Hi,
I have really tried to get to the bottom of this without resorting to the list but this should work but it doesn't. Tomcat v 5.5.4 OpenLDAP I have the Realm configured in server.xml as: <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389" userPattern="uid={0},ou=iuap,dc=becta,dc=org" userRoleName="memberOf" /> Entry in LDAP # User1 entry with TOMCAT roles 'admin' and 'manager' dn: uid=user1,ou=iuap,dc=becta,dc=org objectClass: iuapPerson sn: user1 cn: super user1 uid: user1 mail: [EMAIL PROTECTED] userPassword: secret memberOf: admin memberOf: manager Produces the following in the logs when I try it against the manager application: Security checking request GET /manager/html Checking constraint 'SecurityConstraint[HTMLManger and Manager command]' against GET /html --> true Calling hasUserDataPermission() User data constraint has no restrictions Calling authenticate() retrieving values for attribute memberOf validating credentials by binding as the user binding as uid=user1,ou=iuap,dc=becta,dc=org Username user1 successfully authenticated getRoles(uid=user1,ou=iuap,dc=becta,dc=org) Authenticated 'user1' with type 'BASIC' Calling accessControl() Checking roles GenericPrincipal[user1()] *Username user1 does NOT have role manager No role found: manager Failed accessControl() test *As you can see the roles are not being picked up. Any ideas? TIA Regards Paul Worrall Portal Technology and Innovation BECTA ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************