jboss-cli failed when trying to create ldap security-domain on EAP 6.4.0

Latest response

On EAP 6.3.x, I use the following CLI commands for configuring my LDAP security domain.

....
/subsystem=security/security-domain=my-security-domain:add(cache-type=default)
/subsystem=security/security-domain=my-security-domain/authentication=classic:add
/subsystem=security/security-domain=my-security-domain/authentication=classic:write-attribute(name=login-modules,value=[{code=>LdapExtended,flag=>required,module-options=>[java.naming.factory.initial=>com.sun.jndi.ldpa.LdapCtxFactory,java.naming.provider.url=>ldap://localhost:389,java.naming.security.authentication=>simple,bindDN=>"CN=root,dc=me,dc=lab",bindCredential=>me,baseCtxDN=>"ou=Users,DC=my-ap,DC=me,DC=lab",baseFilter=>(cn={0}),rolesCtxDN=>"ou=Groups,DC=my-app,DC=me,DC=lab",roleFilter=>(uniquemember={1}),searchScope=>ONELEVEL_SCOPE,allowEmptyPasswords=>false,defaultRole=>MyWebUser,roleAttributeID=>cn ]}])
...

On EAP 6.4.0, the last command raises the following error message:
{
"outcome" => "failed",
"failure-description" => "JBAS014749: Operation handler failed: java.lang.IllegalArgumentException",
"rolled-back" => true,
"response-headers" => {"process-state" => "reload-required"}
}

If I manually edit the standalone-full.xml file, the security-domain is working correctly.

Does the CLI syntax changes between 6.3.x and 6.4.0 ?

Responses