Stating the user's DN is a good start, but I also need a DN for something that could be used for a role, such as a department. And I need to know an attribute on the user that can be used to link to that role/department. The other thing I am thinking is that perhaps there is a way to simulate a user-only LDAP module that yields a constant role (or chain some modules together to yield the same). I know that this can be done with the database login module because there the role is obtained via an SQL statement and it is easy to write SQL to return a constant. However, I would have to dig through the source code to see if this is possible. I have a very detailed description of how to set up the LDAP login module based on using ldapserach to query the LDAP server in JBoss in Action. You should get a copy and look it over, that might help you set up the roles query. http://www.manning.com/jamae View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4236144#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...