Hi, thanks for the reply,
I've looked at the document and it doesn't seem to talk about mapping an LDAP group name to a a j2ee role as a mentioned above.
The problem is the old problem that we have an app with j2ee roles as defined in web.xml and want to map these to the LDAP groups in Active Directory - ie the j2ee roles to the ldap groups.
Ive done this using the <security-role-mapping> tag in sun-one but havent found anything equivilant in JBoss - yet! I guess it must be possible otherwise there would be no point in getting the user groups from the LDAP server.
Re-read the JAAS Howto sticky post to see how a subject is assigned roles, and then re-read the LdapLoginModule configuration in chapter 8 of the online admin/devel guide.