Hi everybody,
thas my big problem:
The users are saved in the ActiveDirectory on a central server. I can login with JBoss with the login-config.xml:
<application-policy name="xxx"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="dsJndiName">java:/DefaultDS</module-option> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://192.168.1.10:389/DC=bsp,DC=local??base?(objectClass=*)</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">CN=</module-option> <module-option name="principalDNSuffix">,CN=Users,DC=bsp,DC=local</module-option> <!--<module-option name="rolesCtxDN">CN=Users,DC=bsp,DC=local</module-option>--> <module-option name="uidAttributeID">sAMAccountName</module-option> <module-option name="matchOnUserDN">false</module-option> <!--<module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">true</module-option>--> </login-module> </authentication> </application-policy>
Add the database LM as the second LM and add a module option "usefirstpass" = true. Check the documentation for the exact module option.