I use jboss-3.2.2 and LdapLoginModule
login-config.xml
...
<application-policy name = "my_ldap">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag= "required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://my_ldap:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=mycompany,dc=com</module-option>
<module-option name="uidAttributeID">memberUid</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleNameAttributeId">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="matchOnUserDN">false</module-option>
<module-option name = "rolesCtxDN">ou=Group, dc=mycompany, dc=com</module-option>
<module-option name = "unauthenticatedIdentity">nobody</module-option>
</login-module>
</application-policy>
...
And my ldap server receive next request:
...
op=62 SRCH base="ou=People, dc=mycompany,dc=com" scope=1 filter="(uid=dm)" attrs="objectClass"
...
But i need next request:
...
op=62 SRCH base="ou=People, dc=mycompany,dc=com" scope=2 filter="(uid=dm)" attrs="objectClass"
...