thank you for the hint! But I don't understand right now the ModelLoginModule. Is this only used to check the existence of the user for the portal ? Or is it also used to check permissions using the groups of an user? If so I think it's not enough only to create the user and roles once. As roles and password of an user can change in LDAP you always have to replicate password and roles to the jboss portal.
Do I understand this right?
psuedo-useful code example in the thread above.