Binding error when authenticating LDAP user who is a member of a subgroup

[bscoleman]

-UPDATE 4/20/12 -
I have solved this issue. Thanks to all who helped.
- - - - - - - - - - - - - - - - - - - - - - - - - - - -

I am using Spring security 2.0.3 jar and Spring ldap core 1.3.1 in a JSF web application. I am able to authenticate users that are not in a subgroup, but I receive the following error when trying to authenticate a user that is a member of a subgroup: org.springframework.ldap.core.ObjectRetrievalExcep tion: Binding did not contain any object.

I am using IBM Directory Server. I am new to Spring Security and would appreciate any advice on how to authenticate a user with this configuration. Thank you.
--------------------------------------
Here is the LDIF for the group of groups:
dn: cn=Active Agents, cn=groups, DC=MYCOMPANY,DC=COM
ibm-appuuid: 5e2c6ca0-90cf-11d9-dfdffdf-856f422dd274
objectClass: groupofuniquenames
objectClass: ibm-appuuidaux
objectClass: top
uniquemember: cn=Active Agents SubGroup000,cn=groups,dc=mycompany,dc=com
uniquemember: cn=Active Agents SubGroup001,cn=groups,dc=mycompany,dc=com
uniquemember: cn=Active Agents SubGroup002,cn=groups,dc=mycompany,dc=com
cn: Active Agents
--------------------------------------
Here is the LDIF for the subgroup:
dn: cn=Active Agents SubGroup002, cn=groups, DC=MYCOMPANY,DC=COM
ibm-appuuid: 45f4e5b0-a775-11d9-asdfdsaf-856f4242b18f
objectclass: groupofuniquenames
objectclass: javaObject
objectclass: javaNamingReference
objectclass: top
objectclass: ibm-appuuidaux
uniquemember: uid=test_user,cn=users,dc=mycompany,dc=com
javaClassName: com.mycompany.common.ldap.references.LDAPUser
javaFactory: com.mycompany.common.ldap.factories.LDAPGroupFacto ry
javaReferenceAddress: #0#ldapGroup#Active Agents SubGroup002
cn: Active Agents SubGroup002
--------------------------------------
Here is the ldif for the user in the subgroup:
dn: uid=test_user, cn=users, DC=MYCOMPANY,DC=COM
--------------------------------------
Here is my config:
<http
auto-config="true"
access-denied-page="/jsp/accessDenied.jsp">

<intercept-url
pattern="/jsp/admins/**"
access="ROLE_ADMIN" />
<intercept-url
pattern="/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url
pattern="/j_spring_security_switch_user"
access="ROLE_ADMIN_IMPERSONATE" />
<intercept-url
pattern="/j_spring_security_exit_user"
access="ROLE_ADMIN_IMPERSONATE" />

<form-login
login-processing-url="/j_spring_security_check"
login-page="/jsp/login.jsp"
default-target-url="/jsp/menu.jsf"
authentication-failure-url="/jsp/accessDenied.jsf" />
<logout
invalidate-session="true"
logout-success-url="/jsp/login.jsf" />

</http>

<beans:bean id="switchUserProcessingFilter"
class="org.springframework.security.ui.switchuser. SwitchUserProcessingFilter"
autowire="byType">
<custom-filter after="SWITCH_USER_FILTER"/>
<beansroperty name="targetUrl" value="/jsp/menu.jsf"/>
</beans:bean>


<beans:bean id="loggerListener"
class="org.springframework.security.event.authenti cation.LoggerListener" />

<authentication-provider >
<ldap-user-service id="ldapUserService"
server-ref="ldapServer"
user-search-base="cn=users"
user-search-filter="uid={0}"
group-search-filter="uniquemember={0}"
group-search-base="cn=groups"
group-role-attribute="cn"
role-prefix="ROLE_"
user-details-class="inetOrgPerson"
/>
</authentication-provider>

<ldap-server id="ldapServer" url="ldap://MYLDAP/DC=MYCOMPANY,DC=COM"
manager-dn="xxx" manager-password="xxx" />
--------------------------------------------------

[Bobbyb]

nice thank you.

[bscoleman]

Not sure what your reply 'nice thank you. ' to my thread means.