I'm playing with this. So with such ldif:
| | dn: dc=example,dc=com | objectclass: top | objectclass: dcObject | objectclass: organization | dc: example | o: example | | dn: dc=portal,dc=example,dc=com | objectclass: top | objectclass: dcObject | objectclass: organization | o: portal | dc: portal | | dn: o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: organization | o: test | | dn: ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: organizationalUnit | ou: People | | dn: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: admin | cn: Java Duke | sn: Duke | userPassword: admin | mail: [EMAIL PROTECTED] | | dn: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: user | cn: user | sn: Portal User | userPassword: user | mail: [EMAIL PROTECTED] | | dn: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: jduke, Duke | cn: Java Duke | sn: Duke | userPassword: theduke | mail: [EMAIL PROTECTED] | | dn: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: jduke1, Duke | cn: Java Duke1 | sn: Duke1 | userPassword: theduke | mail: [EMAIL PROTECTED] | | | dn: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: jduke2, Duke | cn: Java Duke2 | sn: Duke2 | userPassword: theduke | mail: [EMAIL PROTECTED] | | dn: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: jduke3, Duke | cn: Java Duke3 | sn: Duke3 | userPassword: theduke | mail: [EMAIL PROTECTED] | | dn: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: inetOrgPerson | objectclass: person | uid: jduke4, Duke | cn: Java Duke4 | sn: Duke4 | userPassword: theduke | mail: [EMAIL PROTECTED] | | dn: ou=Roles,o=test,dc=portal,dc=example,dc=com | objectclass: top | objectclass: organizationalUnit | ou: Roles | | dn: cn=Admin,ou=Roles,o=test,dc=portal,dc=example,dc=com | objectClass: top | objectClass: groupOfNames | cn: Admin | description: Portal admin role | member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | | dn: cn=User,ou=Roles,o=test,dc=portal,dc=example,dc=com | objectClass: top | objectClass: groupOfNames | cn: User | description: Portal user role | member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | | dn: cn=The\, Dukes,ou=Roles,o=test,dc=portal,dc=example,dc=com | objectClass: top | objectClass: groupOfNames | cn: The, Dukes | description: Portal user role | member: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=user,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke1\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke2\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke3\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com | member: uid=jduke4\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com Role resolution works ok. For the search filters I succeeded with such configuration: | <option> | <name>roleSearchFilter</name> | <value><![CDATA[(&(cn={0})(member=uid=jduke\\\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com))]]></value> | </option> | I think that code changes are not needed here. Actually with command line I also need to use 3 backslashes like here: | ldapsearch -x -h localhost -p 10389 -D"cn=Directory Manager" -w password -s sub -b "dc=example,dc=com" "(&(cn=*)(member=uid=jduke\\\, Duke,ou=People,o=test,dc=portal,dc=example,dc=com))" | otherwise with '\\,' or '\' you have 'Bad search filter (-7)' error. And I don't think its related to the shell as whole phrase is quoted with "". So its just the way you need to escape it. Anyway I found out that for UserModule.createUser() method userName need to be parsed against RFC2253 (http://ietf.org/rfc/rfc2253.txt), so this need to be corrected. Could you check if it works for you in MSAD if you just use "member=cn=LastName\\\, FirstName, ou=People, ..." filter? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4066939#4066939 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4066939 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user