I found following option in standalone.xml of our jboss 7 installation:
<module-option name="baseFilter" value="(&(objectClass=User)(sAMAccountName={0}))"/>
The & instead & looks odd to me, but the login process of our service seems to work so far. Do you use & or & in your configurations? Is it a general "masking" that is necessary for special characters that could be shell expanded or so?
Thanks for any thoughts on this.
Chris
It's standard character escaping in XML. The ampersand character in XML files is used as prefix for XML character entities.
If you use JBoss CLI then use the ampersands without escaping.
/subsystem=security/security-domain=testLdapExample3/authentication=classic/login-module=LdapExtended:add( \
code=LdapExtended, \
flag=required, \
module-options=[ \
("java.naming.factory.initial"=>"com.sun.jndi.ldap.LdapCtxFactory"), \
("java.naming.provider.url"=>"ldap://ldaphost.jboss.org"), \
("java.naming.security.authentication"=>"simple"), \
("bindDN"=>"cn=Root,dc=jboss,dc=org"), \
("bindCredential"=>"secret1"), \
("baseCtxDN"=>"ou=People,o=example3,dc=jboss,dc=org"), \
("baseFilter"=>"(&(objectClass=User)(sAMAccountName={0}))"), \
("rolesCtxDN"=>"ou=Roles,o=example3,dc=jboss,dc=org"), \
("roleFilter"=>"(member={1})"), \
("roleAttributeID"=>"cn") \
])
