berryma4
commented
8 years ago Are you sure that is the file being read? The other thing you might want to check, glassfish has a setting to make mappings for ldap groups, so if you have this setting on and you have a group with the same name ... it would work.
Hello.
There seems so be a problem when mapping security roles to the LDAP groups. I tried to remove the role from auth-constraint in web.xml but it didn't prevent user with that role to get response from the server.
For example I tried to delete LogMod role from /resources/logbooks/* resource but users inside LogMod group could still create/modify/delete logbooks.
I checked glassfish-web.xml (which contains mapping of roles to LDAP group) and it seems be fine.
Do you maybe have any experience with this?