On page 266 it has a sample diagram showing the ldap tree config with the following entry under cn=JbossSX Tests, ou=Roles, o=jboss.org as:
cn = JbossSX Tests
userid=jduke
roleName=TheDuke
roleName=AnimatedCharacter
Now the roleName attribute is mapped as roleAttributeID under the sample login configuration entry..
testLdap {
org.jboss.security.auth.spi.LdapLoginModule required
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
java.naming.provider.url="ldap://ldaphost.jboss.org:1389/"
java.naming.security.authentication=simple
principalDNPrefix=uid=
uidAttributeID=userid
roleAttributeID=roleName
principalDNSuffix=,ou=People,o=jboss.org
rolesCtxDN=cn=JBossSX Tests,ou=Roles,o=jboss.org
};
This looks completely out of whack. I mean you have multiple roles instead of multiple members per role.. doesnt make any sense at all.