[jboss-user] Certifcate based authentication and ldap

I have a working application on Jboss 4.2.1 using the ClientLoginModule and the LdapExtLoginModule. I am trying to replace the ClientLoginModule with the BaseCertLoginModule. My authentication seems to pass the ClientLoginModule and the LdapExtLoginModule. However, the problem I am having is that the LdapExtLoginModule does not appear to be adding any roles. In fact when examining the source code for the LsapExtLoginModule it appears that validatePassword method never gets called. This method seems to retrieve the roles. This is happening because I have password stacking on and the login method returns early. Has anyone done this type of thing before? I need Authentication to happen with the cert and Authorization to happen with the LDAP. Thanks Bill.