Ok, after a lot of hours debugging and browsing the net I found this page:
https://spaces.internet2.edu/display/SHIB2/IdPADConfigIssues Turns out that Microsoft's Active Directory needs special treatment, so I configured the loginModule as follows and now I can bind the user to LDAP: <LoginModule class="com.sun.security.auth.module.LdapLoginModule"> </LoginModule> The 3268 port was the key issue! Hopefully this will help anyone else. -- View this message in context: http://jackrabbit.510166.n4.nabble.com/Ldap-permissions-tp3178789p3244700.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
