[jboss-user] [Beginner's Corner] - Integrate JBoss 6 to AD - map groups to roles?

Stian Lund [http://community.jboss.org/people/pathduck] created the discussion "Integrate JBoss 6 to AD - map groups to roles?" To view the discussion, visit: http://community.jboss.org/message/602192#602192 -------------------------------------------------------------- Hi, I'm new :) I'm in the process of setting up a Test-env for JBoss where we want to connect to Active Directory for authentication of users to the jmx console and admin console. I've created a policy in login-config.xml: <application-policy name="ActiveDirectory">                 <authentication>             <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >                 <module-option name="java.naming.provider.url">ldap://xxx:389/</module-option>                 <module-option name="bindDN">CN=xxx,OU=xxx,DC=xxx,DC=xxx</module-option>                 <module-option name="bindCredential">xxx</module-option>                     <module-option name="baseCtxDN">cn=Users,dc=xxx,dc=xxx</module-option>                                 <module-option name="baseFilter">(sAMAccountName={0})</module-option>                                 <module-option name="rolesCtxDN">cn=Users,dc=xxx,dc=xxx</module-option>                                 <module-option name="roleFilter">(sAMAccountName={0})</module-option>                                 <module-option name="roleAttributeID">memberOf</module-option>                                 <module-option name="roleAttributeIsDN">true</module-option>                                 <module-option name="roleNameAttributeID">cn</module-option>                                 <module-option name="searchScope">ONELEVEL_SCOPE</module-option>                                 <module-option name="allowEmptyPasswords">false</module-option>             </login-module>         </authentication>     </application-policy> I've mapped this policy in jboss-web.xml for the WAR files:     <security-domain>java:/jaas/ActiveDirectory</security-domain> But now I've hit the wall in regards to how I would map the AD group whose members are admins to the correct role, which I guess is "JBossAdmin". For instance we have a group "ga-JBossAdm" in AD and want these members to have the role. I've tried searching for examples how to do this but come up short. I'm coming from a Websphere background where this integration is based on mapping AD groups/users to administrative roles in WAS, so maybe I am going at this the wrong way, but I can't really figure out where to go from here. Is <role-name> supposed to map to the same as the name of the AD group? Hope some of you JBoss gurus can help me proceed here :) -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/602192#602192] Start a new discussion in Beginner's Corner at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]