It appears that the relevant portion of code from org.jboss.security.auth.spi.LdapLoginModule that I'm having problems with is this:
BasicAttributes matchAttrs = new BasicAttributes(true); if( matchOnUserDN == true ) matchAttrs.put(uidAttrName, userDN); else matchAttrs.put(uidAttrName, username); String[] roleAttr = {roleAttrName}; and then: NamingEnumeration answer = ctx.search(rolesCtxDN, matchAttrs, roleAttr); In my testing, when I try and do a context.search() using a BasicAttributes object as a parameter, I get no return. If, however, I use a String filter and use SearchControls, I get back the data I need for my security roles. Not sure why the BasicAttributes thing isn't working right with Domino. I may need to roll my own LdapLoginModule to make this work for me in Domino. I actually like the Tomcat-style LDAPRealm where you specify, in MessageFormat format, a filter string and use either the DN or the username (which is an email address, in our case). I also don't like the assumption that my users are stored in a way that would make the whole prefix + username + suffix thing work. We have users that are in different ou's so I can't construct a DN from only the information given to me in a login form (or box). Luckily, Domino is forgiving enough that I can bind with a couple different kinds of usernames WITHOUT specifying what attribute I'm matching with. If I was to use anything else, I'd probably have to rewrite that portion of this login module as well. ===== Thanks! Jon Brisbin [EMAIL PROTECTED] 417.682.6157 (h/w) 417.825.3995 (c) __________________________________________________ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user