Thanks Scott for the reply. I finally figured out that it was my issue in not properly understanding the meaning of all the options that I had to specify. I pulled down the LdapLoginModule.java source, added a few more trace lines to see what was going on and found out I didn't need to have the roleAttributeIsDN option. Once I took this out it worked perfectly.
For anyone else who is interested. I have this working using Novell's eDirectory 8.7.1 with ldap. The users are specified in a User object and then assigned to Role objects that exist in a different OU. All of my users are in one OU. I have not tried it yet with different OUs, although I believe it will work. There are a two attributes on the role object that I had to grant Read/Compare permissions to [PUBLIC] to allow the ldap search to see them. These were the cn and the roleOccupant. I also had to add the roleOccupant to the Ldap Attributes list in the LDAP GROUP object for the server. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3828587#3828587 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3828587 ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
