>> I do not want to add groups in the LDAP server, but to map existing >> ones to the roles defined in my web application instead. > > Perhaps you can use the <security-role-ref> declaration; look in section 12 > of the servlet spec. >
If I remember well the <security-role-ref> just creates an alias on an existing <security-role> for servlets. It's not related to the mapping between my "system" groups and the application roles. The section 12.4 of the servlet spec says : "A security role is a logical grouping of users defined by the Application Developer or Assembler.When the application is deployed, roles are mapped by a Deployer to principals or groups in the runtime environment." That's exactly what I am looking for. Something like: <user username="john" password="doe" roles="role1,role2"/> In the tomcat-users.xml file but for my LDAP realm. Cheers, Jerome --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]