I'm using a federated repository in WAS v8.0.0.5. That federated repo contains a JDBC repo, 3 Active Directory LDAP repos, and a file-based repo. The repos are set to a realm and domain, which is used by a Java EE 6 enterprise application. I'm implementing Java EE 6 Security, specifically Servlet Spec 3.0 authentication.
Within the app, I'm able to log in and authenticate users from all of the repos, however I cannot obtain the user's role for all of the repos except the JDBC repo. Specifically, I mean using Servelet Spec 3.0's request.isUserInRole(). The correct groups and users appear within WAS's Admin Console (VMM). I'm mapping groups to application roles via the .ear project's ibm-application-bnd.xml. I've checked the spelling/spaces of the mappings. Everything is correct. I've checked the .war project's web.xml too for any typos. Everything looks fine. Since the JDBC repo works with no problems, I've compared its .ear and .war role-to-group mappings to the LDAP mappings.
I've discovered that if I map specific users to groups in ibm-application-bnd.xml for the LDAP repos, the users' roles can then be confirmed. This inidicates to me that there's something wrong with my mapping configuration between Active Directory Users and Groups.
As far as config goes, I'll talk about 1 of the LDAP repos:
I have Group defined in LDAP entity types as being mapped to Object Classes group;groupOfNames;groupOfUniqueNames (I think group is just needed, but I've been trying anything to figure this out).
PersonAccount is mapped to the Object Class user.
Out of desperation, I've also created a Supported LDAP attribute named memberOf and mapped it to the PersonAccount entity type.
As far as the Group attribute definiition, I've set "Name of group membership attribute" to "memberof" and specified a scope of "Direct". I also tried "memberOf", which didn't change anything.
Using Apache Directory Studio to browse Active Directory, I can confirm that user and group are the two object classes I'm seeking.
Can someone please shed some light on what I have wrong with the config?