The only way I was able to think of getting it to work is to implement my own version of ActiveDirectoryRealm (just two interfaces) the first interface I now create a createSystemLdapContext first to locate the distinguishedName using the sAMAccountName attribute than I use that as the username instead using the original code. So I make only 1 query, but I have to create an LDAPContext twice. I than changed the second interface implementation to use sAMAccountName instead of userPrincipalName.
Not sure if this is the ideal implementation, but it does what I wanted. -- View this message in context: http://n2.nabble.com/ActiveDirectoryRealm-getRoleNamesForUser-tp4402069p4426834.html Sent from the Shiro User mailing list archive at Nabble.com.
