the admin interface works for authentication.... and fails for group lookup. The tests are 1:1 mappings I saw e.g this scenario is not covered: LDAP 1 on port 389: - ou=RemoteLdap,dc=example,dc=com being a referral to ldap://server:391/dc=example,dc=com LDAP 2 on port 391: - uid=tomds3,ou=users,dc=example,dc=com being a member of cn=JBossAdmin,ou=groups,dc=example,dc=com (group located on LDAP 2) In the authorization step, the group search is done on LDAP-1 where "uid=tomds3,ou=users,dc=example,dc=com" would be a member => 0 found. hence re-opening
See my comment here: https://bugzilla.redhat.com/show_bug.cgi?id=1066470#c18 Changing status back to MODIFIED.
Verified in 6.2.4.CP.CR1