The first test will be how different this is from the existing org.jboss.security.auth.spi.LdapExtLoginModule.
I did not seen the org.jboss.security.auth.spi.LdapExtLoginModule before - so I did a lot of work twice ;-)
but ok. I updated my code a little bit so it uses now the smarter search filter param like used in the org.jboss.security.auth.spi.LdapExtLoginModule.
I think the main different is now the method searchDistinguishedName() and the fact that the distinguished name found will replace the CallerPrincipal.
Also the Distinguished name is translated into a composite name.
So for example: users login with "x007" -> DN of the UserObeject is "James Bond,OU=Secret Service" -> Composite name is "James Bond/OU=Secret Service".
Maybe this is an insignificant detail but in our workflow project (www.imixs.org) we are constrained to work with composite names.
I tried now also the org.jboss.security.auth.spi.LdapExtLoginModule to configure my Lotus Domino Server - but have no success.
I think it is not a recommendable way to overload the org.jboss.security.auth.spi.LdapExtLoginModule or org.jboss.security.auth.spi.LdapLoginModule with more params so things like the replacement of the caller pricipal or the translation into a composite DN will be configurable. This modules did work ok. Maybe JBoss will offer more specialized LDAP Login Modules for different servers like my one for Lotus Domino?
Post the ldif of the domino server that is relevant for the authentication and roles queries.
Where is the composite name used?