I already did a test, if the caller is found at the DN configured by rolesCtxDN the authentication/authorization is done correctly based on user/roles. If the user is not found (under the role specified in deployment descriptor) the authentication/authorization is not done. If the user exists at ldap, but under not the right group, the authorization fails.
If a Directory Manager (or similar) is specified at login-config.xml, then use it to BIND to LDAP. If Directory Manager is not specified, then use the caller to BIND to LDAP. I think this is reasonable, and keeps compatibility for previous versions. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3854706#3854706 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3854706 ------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
