Hi all, Good news! Finally, with trial and error to set different parameter, I can use LdapLoginModule to work fine now.
Now I try to figure out the alternate setting for Ldap login. share with our ok config: -------------------------------------------------------------------------------------- <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial"> com.sun.jndi.ldap.LdapCtxFactory </module-option> <module-option name="java.naming.provider.url"> ldap://ldap.ust.hk/ </module-option> <module-option name="java.naming.security.authentication"> simple </module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=people,o=my.com</module-option> <module-option name="rolesCtxDN">ou=people,o=my.com</module-option> <module-option name="uidAttributeID">uid</module-option> <module-option name="matchOnUserDN">false</module-option> <module-option name="roleAttributeID">userClass</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="searchTimeLimit">50000</module-option> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> </login-module> View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4243696#4243696 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4243696 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user