Hello i'm worried about to solve this and i'd appreciate any help from you. I authenticate my web services agains a Redhat Fedora LDAP server, and i use authorization using my Database defined roles. So for authenticate i use org.jboss.security.auth.spi.LdapLoginModule and for authorization i use org.jboss.security.auth.spi.DatabaseServerLoginModule, i can to combine both login modules thanks to password-stacking attribute. This is a fragment of my login-config.xml:
<application-policy name="SecurityGdm">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://my.ldap.def:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">
,ou=mydomain.com,ou=People,dc=mydomain,dc=com
</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name="dsJndiName"> java:/sincronizacionDS </module-option>
<module-option name="rolesQuery"> SELECT FLDID_ROLSW, 'Roles' FROM crm.tbrrolesusuariossw WHERE FLDID_USUARIOSW = ?</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
</authentication>
</application-policy>
this configuration works if, for example, my credentials are: user = Mary, password = *******, BUT MY WEBMASTER NEED, INSTEAD OF LOOKING FOR AN UID= AND PASSWORD INSIDE MYDOMAIN, AUTHENTICATE USING AN EMAIL= AND PASSWORD.
THANKS IN ADVANCE