I finally got authentication/authorization against my LDAP server to work. Well, sort of. I can see in JBoss' logfile that my testuser is successfully authenticated and given the appropriate role. But then JBoss tries to authenticate my testuser against the fallback application-policy "other" although I set my customer LDAP application policy's "flag" attribute to "sufficient". Needless to say that this authentication fails and my user cannot login.
So what do I have to do to tell JBoss that it must not attempt to authenticate users against "other" if authentication against the LDAP server already succeeded?