I will preface this with I am fairly green when it comes to LDAP and AD. The ActiveDirectoryRealm.hasRole() call, does that work against a Role or a Group? If the former, is there a way to do checks against Group membership from SecurityManager? I'm having issues having hasRole work against an AD instance and I find myself to be a bit stuck due to lack of knowledge of both AD/LDAP and Shiro's role/permission support.
Thanks John
