Hello,
I have copied and used this code and had a small problem with it. If you don't specify the roleCtxDn and roleFilter parameters it throws an error. As I have a seperate database table for roles and only wanted to use LDAP for Authentication this was a problem for me. I just skipped the role checking when the parameters where null but you could make it an explicit option.

// Query for roles matching the role filter
if ((rolesCtxDN != null) && (roleFilter != null)) {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setReturningAttributes(new String[0]);
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);
}
Also all the options are added to the sign-on environment even when they are not used which seems a bit dangerous to me. (It works with or without them!)

private InitialLdapContext constructInitialLdapContext(String dn,
Object credential) throws NamingException {
Properties env = new Properties();

Iterator iter = options.entrySet().iterator();
while (iter.hasNext()) {
Entry entry = (Entry) iter.next();
env.put(entry.getKey(), entry.getValue());
}