By the way, kudos to the creator of LdapExtLoginModule! I think it was Scott Stark?? Love the double-searching! Makes my life so much easier in a complex Active Directory environment.
Okay, on to my issue. Has anyone (other than me) used LdapExtLoginModule for Active Directory? I have everything working, but as usual, Microsoft does things their way, making it difficult to build a true LDAP-compliant application. For those that have successfully used it in an AD environment, have you gotten around the primary group issue? Microsoft leaves out the DN of the memberOf attribute for the groups that are set as the "Primary Group". For general users, this would be the "Domain Users" group. For others, maybe it's a "Domain Admins" group, or some other group. It has taken me days of troubleshooting to figure out why my users that are "Domain Users" were not showing up in my Roles search, until I ran an LDIF export, and found the issue. Here is what Microsoft has to say about it. Their reason for it was because there is a limitation of 5000 users in a group. But not sure how to get around it, without doing some hacking in the LdapExtLoginModule code. http://support.microsoft.com/kb/275523/en-us Anyone come across this issue? If so, how did you get around it? Thanks!! --Aaron View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3913909#3913909 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3913909 ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ JBoss-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jboss-user
