I can authenticate Tomcat users against a Sun One Directory Server using groups. I configure my realm like so:
and it works fine.
Unfortunately, the powers that be use Roles instead of Groups and I can't get authentication against Roles to work. Roles are represented as virtual attributes of a user as opposed to groups which contain uniquemember records (LDIF with some attributes snipped):
Now I configure my Tomcat server like so:
Authentication appears to work according to the Tomcat log:
but I get forwarded to an HTTP 403 error. This indicates to me that the user's roles are not being found. Can anyone point me in the right direction?