securing ejb application depolyed in glassfish V3 using ldap realm that points to active directory

hi
i have an ejb web application that i need to secure using our Active directory and i am facing diffrent kinds of Errors like user [user name ]not found and , other ldap exceptions , i have used similar configuration with open DS and it worked just fine and here is my ldap test configeration along with my web.xml and sun-web.xml
please tell me if there is any thing wrong that i am doing

JAAS Context : ldapRealm
Directory : ldap://192.168.17.20:389
Base DN : CN=Users,DC=amplex-emirates,DC=ae
search-bind-dn: my user name
search-bind-password : my password

and here my web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
    <distributable/>
    <context-param>
        <param-name>javax.faces.PROJECT_STAGE</param-name>
        <param-value>Development</param-value>
    </context-param>
    <servlet>
        <servlet-name>Faces Servlet</servlet-name>
        <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Faces Servlet</servlet-name>
        <url-pattern>/faces/*</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>faces/Home.xhtml</welcome-file>
    </welcome-file-list>
    <mime-mapping>
        <extension>msi</extension>
        <mime-type>application/msi</mime-type>
    </mime-mapping>
    <mime-mapping>
        <extension>cab</extension>
        <mime-type>application/cab</mime-type>
    </mime-mapping>
    <security-constraint>
        <display-name>Constraint1</display-name>
        <web-resource-collection>
            <web-resource-name>res1</web-resource-name>
            <description/>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>myrole</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>testldap</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>myrole</role-name>
    </security-role>
</web-app>

and also my sun-web.xml

also i have adde a jvm option in glassfish like this ( i saw this in a forum and the who did it claims that it made it working with him )
Djava.naming.referral=follow

thats it .... plese help me here
thank you