thanks for the reply :) my login-config.xml looks like this (excluding the standard policies that were there when I set up the server) anonymous wrote : | <application-policy name="authPolicy"> | | <login-module code="com.caern.authentication.SecurityLoginModule" flag="required"> | <module-option name="userRolesDbSql"> | SELECT name FROM caern_role, caern_user WHERE caern_user.id=? | </module-option> | <module-option name="userRolesDataSource">java:/CaernDS</module-option> | </login-module> | | </application-policy> | I dont use the sufficient flag anywhere so I guess it is not the point :( com.caern.authentication.SecurityLoginModule is a decompiled version of LdapLoginModule with some enhanements that were nescessary. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4134749#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...