I'm sorry I can't help you much, cause I'm not an AD expert. Here's a blog post that may help
http://weblogs.java.net/blog/kohsuke/archive/2008/06/more_active_dir.html Hudson has very nice integration with AD. The only thing you need to supply for configuration is the domain name. Groups are then made available. I suppose you could look at Hudson's code to determine exactly what/how it is querying for groups... Hope it helps, Philippe -- View this message in context: http://n2.nabble.com/ActiveDirectoryRealm-getRoleNamesForUser-tp4402069p4446252.html Sent from the Shiro User mailing list archive at Nabble.com.
