I tweaked a setting and now get: | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl] findRoles(): role = cn=admin,ou=APPS,ou=PEOPLE,o=IDV | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] findRoleByDN(): DN = cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv | 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV | 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV | | | But still no "Admin" link when admin logs in. | | I still get "Your account is disabled" when ACM3 tries to log in. Log shows: | | | | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = acm3 | | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0}) | | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: acm3 | | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv | | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV | | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV | | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] getProperty: portal.user.enabled | | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] Delegating to DB module | | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.db.HibernateUserProfileModuleImpl] Processing non HibernateUserImpl object: class org.jboss.portal.identity.ldap.LDAPUserImpl | | | | So I guess the next questions are: | | 1) Can the "role" membership records that the portal uses in authorization be moved to LDAP group Objects? | | 2) If I descend my own versions the org.jboss.portal.identity.RoleModule interface, where do my .class files have to be for JBoss to see them during boot and where do i reference them in the configuration files? ldap_identity-config.xml perhaps? | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047948#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...