The org.jboss.security.auth.spi.LdapLoginModule class is throwing a NullPointerException that is causing authentication to fail in cases where, in my mind, it should be succeeding.
The NPE is thrown when a record is encountered that does not have the attribute listed in roleAttributeID. There are two issues here:
1. The error that shows up in the log is a BadPassword error. This is misleading, if anything it should be a configuration error.
2. The roles are for authorization not authentication. When this exception gets thrown, authentication is failing.
It seems reasonable for an LDAP attribute to be useful in identifying roles even if it isn't defined for every record. You can get around this problem with a more complex realm definition in login-config.xml, but shouldn't have to...thanks...