Hi everybody,

thas my big problem:
The users are saved in the ActiveDirectory on a central server. I can login with JBoss with the login-config.xml:

<application-policy name="xxx">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
 <module-option name="dsJndiName">java:/DefaultDS</module-option>
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://192.168.1.10:389/DC=bsp,DC=local??base?(objectClass=*)</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="principalDNPrefix">CN=</module-option>
 <module-option name="principalDNSuffix">,CN=Users,DC=bsp,DC=local</module-option>
 <!--<module-option name="rolesCtxDN">CN=Users,DC=bsp,DC=local</module-option>-->
 <module-option name="uidAttributeID">sAMAccountName</module-option>
 <module-option name="matchOnUserDN">false</module-option>
 <!--<module-option name="roleAttributeID">cn</module-option>
 <module-option name="roleAttributeIsDN">true</module-option>-->
 </login-module>
 </authentication>
</application-policy>

the problem is that the roles of the users are not saved in the AD. Instead i can find them in a database with columns like bit isAdmin for example.
I dont know how to add roles to the users or configurate the login-file to separate the source of the user and roles.

Have anybody a suggestion?

Thanks