Did you make entries in the login-config.xml for congfiguring your 'testdomain'. Also see if this wiki page helps:
Thanks for your replie! Now I got the authorization working, by modifying the login-conf.xml domain params.
But I am only getting the role names and not the DNs. That's essential, because the LDAP dir is quite hughe and most of the groups are containing user, poweruser and admin by default.
But if it only resolves the role names it means, that a user just have to be in any group called user - no matter if its cn=user,ou=app1 or cn=user,ou=app2.
Any chance to make this work?
I am not good at this, but the link that i mentioned in my earlier posts mentions that you can specify additional modules properties which includes the rolesCtxDN (i guess, that's what you are looking for). Here's an extract from the same:
rolesCtxDN : The fixed distinguished name to the context to search for user roles. Consider that this is not the Distinguished Name of where the actual roles are; rather, this is the DN of where the objects containing the user roles are (e.g. for active directory, this is the DN where the user account is)
Thanks for your help. I wrote my own LoginModule which extends the LdapExtLoginModule of Jboss to manage to correctly get the full DN of the group.