Hi

I've successfully managed to configure LDAP with JBoss. I want to source the roles elsewhere however. Can someone give me a hint as to how I would do that?

Here's the config I have so far...

jboss-web.xml

<jacc-star-role-allow>true</jacc-star-role-allow>

web.xml:

<security-constraint>
                    <web-resource-collection>
                              <web-resource-name>All resources</web-resource-name>
                              <url-pattern>/*</url-pattern>
                    </web-resource-collection>
                    <auth-constraint>
                              <role-name>*</role-name>
                    </auth-constraint>
</security-constraint>

<login-config>
                    <auth-method>BASIC</auth-method>
                    <realm-name>MyRealm</realm-name> 
</login-config>

<security-domain name="other">
                    <authentication>
                        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                            <module-option name="java.naming.provider.url" value="ldap://myldap:389/"/>
                            <module-option name="bindDN" value="myuser"/>
                            <module-option name="bindCredential" value="mypassword"/>
                            <module-option name="baseCtxDN" value="..."/>
                            <module-option name="baseFilter" value="(...={0})"/>
                            <module-option name="uidAttributeID" value="..."/>
                            <module-option name="roleAttributeID" value="..."/>
                            <module-option name="roleAttributeIsDN" value="true"/>
                            <module-option name="rolesCtxDN" value="..."/>
                            <module-option name="roleFilter" value="(sAMAccountName={0})"/>
                        </login-module>
                    </authentication>
</security-domain>

For example, would it be possible to give a default role to every user?

Can I derive this from a datasource?

Cheers

Chris