Adjusted my filter to : role.filter=(&(objectClass=group)(member=%dn,DC=corp,DC=local))
Verified that it returns 2 Groups : Mirth Admins DEV and ActiveMQ_Admins_DEV role.mapping=ActiveMQ_Admins_DEV=admin,webconsole,manager,jmxUser,sshConsole,viewer;ActiveMQ_Users_DEV=viewer 2017-03-06 09:11:14,013 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf, role=webconsole, rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.module s.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal, configuration=null, username=inttest02, password=******] 2017-03-06 09:11:14,013 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN. 2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user in LDAP with 2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | base DN: DC=corp,DC=local 2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | filter: (&(objectCategory=person)(samAccountName=inttest02)) 2017-03-06 09:11:14,196 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Found the user DN. 2017-03-06 09:11:14,197 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication). 2017-03-06 09:11:14,197 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local 2017-03-06 09:11:14,198 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user. 2017-03-06 09:11:14,383 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully bound. 2017-03-06 09:11:14,474 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user roles in LDAP with 2017-03-06 09:11:14,475 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | base DN: OU=Application Groups,OU=Domain Groups,DC=corp,DC=local 2017-03-06 09:11:14,475 | DEBUG | wtio/auth/login/ | LDAPLoginModule | 116 - org.apache.karaf.jaas.modules - 4.0.8 | filter: (member:1.2.840.113556.1.4.1941:=CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local) 2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.RolePrincipal 2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02] 2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.modules.RolePrincipal 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02] 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.modules.RolePrincipal, continuing 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.GroupPrincipal 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02] 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing 2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator | 243 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the required role webconsole -- View this message in context: http://karaf.922171.n3.nabble.com/LDAP-Roles-tp4049745p4049768.html Sent from the Karaf - User mailing list archive at Nabble.com.