THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
To use this method the roleName and roleSearchMatching options must be set. The LDAPLoginModule will perform an LDAP search using the roleSearchMatching filter to search for the authenticating user's distinguished name within each group entries' roleName attribute. To skip this method the roleName option MUST be left unset. If the roleSearchMatching roleName option is left unset set and the roleName roleSearchMatching option is set left unset then the LDAPLoginModule will attempt to perform the search and throw an exception.
...