So for example: | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > | <module-option name="java.naming.provider.url">ldap://[server]:389</module-option> | <module-option name="java.naming.security.authentication">simple</module-option> | <module-option name="bindDN">cn=[searchuser],O=NISD</module-option> | <module-option name="bindCredential">[password]</module-option> | <module-option name="baseCtxDN">O=NISD</module-option> | <module-option name="baseFilter">(cn={0})</module-option> | <module-option name="allowEmptyPasswords">false</module-option> | </login-module> Where [searchuser] is a user that can search the tree, and [password] is the password for that user. Do I have to specify something extra to make it do a subtree search or does it automatically do that? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4205962#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...