Hi, I just add a new Identity Provider to the trunk, which allow you to define what entry attribute should be used to verify the activation. You can download it here Its an extension of the LDAPIdentityProvider that should be configured like this | <provider id="si:jboss-sso:ldapactivation:login" class="org.jboss.security.idm.ldap.ActivationLDAPIdentityProvider"> | | <property name="connectionURL"> | jdbc:ldap://localhost:1389/dc=foo,dc=bar?SEARCH_SCOPE:=subTreeScope&secure:=false&concat_atts:=true&size_limit:=10000000 | </property> | | <property name="username">cn=admin</property> | | <property name="password">password</property> | | <property name="identityOu">People</property> | | <property name="roleOu">roles</property> | | <property name="activation">carLicense</property> | | </provider> You can set any of the valid attributes of an InetOrgPerson schema at the activation property , which would be used to validate the activation. If none are set it would set the Identoty as active View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141940#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...