hi, we solved the configuration problems with the following configuration (inside the login-config.xml <!-- LDAP login configuration for Domino --> | <application-policy name="imixsIX"> | <authentication> | <login-module code="org.jboss.security.auth.spi.LdapLoginModule" | flag="required"> | <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> | <module-option name="java.naming.provider.url">ldap://myhostmuc:389/</module-option> | <module-option name="java.naming.security.authentication">simple</module-option> | <module-option name="principalDNPrefix">cn=</module-option> | <!-- for principalDNSuffix no entry is needed for domino (e.g. o=MYDOMIAN) --> | <module-option name="principalDNSuffix"></module-option> | <module-option name="rolesCtxDN"></module-option> | <module-option name="uidAttributeID">member</module-option> | <module-option name="matchOnUserDN">true</module-option> | <module-option name="roleAttributeID">cn</module-option> | <module-option name="roleAttributeIsDN">false</module-option> | <module-option name="searchTimeLimit">5000</module-option> | <!-- searchScope ONELEVEL_SCOPE is neccesary for Domino --> | <module-option name="searchScope">ONELEVEL_SCOPE</module-option> | | </login-module> | </authentication> | </application-policy> | If your user will see no roles this will be an isue of the names.nsf acl. If "normal" users are not allowed to read in the name.nsf (this is typical for Domino installations) you need additional params to make the lookups with an admin account: <!-- Principal und Credentials for ldap lookups --> | <module-option name="java.naming.security.principal">cn=admin,o=MYORG</module-option> | <module-option name="java.naming.security.credentials">password</module-option> I hope this will be helpfull Ralph View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971001#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...