Book: Login Module Reference Revision: n_1575841_login-module-reference_version_6.4_edition_1.0_release_0-revision_6701191 Section: LOGIN MODULES WITH EXTERNAL IDENTITY STORE Issue description: The authentication step 2 contains needless technical details in section about LdapExtended login module: "The resulting user DN is authenticated by binding to the LDAP server using the user DN as the InitialLdapContext environment Context.SECURITY_PRINCIPAL. The Context.SECURITY_CREDENTIALS property is set to the String password obtained by the callback handler." The LDAP bind mechanism behind the step 2 is the same as for the step 1, only the usename and password come from different source. This should be rewritten to simpler readable form. Just mention that authentication happens via resulting user DN and String password obtained by the callback handler. Suggestions for improvement: Replace the step 2. with something like: "The resulting user DN is authenticated by binding to the LDAP server using the user DN as a principal name and the password obtainded by the callback handler as the principal's credentials."
Verified in revision "n_1601531_login-module-reference_version_6.4_edition_1.0_release_0-revision_6805721" of https://access.stage.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-6.4/login-module-reference