I'm still on this. Both authentication and authorisation work fine now, with one small exception. Searching with a filter of "member=cn=LastName\, FirstName, ou=People, ..." does not work if there is a comma between LastName and FirstName. It works for filters without such a comma. I tried escaping the comma with a backslash, not escaping it, and I also tried with two different standalone ldap search programs. Everywhere the same, my users with commas are not found. For portal authorisation, this means that if a user has said comma, it is not recognised as being part of any role. I don't know if this is an AD-only problem or whether I am just doing something wrong here. I'm not sure what to do about it, I am still researching the matter. I'll do a wiki page once everything works. Thanks, Tobias View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064844#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...