diff --git a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
index fd48cb5043..073a4f46f3 100644
--- a/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
+++ b/sandbox/src/test/java/org/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationTest.java
@@ -1,56 +1,72 @@
 package net.sf.acegisecurity.providers.dao.ldap;
 
-import javax.naming.NamingEnumeration;
 import javax.naming.NamingException;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.BasicAttribute;
-import javax.naming.directory.BasicAttributes;
 
+import net.sf.acegisecurity.BadCredentialsException;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.GrantedAuthority;
 
 public class LdapPasswordAuthenticationTest extends BaseLdapTestCase {
 	
-
-	/** Simply test the connection to the test LDAP server; 
-	 *   if this test fails we know the server setup needs checked.
-	 * @throws NamingException 
-	 */
-	public void testConnection() throws NamingException {
-		Object obj = getClientContext().lookup("ou=users");
-		//System.out.println( obj );
-		assertNotNull( obj );
-	}
+    private LdapPasswordAuthenticationDao dao;
+    
+    private String DEFAULT_ROLE = "DEFAULT_ROLE";
     
+    /** Setup the basic properties of our LdapPasswordAuthenticationDao */
+    protected void setUp() {
+        dao = new LdapPasswordAuthenticationDao();
+        dao.setURL("ldap://localhost:389/ou=system");
+    }
     
-    public void testSetupOne() throws NamingException {
-        // add a simple user object so we can test it:
-        
-        //String name = "cn=User One,ou=users";
-        String name = "uid=one.user,ou=users";
-        Attributes attrs = new BasicAttributes();
-        attrs.put("dn", name + ",ou=system");
-        attrs.put("cn", "User One");
-        attrs.put("sn", "One");
-        attrs.put("givenName", "User");
-        attrs.put("uid", "user.one");
-        attrs.put("mail", "user.one@hotmail.com");
-        attrs.put("userPassword", "plaintext");
-        attrs.put("objectClass", "inetOrgPerson");
-        attrs.put("objectClass", "top");
-        getServerContext().createSubcontext(name, attrs);
-        
-        Attributes myAttrs = getClientContext().getAttributes("uid=one.user,ou=users");
-        assertEquals(8, myAttrs.size());
-        
-        assertEquals("uid=one.user,ou=users,ou=system", myAttrs.get("dn").get() );
-        //System.out.println("DN = " + myAttrs.get("dn").get() );
-        /*
-        NamingEnumeration names = myAttrs.getIDs();
-        while (names.hasMoreElements()) {
-            System.out.println("Found id: " + names.nextElement() );
-        } */
+
+    public void testSimpleUidUser() throws NamingException {
+        dao.setUserContext("uid={0},ou=users,ou=system");
+        dao.setDefaultRole(DEFAULT_ROLE);
+        try {
+            UserDetails userDetails = dao.loadUserByUsernameAndPassword("one.user", "plaintext");
+            assertEquals(1, userDetails.getAuthorities().length );
+            assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
+        } catch (BadCredentialsException ex) {
+            fail();
+        }
     }
 	
+    public void testSimpleCnUser() throws NamingException {
+        dao.setUserContext("cn={0},ou=users,ou=system");
+        dao.setDefaultRole(DEFAULT_ROLE);
+        try {
+            UserDetails userDetails = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
+            assertEquals(1, userDetails.getAuthorities().length );
+            assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
+        } catch (BadCredentialsException ex) {
+            fail();
+        }
+    }
 	
+    public void testSimpleMultiUserContext() throws NamingException {
+        dao.setUserContexts(new String[]{"uid={0},ou=users,ou=system", "cn={0},ou=users,ou=system"});
+        dao.setDefaultRole(DEFAULT_ROLE);
+        try {
+            UserDetails userDetails = dao.loadUserByUsernameAndPassword("one.user", "plaintext");
+            assertEquals(1, userDetails.getAuthorities().length );
+            assertEquals(DEFAULT_ROLE, userDetails.getAuthorities()[0].getAuthority() );
+            
+            UserDetails userDetails2 = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
+            assertEquals(1, userDetails2.getAuthorities().length );
+            assertEquals(DEFAULT_ROLE, userDetails2.getAuthorities()[0].getAuthority() );
+        } catch (BadCredentialsException ex) {
+            fail();
+        }
+    }
+    
+    public void testEmptyRoles() {
+        dao.setUserContext("uid={0},ou=users,ou=system");
+        try {
+            UserDetails userDetails = dao.loadUserByUsernameAndPassword("user.two", "plaintext2");
+            fail("No roles are accessible for user; this test _should_ fail.");
+        } catch (BadCredentialsException ex) {
+            assertTrue("No roles are accessible for user; this test _should_ fail.",
+                ex.getMessage().startsWith(LdapPasswordAuthenticationDao.BAD_CREDENTIALS_EXCEPTION_MESSAGE) );
+        }
+    }
 }