I managed to authenticate users with our Active Directory in glassfish by configuring the LDAPRealm like this:
Directory = ldap://ldap.server.org:389
base DN = dc=ldap,dc=server,dc=org
search-filter=(&(objectClass=user)(sAMAccountName=%s))
group-search-filter=(&(objectClass=group)(member=%d))
It is necessary to authenticate to the LDAP directory to view and search objects:
search-bind-dn=cn=user name,ou=users,dc=ldap,dc=server,dc=org
search-bind-password=your password
The user is authenticated successfully and the groups it belongs to are retrieved correctly, but I still get a stack trace when the LDAPRealm performs a "dynamic group search":
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0905A4, comment: Error processing filter...
I couldn't find a way to disable this second group search, which doesn't seem to be necessary in this case...
[Message sent by forum member 'johnnymac' (johnnymac)]
http://forums.java.net/jive/thread.jspa?messageID=223974