I wish to report (what I think it is) a bug.
in LdapAuthorizationPolicy, the "ldap.authorizeField" is ignored. In fact it is got from LDAP but not used to gather the logins that may authorized a selected username.
I attach a patch to fix the problem.
P.S.: This is the second time I see a JIRA that's not open to public reports (the other time was with ANTLR, and they were not very friendly). This is pretty annoying. At Apache, JBoss and others reports are open for everyone.