You have only showed the authentication step. You also have to be authorized to access the content.
Thanks Scott for the reply. I finally figured out that it was my issue in not properly understanding the meaning of all the options that I had to specify. I pulled down the LdapLoginModule.java source, added a few more trace lines to see what was going on and found out I didn't need to have the roleAttributeIsDN option. Once I took this out it worked perfectly.
For anyone else who is interested. I have this working using Novell's eDirectory 8.7.1 with ldap. The users are specified in a User object and then assigned to Role objects that exist in a different OU. All of my users are in one OU. I have not tried it yet with different OUs, although I believe it will work. There are a two attributes on the role object that I had to grant Read/Compare permissions to [PUBLIC] to allow the ldap search to see them. These were the cn and the roleOccupant. I also had to add the roleOccupant to the Ldap Attributes list in the LDAP GROUP object for the server.