Hi, I try to use LDAP authentication with Karaf 2.1.6 but the it fails with roles based verification.
10:49:50,518 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Create the LDAP initial context. 10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Bound access requested. 10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get the user DN. 10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Initialize the JNDI LDAP Dir Context. 10:49:50,771 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Define the subtree scope search control. 10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Looking for the user in LDAP with 10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | base DN: ou=users,ou=system 10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | filter: (uid=jdoe) 10:49:50,789 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get the user DN. 10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Bind user (authentication). 10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Set the security principal for uid=jdoe,ou=users,ou=system 10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Binding the user. 10:49:50,808 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | User jdoe successfully bound. 10:49:50,810 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get user roles. 10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Looking for the user roles in LDAP with 10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | base DN: ou=roles,ou=system 10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule | 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | filter: (member:=uid=jdoe) Is the following syntax correct ? <?xml version="1.0" encoding="UTF-8"?> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0" xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connection.username=uid=admin,ou=system connection.password=secret connection.protocol= connection.url = ldap://localhost:10389 user.base.dn = ou=users,ou=system user.filter = (uid=%u) user.search.subtree = true role.base.dn = ou=roles,ou=system role.filter = (member:=uid=%u) role.name.attribute = cn role.search.subtree = true authentication = simple </jaas:module> </jaas:config> </blueprint> ApacheDS ========= version: 1 dn: ou=system objectClass: organizationalUnit objectClass: extensibleObject objectClass: top ou: system dn: uid=admin,ou=system objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: tlsKeyInfo objectClass: top cn: system administrator keyAlgorithm: RSA privateKey:: xxxxxxx privateKeyFormat: PKCS#8 publicKey:: xxxxx publicKeyFormat: X.509 sn: administrator displayName: Directory Superuser uid: admin userCertificate:: xxxxxx userPassword:: c2VjcmV0 dn: ou=users,ou=system objectClass: organizationalUnit objectClass: top ou: users dn: ou=roles,ou=system objectClass: organizationalUnit objectClass: top ou: roles dn: cn=admin,ou=roles,ou=system objectClass: groupOfNames objectClass: top cn: admin member: uid=jdoe dn: uid=jdoe,ou=users,ou=system objectClass: organizationalPerson objectClass: person objectClass: inetOrgPerson objectClass: top cn: John Doe sn: Doe uid: jdoe userPassword:: c2VjcmV0 Charles Moulliard Apache Committer Blog : http://cmoulliard.blogspot.com Twitter : http://twitter.com/cmoulliard Linkedin : http://www.linkedin.com/in/charlesmoulliard Skype: cmoulliard