Index: lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java,v
diff -u -r1.11 -r1.12
--- lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java	4 Oct 2007 01:06:34 -0000	1.11
+++ lams_central/src/java/org/lamsfoundation/lams/security/LDAPAuthenticator.java	2 Nov 2007 01:22:46 -0000	1.12
@@ -109,8 +109,7 @@
 			System.setProperty("javax.net.ssl.trustStorePassword", Configuration.get(ConfigurationKeys.LDAP_TRUSTSTORE_PASSWORD));
 		}
 
-		log.debug("===> LDAP authenticator: " + env);
-
+		boolean isValid = false;
 		InitialLdapContext ctx = null;
 		
 		for (String principalDNSuffix : principalDNSuffixes) {
@@ -122,6 +121,7 @@
 			try {
 				ctx = new InitialLdapContext(env, null);
 				log.debug("===> LDAP context created using DN: "+userDN);
+				isValid = true;
 				Attributes attrs = ctx.getAttributes(userDN);
 				setAttrs(attrs);
 				
@@ -157,7 +157,7 @@
 						+ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION+" parameter: "
 						+Configuration.get(ConfigurationKeys.LDAP_SECURITY_AUTHENTICATION));
 			} catch (AuthenticationException e) {
-				log.info("===> Incorrect username ("+userDN+") or password ("+credential+"): "+e.getMessage());
+				log.info("===> Incorrect username ("+userDN+") or password. "+e.getMessage());
 			} catch (Exception e) {
 				log.error("===> LDAP exception: " + e, e);
 			} finally {
@@ -173,12 +173,12 @@
 					if (ctx != null)
 						ctx.close();
 				} catch (Exception e) {
-					log.error("===> gettting problem when closing context. Excetion: "+e);
+					log.error("===> gettting problem when closing context. Exception: "+e);
 				}
 			}
 		}
 		
-		return false;
+		return isValid;
 	}
 
 }
\ No newline at end of file
Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java
===================================================================
RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java,v
diff -u -r1.22 -r1.23
--- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	4 Oct 2007 01:06:34 -0000	1.22
+++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java	2 Nov 2007 01:22:46 -0000	1.23
@@ -93,9 +93,6 @@
 			if (inputPassword.length() == 0)
 				return false;
 
-			log.debug("===> validatePassword() called: " + inputPassword
-					+ " : " + expectedPassword);
-
 			try {
 				String username = getUsername();
 				WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(HttpSessionManager.getInstance().getServletContext());
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java,v
diff -u -r1.50 -r1.51
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java	19 Oct 2007 02:32:38 -0000	1.50
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java	2 Nov 2007 01:22:48 -0000	1.51
@@ -352,6 +352,13 @@
 	public void deleteChildUserOrganisations(User user, Organisation org);
 	
 	/**
+	 * Removes user from this group and its subgroups.
+	 * @param user
+	 * @param org
+	 */
+	public void deleteUserOrganisation(User user, Organisation org);
+	
+	/**
 	 * Return true if user is a global group admin.
 	 * @return
 	 */
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java,v
diff -u -r1.9 -r1.10
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java	4 Oct 2007 01:06:33 -0000	1.9
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java	2 Nov 2007 01:22:48 -0000	1.10
@@ -324,36 +324,26 @@
 				}
 				// if the user is a member of any other groups, remove them
 				if (Configuration.getAsBoolean(ConfigurationKeys.LDAP_ONLY_ONE_ORG)) {
-					Set uos = user.getUserOrganisations();
-					// safety net in case hibernate hasn't initialised this set yet
-					if (uos == null) {
-						uos = new HashSet();
-						user.setUserOrganisations(uos);
-					}
-					Iterator i = uos.iterator();
-					while (i.hasNext()) {
-						UserOrganisation uo = (UserOrganisation)i.next();
-						Organisation currentOrg = uo.getOrganisation();
-						if (currentOrg.getOrganisationType().getOrganisationTypeId().equals(OrganisationType.COURSE_TYPE)) {
-							if (!currentOrg.equals(org)) {
-								i.remove();
-								// remove userOrg from the org's collection
-								Set currentOrgUos = currentOrg.getUserOrganisations();
-								currentOrgUos.remove(uo);
-								currentOrg.setUserOrganisations(currentOrgUos);
-								// remove subgroups
-								service.deleteChildUserOrganisations(uo.getUser(), uo.getOrganisation());
+					List uos = service.findByProperty(UserOrganisation.class, "user", user);
+					if (uos != null) {
+						for (Object obj : uos) {
+							UserOrganisation uo = (UserOrganisation)obj;
+							Organisation currentOrg = uo.getOrganisation();
+							if (currentOrg.getOrganisationType().getOrganisationTypeId().equals(OrganisationType.COURSE_TYPE)) {
+								if (!currentOrg.equals(org)) {
+									service.deleteUserOrganisation(user, currentOrg);
+								}
 							}
 						}
 					}
-					user.setUserOrganisations(uos);
-					service.save(user);
 				}
 				// now convert the roles to lams roles and add the user to the org
 				List<String> roleIds = getRoleIds(ldapRoles);
 				if (roleIds!=null && !roleIds.isEmpty()) {
 					service.setRolesForUserOrganisation(user, org.getOrganisationId(), roleIds);
 					return true;
+				} else {
+					log.warn("Couldn't map any roles from attribute: "+Configuration.get(ConfigurationKeys.LDAP_ROLES_ATTR));
 				}
 			} else {
 				log.warn("No LAMS organisations found with the "+orgField+": "+ldapOrgAttr);
@@ -367,23 +357,23 @@
 		if (ldapRoles!=null) {
 			ArrayList<String> roleIds = new ArrayList<String>();
 			for (String role : ldapRoles) {
-				if (Configuration.get(ConfigurationKeys.LDAP_LEARNER_MAP).indexOf(role) >= 0 
+				if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_LEARNER_MAP), role) 
 						&& !roleIds.contains(Role.ROLE_LEARNER.toString())) {
 					roleIds.add(Role.ROLE_LEARNER.toString());
 				}
-				if (Configuration.get(ConfigurationKeys.LDAP_MONITOR_MAP).indexOf(role) >= 0
+				if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_MONITOR_MAP), role)
 						&& !roleIds.contains(Role.ROLE_MONITOR.toString())) {
 					roleIds.add(Role.ROLE_MONITOR.toString());
 				}
-				if (Configuration.get(ConfigurationKeys.LDAP_AUTHOR_MAP).indexOf(role) >= 0
+				if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_AUTHOR_MAP), role)
 						&& !roleIds.contains(Role.ROLE_AUTHOR.toString())) {
 					roleIds.add(Role.ROLE_AUTHOR.toString());
 				}
-				if (Configuration.get(ConfigurationKeys.LDAP_GROUP_ADMIN_MAP).indexOf(role) >= 0
+				if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_GROUP_ADMIN_MAP), role)
 						&& !roleIds.contains(Role.ROLE_GROUP_ADMIN.toString())) {
 					roleIds.add(Role.ROLE_GROUP_ADMIN.toString());
 				}
-				if (Configuration.get(ConfigurationKeys.LDAP_GROUP_MANAGER_MAP).indexOf(role) >= 0
+				if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_GROUP_MANAGER_MAP), role)
 						&& !roleIds.contains(Role.ROLE_GROUP_MANAGER.toString())) {
 					roleIds.add(Role.ROLE_GROUP_MANAGER.toString());
 				}
@@ -393,6 +383,18 @@
 		return null;
 	}
 	
+	private boolean isRoleInList(String list, String role) {
+		if (list != null && role != null) {
+			String[] array = list.split(";");
+			for (String s : array) {
+				if (role.contains(s)) {
+					return true;
+				}
+			}
+		}
+		return false;
+	}
+	
 	// get the multiple values of an ldap attribute
 	private List<String> getAttributeStrings(Attribute attr) {
 		try {
Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java,v
diff -u -r1.82 -r1.83
--- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java	19 Oct 2007 02:32:38 -0000	1.82
+++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java	2 Nov 2007 01:22:48 -0000	1.83
@@ -865,6 +865,19 @@
 		}
 	}
 	
+	public void deleteUserOrganisation(User user, Organisation org) {
+		UserOrganisation uo = getUserOrganisation(user.getUserId(), org.getOrganisationId());
+		if (uo != null) {
+			org.getUserOrganisations().remove(uo);
+			save(org);
+			user.getUserOrganisations().remove(uo);
+			log.debug("Removed user "+user.getUserId()+" from organisation "+org.getOrganisationId());
+			if (org.getOrganisationType().equals(OrganisationType.COURSE_TYPE)) {
+				deleteChildUserOrganisations(user, org);
+			}
+		}
+	}
+	
 	private Integer getRequestorId() {
 		UserDTO userDTO = (UserDTO)SessionManager.getSession().getAttribute(AttributeNames.USER);
 		return (userDTO!=null ? userDTO.getUserID() : null);