hi, I was using JNDIRealm without specifying connectionname, and connection password. As I understood the implementation it is impossible in this case to query the roles, as only in bindAsUser there is an attempt to search the LDAP with the userid/credentials. Searching roles is always done using connectioname/connecionpassword. I fixed this by reusing code-snippets from bindAsUsers, and it worked well. regards
This is a duplicate of bug 19444. Both bugs point out that the user credentials used during the bind operation are not reused when searching for roles. *** This bug has been marked as a duplicate of bug 19444 ***