Hi

I am trying to configure the admin console in JBoss 5.1.0, to use LDAP as the authentication source. I have found this guide (http://community.jboss.org/thread/163867), but I have some problems with that configuration:

1. I have to give access to the admin console to two different groups in LDAP
2. Also, I would like to use local authentication (properties file based) in case of LDAP shutdown (already done with an application policy in login-config.xml, configuring as sufficient LDAP and properties sources), so I need to allow a new role to access to the admin console.

So, must I modify each file where JBossAdmin role is referenced to allow these three groups allow access? How this should be done?

<rule if="#{s:hasRole('JBossAdmin', 'LDAPRole1')}">

Or

<rule if="#{s:hasRole('JBossAdmin') || s:hasRole('LDAPRole1')}">

Or what?

Regards and thanks in advance.