Thanks Peter. We may get the wrong direction for LDAP authentication. First, I think our LDAP server is a flat ldap structure and thus I only use "LdapLoginModule" to test. In your config, you use "LdapExtLoginModule".
I still try to use different parameter for "role checking" config in "LdapLoginModule". Still ok for authentication but fail on authorization. By the way, Peter, can we write a custom login module? As I search this topic, only find this article "http://www.jboss.org/community/wiki/CreatingACustomLoginModule" but this is not a full custom login module, just extend the existing one. Is any document to teach us to write a login module? Thanks for any help. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4243626#4243626 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4243626 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user