Is it me or is it a bug? I tried to login with a username that exist in LDAP but with BLANK password. The login was successful. login-config.xml Configuration as below <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="java.naming.provider.url">ldap://127.0.0.1:389</module-option> <module-option name="bindDN">cn=Directory Manager</module-option> <module-option name="bindCredential">password</module-option> <module-option name="baseCtxDN">ou=People,o=domain.com</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Groups,o=domain.com</module-option> <module-option name="roleFilter">(uniqueMember={1})</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="roleRecursion">2</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> </login-module> View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126004#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...