hi this is my configuration in login-config.xml file . it is working for me. May be this will be of some help to you. <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <!-- For the JCR CMS --> <application-policy name="cms"> <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/> </application-policy> <application-policy name="portal"> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="bindDN">cn=Directory Manager</module-option> <module-option name="bindCredential">password</module-option> <module-option name="baseCtxDN">ou=People,dc=example,dc=com</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option> <module-option name="roleFilter">(member={1})</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleRecursion">-1</module-option> <module-option name="searchTimeLimit">10000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="allowEmptyPasswords">false</module-option> </login-module> <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional"> <module-option name="synchronizeIdentity">true</module-option> <module-option name="synchronizeRoles">true</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="defaultAssignedRole">User</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option> </login-module> </application-policy> this will enable you authenticate against LDAP using the Jboss portal login. Code in my part is /** * * @return Map of Identity Modules */ public Map<String,Object> getLDAPModules() { Map<String,Object> modulesMap = new HashMap(); if (!checkConfig.equalsIgnoreCase("true")) { try { UserModule usermodule = (UserModule) new InitialContext().lookup("java:/portal/UserModule"); RoleModule roleModule =(RoleModule) new InitialContext().lookup("java:/portal/RoleModule"); UserProfileModule userProfileModule = (UserProfileModule) new InitialContext().lookup("java:/portal/UserProfileModule"); MembershipModule membershipModule = (MembershipModule) new InitialContext().lookup("java:/portal/MembershipModule"); modulesMap.put(User.USER_MODULE, usermodule); modulesMap.put(User.ROLE_MODULE, roleModule); modulesMap.put(User.USER_PROFILE_MODULE, userProfileModule); modulesMap.put(User.MEMBERSHIP_MODULE, membershipModule); return modulesMap; } catch (NamingException e) { e.printStackTrace(); } catch(Exception e){ e.printStackTrace(); } } return null; } // this will fetch you the Identity Modules and using this you can get the necessary details from LDAP using the methods available in each Modules. Good Luck...happy coding View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4153156#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...