Forgot to mention, I am using jboss-3.0.8_tomcat-4.1.24.
Enclose the configurations in code blocks to keep them from being lost. See the LdapLoginModule configuration in the free online docs for the supported schema. The roles query is not very flexible so it probably will not work for you in its current implementation.
Yes, would have posted in code format, but didn't know how to :(. As for ldap schema, the workaround I have is that my ldap server (i.e. Lotus Domino) supports user aliases, hence I'm ensuring all users not only have the basic alias, but also a common one:
Basic Alias: Conor Blogs/AD/Company Name
User Alias: Conor Blogs/Users/Company Name
In this way, I can use jboss jaas without having to program the security, it's all declarative j2ee web security.