Hello all,
I am presently using the org.jboss.security.auth.spi.LdapLoginModule for authentication with great success, and also have it successfully used for basic Authorization by group.

However, I would like to take a step further on Authorization where my application would like to use attribute-based role authorization (Both EJB/webservice and webapp if possible).

An example would be easier than explaining it, so:
A user has 1-N projects.
A user could have roles 'users', 'supervisor', 'admin', each different for each project.

Since that N-N mapping doesn't fit well into groups for LDAP, I would like to explore continue using LDAP for authentication but a seperate piece for authorization. Any recommondations?

thanks,
-D