Today I needed to authenticate a user and verify he belongs to a specific group in one step (in Active Directory).
I am using Spring LDAP, Spring Security 2.0.4.
After a few hours of trial and error I understood the meaning of the "searchFilter" in FilterBasedLdapUserSearch.
I can verify the sAMAccountName and the group membership using the filter like this:
FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
")", ctx );