerException
+    {
+        return this.rbacImpl.getGlobalResource();
+    }
+
+    public Operation getOperation( String operationName )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getOperation( operationName );
+    }
+
+    public Permission getPermission( String permissionName )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getPermission( permissionName );
+    }
+
+    public Resource getResource( String resourceIdentifier )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getResource( resourceIdentifier );
+    }
+
+    public Role getRole( String roleName )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getRole( roleName );
+    }
+
+    public Map<String, Role> getRoles( Collection<String> roleNames )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        return this.rbacImpl.getRoles( roleNames );
+    }
+
+    public Collection<Role> getUnassignedRoles( String username )
+        throws RbacManagerException, RbacObjectNotFoundException
+    {
+        // TODO here !!
+        return this.rbacImpl.getUnassignedRoles( username );
+    }
+
+    public UserAssignment getUserAssignment( String username )
+        throws RbacObjectNotFoundException, RbacManagerException
+    {
+        // TODO here !!
+        return this.rbacImpl.getUserAssignment( username );
+    }
+
+    public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
+        throws RbacManagerException
+    {
+        // TODO from ldap
+        return this.rbacImpl.getUserAssignmentsForRoles( roleNames );
+    }
+
+    public boolean operationExists( Operation operation )
+    {
+        return this.rbacImpl.operationExists( operation );
+    }
+
+    public boolean operationExists( String name )
+    {
+        return this.rbacImpl.operationExists( name );
+    }
+
+    public boolean permissionExists( Permission permission )
+    {
+        return this.rbacImpl.permissionExists( permission );
+    }
+
+    public boolean permissionExists( String name )
+    {
+        return this.rbacImpl.permissionExists( name );
+    }
+
+    public void rbacInit( boolean freshdb )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacInit( freshdb );
+        }
+    }
+
+    public void rbacPermissionRemoved( Permission permission )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacPermissionRemoved( permission );
+        }
+
+    }
+
+    public void rbacPermissionSaved( Permission permission )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacPermissionSaved( permission );
+        }
+
+    }
+
+    public void rbacRoleRemoved( Role role )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacRoleRemoved( role );
+        }
+
+    }
+
+    public void rbacRoleSaved( Role role )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacRoleSaved( role );
+        }
+
+    }
+
+    public void rbacUserAssignmentRemoved( UserAssignment userAssignment )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentRemoved( userAssignment );
+        }
+
+    }
+
+    public void rbacUserAssignmentSaved( UserAssignment userAssignment )
+    {
+        if ( rbacImpl instanceof RBACManagerListener )
+        {
+            ( (RBACManagerListener) this.rbacImpl ).rbacUserAssignmentSaved( userAssignment );
+        }
+
+    }
+
+    public void removeListener( RBACManagerListener listener )
+    {
+        this.rbacImpl.removeListener( listener );
+    }
+
+    public void removeOperation( Operation operation )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeOperation( operation );
+    }
+
+    public void removeOperation( String operationName )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeOperation( operationName );
+    }
+
+    public void removePermission( Permission permission )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removePermission( permission );
+    }
+
+    public void removePermission( String permissionName )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removePermission( permissionName );
+    }
+
+    public void removeResource( Resource resource )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeResource( resource );
+    }
+
+    public void removeResource( String resourceIdentifier )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeResource( resourceIdentifier );
+    }
+
+    public void removeRole( Role role )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeRole( role );
+    }
+
+    public void removeRole( String roleName )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        this.rbacImpl.removeRole( roleName );
+    }
+
+    public void removeUserAssignment( String username )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        // TODO ldap cannot or isWritable ldap ?
+        this.rbacImpl.removeUserAssignment( username );
+    }
+
+    public void removeUserAssignment( UserAssignment userAssignment )
+        throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
+    {
+        // TODO ldap cannot or isWritable ldap ?
+        this.rbacImpl.removeUserAssignment( userAssignment );
+    }
+
+    public boolean resourceExists( Resource resource )
+    {
+        return this.rbacImpl.resourceExists( resource );
+    }
+
+    public boolean resourceExists( String identifier )
+    {
+        return this.rbacImpl.resourceExists( identifier );
+    }
+
+    public boolean roleExists( Role role )
+    {
+        return this.rbacImpl.roleExists( role );
+    }
+
+    public boolean roleExists( String name )
+    {
+        return this.rbacImpl.roleExists( name );
+    }
+
+    public Operation saveOperation( Operation operation )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        return this.rbacImpl.saveOperation( operation );
+    }
+
+    public Permission savePermission( Permission permission )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        return this.rbacImpl.savePermission( permission );
+    }
+
+    public Resource saveResource( Resource resource )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        return this.rbacImpl.saveResource( resource );
+    }
+
+    public synchronized Role saveRole( Role role )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        if ( writableLdap )
+        {
+            try
+            {
+                ldapRoleMapper.saveRole( role.getName() );
+            }
+            catch ( MappingException e )
+            {
+                throw new RbacManagerException( e.getMessage(), e );
+            }
+        }
+        return this.rbacImpl.saveRole( role );
+    }
+
+    public synchronized void saveRoles( Collection<Role> roles )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        if ( writableLdap )
+        {
+            try
+            {
+                for ( Role role : roles )
+                {
+                    ldapRoleMapper.saveRole( role.getName() );
+                }
+            }
+            catch ( MappingException e )
+            {
+                throw new RbacManagerException( e.getMessage(), e );
+            }
+        }
+        this.rbacImpl.saveRoles( roles );
+    }
+
+    public UserAssignment saveUserAssignment( UserAssignment userAssignment )
+        throws RbacObjectInvalidException, RbacManagerException
+    {
+        return this.rbacImpl.saveUserAssignment( userAssignment );
+    }
+
+    public boolean userAssignmentExists( String principal )
+    {
+        // TODO here
+        return this.rbacImpl.userAssignmentExists( principal );
+    }
+
+    public boolean userAssignmentExists( UserAssignment assignment )
+    {
+        // TODO here
+        return this.rbacImpl.userAssignmentExists( assignment );
+    }
+
+    public RBACManager getRbacImpl()
+    {
+        return rbacImpl;
+    }
+
+    public void setRbacImpl( RBACManager rbacImpl )
+    {
+        this.rbacImpl = rbacImpl;
+    }
+
+    public boolean isWritableLdap()
+    {
+        return writableLdap;
+    }
+
+    public void setWritableLdap( boolean writableLdap )
+    {
+        this.writableLdap = writableLdap;
+    }
+
+    public LdapRoleMapper getLdapRoleMapper()
+    {
+        return ldapRoleMapper;
+    }
+
+    public void setLdapRoleMapper( LdapRoleMapper ldapRoleMapper )
+    {
+        this.ldapRoleMapper = ldapRoleMapper;
+    }
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml
new file mode 100644
index 000000000..b8f9da741
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/main/resources/META-INF/spring-context.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+           http://www.springframework.org/schema/context 
+           http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+       default-lazy-init="true">
+
+  <context:annotation-config />
+  <context:component-scan 
+    base-package="org.apache.archiva.redback.rbac.ldap"/>
+
+</beans>
\ No newline at end of file
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManagerTest.java b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManagerTest.java
new file mode 100644
index 000000000..b5522dbb5
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/java/org/apache/archiva/redback/rbac/ldap/LdapRbacManagerTest.java
@@ -0,0 +1,289 @@
+package org.apache.archiva.redback.rbac.ldap;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import net.sf.ehcache.CacheManager;
+import org.apache.archiva.redback.components.apacheds.ApacheDs;
+import org.apache.archiva.redback.policy.PasswordEncoder;
+import org.apache.archiva.redback.policy.encoders.SHA1PasswordEncoder;
+import org.apache.archiva.redback.rbac.RBACManager;
+import org.apache.archiva.redback.rbac.ldap.LdapRbacManager;
+import org.apache.archiva.redback.tests.AbstractRbacManagerTestCase;
+import org.junit.Before;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.BasicAttribute;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.springframework.test.annotation.DirtiesContext;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+//@DirtiesContext( classMode = DirtiesContext.ClassMode.AFTER_CLASS )
+public class LdapRbacManagerTest
+    extends AbstractRbacManagerTestCase
+{
+
+    @Inject
+    @Named( value = "rbacManager#ldap" )
+    LdapRbacManager rbacManager;
+
+    @Inject
+    @Named( value = "apacheDS#test" )
+    private ApacheDs apacheDs;
+
+    private String suffix, groupSuffix;
+
+    private PasswordEncoder passwordEncoder;
+
+    private Map<String, List<String>> usersPerGroup;
+
+    private List<String> users;
+
+
+    /**
+     * Creates a new RbacStore which contains no data.
+     */
+    @Before
+    public void setUp()
+        throws Exception
+    {
+        super.setUp();
+        CacheManager.getInstance().clearAll();
+        setRbacManager( rbacManager );
+
+        assertTrue( getRbacManager() instanceof LdapRbacManager );
+
+        rbacManager.setWritableLdap( true );
+
+        passwordEncoder = new SHA1PasswordEncoder();
+
+        usersPerGroup = new HashMap<String, List<String>>( 3 );
+
+        usersPerGroup.put( "theADMIN", Arrays.asList( "admin", "user.9", "bob" ) );
+
+        usersPerGroup.put( "thePROJECT_ADMIN", Arrays.asList( "admin", "bob" ) );
+
+        usersPerGroup.put( "theDEVELOPER", Arrays.asList( "admin", "user.7", "bob" ) );
+
+        users = new ArrayList<String>( 4 );
+        users.add( "admin" );
+        users.add( "user.7" );
+        users.add( "user.8" );
+        users.add( "user.9" );
+
+        groupSuffix = apacheDs.addSimplePartition( "test", new String[]{ "archiva", "apache", "org" } ).getSuffix();
+
+        log.info( "groupSuffix: {}", groupSuffix );
+
+        suffix = "ou=People,dc=archiva,dc=apache,dc=org";
+
+        log.info( "DN Suffix: {}", suffix );
+
+        apacheDs.startServer();
+
+        BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+        objectClass.add( "top" );
+        objectClass.add( "organizationalUnit" );
+
+        Attributes attributes = new BasicAttributes( true );
+        attributes.put( objectClass );
+        attributes.put( "organizationalUnitName", "foo" );
+
+        apacheDs.getAdminContext().createSubcontext( suffix, attributes );
+
+        //makeUsers();
+
+        //createGroups();
+    }
+
+    @After
+    public void tearDown()
+        throws Exception
+    {
+
+        InitialDirContext context = apacheDs.getAdminContext();
+        /*
+        for ( String uid : users )
+        {
+            context.unbind( createDn( uid ) );
+        }
+
+        for ( Map.Entry<String, List<String>> group : usersPerGroup.entrySet() )
+        {
+            context.unbind( createGroupDn( group.getKey() ) );
+        }
+        */
+        context.unbind( suffix );
+
+        apacheDs.stopServer();
+
+        super.tearDown();
+    }
+
+    private void createGroups()
+        throws Exception
+    {
+        InitialDirContext context = apacheDs.getAdminContext();
+
+        for ( Map.Entry<String, List<String>> group : usersPerGroup.entrySet() )
+        {
+            createGroup( context, group.getKey(), createGroupDn( group.getKey() ), group.getValue() );
+        }
+
+    }
+
+    private String createGroupDn( String cn )
+    {
+        return "cn=" + cn + "," + groupSuffix;
+    }
+
+
+    private String createDn( String cn )
+    {
+        return "cn=" + cn + "," + suffix;
+    }
+
+
+    private void createGroup( DirContext context, String groupName, String dn, List<String> users )
+        throws Exception
+    {
+
+        Attributes attributes = new BasicAttributes( true );
+        BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+        objectClass.add( "top" );
+        objectClass.add( "groupOfUniqueNames" );
+        attributes.put( objectClass );
+        attributes.put( "cn", groupName );
+        if ( !users.isEmpty() )
+        {
+            BasicAttribute basicAttribute = new BasicAttribute( "uniquemember" );
+            for ( String user : users )
+            {
+                basicAttribute.add( "uid=" + user + "," + suffix );// dc=archiva,dc=apache,dc=org" );
+            }
+
+            attributes.put( basicAttribute );
+        }
+
+        context.createSubcontext( dn, attributes );
+    }
+
+    private void makeUsers()
+        throws Exception
+    {
+
+        for ( String uid : users )
+        {
+            makeUser( uid );
+        }
+
+    }
+
+    private void makeUser( String uid )
+        throws Exception
+    {
+        InitialDirContext context = apacheDs.getAdminContext();
+
+        bindUserObject( context, uid, createDn( uid ) );
+        assertExist( context, createDn( uid ), "cn", uid );
+    }
+
+    private void bindUserObject( DirContext context, String cn, String dn )
+        throws Exception
+    {
+        Attributes attributes = new BasicAttributes( true );
+        BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+        objectClass.add( "top" );
+        objectClass.add( "inetOrgPerson" );
+        objectClass.add( "person" );
+        objectClass.add( "organizationalperson" );
+        attributes.put( objectClass );
+        attributes.put( "cn", cn );
+        attributes.put( "sn", "foo" );
+        attributes.put( "mail", cn + "@apache.org" );
+        attributes.put( "userPassword", passwordEncoder.encodePassword( "foo" ) );
+        attributes.put( "givenName", "foo" );
+        context.createSubcontext( dn, attributes );
+    }
+
+    private void assertExist( DirContext context, String dn, String attribute, String value )
+        throws NamingException
+    {
+        SearchControls ctls = new SearchControls();
+
+        ctls.setDerefLinkFlag( true );
+        ctls.setSearchScope( SearchControls.ONELEVEL_SCOPE );
+        ctls.setReturningAttributes( new String[]{ "*" } );
+
+        BasicAttributes matchingAttributes = new BasicAttributes();
+        matchingAttributes.put( attribute, value );
+        BasicAttribute objectClass = new BasicAttribute( "objectClass" );
+        objectClass.add( "inetOrgPerson" );
+        matchingAttributes.put( objectClass );
+
+        NamingEnumeration<SearchResult> results = context.search( suffix, matchingAttributes );
+
+        assertTrue( results.hasMoreElements() );
+        SearchResult result = results.nextElement();
+        Attributes attrs = result.getAttributes();
+        Attribute testAttr = attrs.get( attribute );
+        assertEquals( value, testAttr.get() );
+
+    }
+
+
+    @Override
+    public void testStoreInitialization()
+        throws Exception
+    {
+        CacheManager.getInstance().clearAll();
+        //rbacManager.eraseDatabase();
+        super.testStoreInitialization();
+    }
+
+    /*
+     * event count workflow in cachedRbacMaanger is not working like JDO or Memory provider
+     * trigger doesnt exist here.
+     *  some test throws 1 event
+     *  some test throws 2 events
+     */
+    @Override
+    public void assertEventCount()
+    {
+        assertTrue( ( ( eventTracker.initCount > 0 ) && ( eventTracker.initCount <= 2 ) ) );
+    }
+}
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml
new file mode 100755
index 000000000..d6fa67857
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/resources/spring-context.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+           http://www.springframework.org/schema/context
+           http://www.springframework.org/schema/context/spring-context-3.0.xsd"
+       default-lazy-init="false">
+
+  <context:property-placeholder system-properties-mode="OVERRIDE"/>
+
+  <bean name="apacheDS#test" class="org.apache.archiva.redback.components.apacheds.DefaultApacheDs"
+        scope="prototype">
+    <property name="basedir" value="${basedir}/target/apacheds"/>
+    <property name="port" value="${ldapPort}"/>
+    <property name="enableNetworking" value="true"/>
+    <property name="password" value="secret"/>
+  </bean>
+
+  <bean name="ldapConnectionFactory#configurable"
+        class="org.apache.archiva.redback.common.ldap.connection.ConfigurableLdapConnectionFactory">
+    <property name="hostname" value="localhost"/>
+    <property name="port" value="${ldapPort}"/>
+    <!--property name="baseDn" value="dc=redback,dc=plexus,dc=codehaus,dc=org"/-->
+    <property name="baseDn" value="dc=archiva,dc=apache,dc=org"/>
+    <property name="contextFactory" value="com.sun.jndi.ldap.LdapCtxFactory"/>
+    <property name="password" value="secret"/>
+    <property name="bindDn" value="uid=admin,ou=system"/>
+    <property name="userConf" ref="userConfiguration#default"/>
+  </bean>
+
+
+  <bean name="ldapRoleMapper#test" class="org.apache.archiva.redback.common.ldap.role.DefaultLdapRoleMapper">
+    <property name="groupsDn" value="dc=archiva,dc=apache,dc=org"/>
+    <property name="ldapGroupClass" value="groupOfUniqueNames"/>
+    <property name="baseDn" value="ou=People,dc=archiva,dc=apache,dc=org"/>
+    <property name="ldapConnectionFactory" ref="ldapConnectionFactory#configurable"/>
+    <property name="userConf" ref="userConfiguration#default"/>
+  </bean>
+
+  <alias name="ldapRoleMapper#test" alias="ldapRoleMapper#default"/>
+
+  <bean name="jdoFactory#users" class="org.apache.archiva.redback.components.jdo.DefaultConfigurableJdoFactory">
+    <property name="driverName" value="org.hsqldb.jdbcDriver"/>
+    <property name="url" value="jdbc:hsqldb:mem:redback-users-tests" />
+    <property name="userName" value="sa"/>
+    <property name="password" value=""/>
+    <property name="persistenceManagerFactoryClass" value="org.jpox.PersistenceManagerFactoryImpl"/>
+    <property name="otherProperties">
+      <props>
+        <prop key="org.jpox.rdbms.dateTimezone">JDK_DEFAULT_TIMEZONE</prop>
+        <prop key="org.jpox.autoCreateTables">true</prop>
+      </props>
+    </property>
+  </bean>
+
+  <bean name="userConfiguration#default" class="org.apache.archiva.redback.configuration.DefaultUserConfiguration">
+    <property name="registry" ref="test-conf"/>
+  </bean>
+
+  <bean name="commons-configuration" class="org.apache.archiva.redback.components.registry.commons.CommonsConfigurationRegistry"
+        init-method="initialize">
+    <property name="properties">
+      <value>
+        <![CDATA[
+        <configuration>
+          <system/>
+          <properties fileName="${basedir}/src/test/security.properties" config-optional="true"
+                      config-at="org.apache.archiva.redback"/>
+        </configuration>
+        ]]>
+      </value>
+    </property>
+  </bean>
+
+  <alias name="commons-configuration" alias="test-conf"/>
+
+  <bean name= "rbacManager#cached" class="org.apache.archiva.redback.rbac.cached.CachedRbacManager">
+    <property name="rbacImpl" ref="rbacManager#memory"/>
+    <property name="effectiveRoleSetCache" ref="cache#effectiveRoleSet"/>
+    <property name="operationsCache" ref="cache#operations"/>
+    <property name="permissionsCache" ref="cache#permissions"/>
+    <property name="resourcesCache" ref="cache#resources"/>
+    <property name="rolesCache" ref="cache#roles"/>
+    <property name="userAssignmentsCache" ref="cache#userAssignments"/>
+    <property name="userPermissionsCache" ref="cache#userPermissions"/>
+  </bean>
+
+  <bean name="cache#userAssignments" class="org.apache.archiva.redback.components.cache.ehcache.EhcacheCache"
+      init-method="initialize">
+    <property name="diskPersistent" value="false"/>
+    <property name="eternal" value="false"/>
+    <property name="maxElementsInMemory" value="1000"/>
+    <property name="memoryEvictionPolicy" value="LRU"/>
+    <property name="name" value="userAssignments"/>
+    <property name="timeToIdleSeconds" value="300"/>
+    <property name="timeToLiveSeconds" value="600"/>
+  </bean>
+
+  <bean name="cache#userPermissions" class="org.apache.archiva.redback.components.cache.ehcache.EhcacheCache"
+      init-method="initialize">
+    <property name="diskPersistent" value="false"/>
+    <property name="eternal" value="false"/>
+    <property name="maxElementsInMemory" value="1000"/>
+    <property name="memoryEvictionPolicy" value="LRU"/>
+    <property name="name" value="userPermissions"/>
+    <property name="timeToIdleSeconds" value="300"/>
+    <property name="timeToLiveSeconds" value="600"/>
+  </bean>
+
+
+</beans>
\ No newline at end of file
diff --git a/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/security.properties b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/security.properties
new file mode 100644
index 000000000..33bd4323f
--- /dev/null
+++ b/redback-rbac/redback-rbac-providers/redback-rbac-ldap/src/test/security.properties
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+ldap.config.groups.role.theADMIN=ADMIN
+ldap.config.groups.role.thePROJECT_ADMIN=PROJECT_ADMIN
+ldap.config.groups.role.theDEVELOPER=DEVELOPER
\ No newline at end of file
diff --git a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java
index e70d64f66..74f6b771f 100644
--- a/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java
+++ b/redback-rbac/redback-rbac-tests/src/main/java/org/apache/archiva/redback/tests/AbstractRbacManagerTestCase.java
@@ -47,7 +47,6 @@ import org.springframework.test.annotation.DirtiesContext;
  */
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" })
-@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_EACH_TEST_METHOD)
 public abstract class AbstractRbacManagerTestCase
     extends TestCase
 {
-- 
2.39.5