...
where list_of_roles is a list of Roles that are configured in the [roles] section of the shiro.ini configuration file. Multiple Roles are separated with a bar |.
Note that the value of the group depends on the result of the search. It is the value of the attribute that you have specified with the groupNameAttribute. Default for the groupNameAttribute is memberOf. That means that if you are looking for the groups by searching the memberOf Attribute values of an user you have to specify the whole value of the memberOf Attribute. A typical mapping when using AD with memberOf ist
# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |ldapRealm.groupRolesMap = \CN=Group1,OU=SpecialGroups,OU=Groups,OU=Company,DC=sos-berlin,DC=com : all, \CN=AnotherGroup,OU=SpecialGroups,OU=Groups,OU=CompanyDC=sos-berlin,DC=com : all, \CN=Beginners,OU=SecurityGroups,OU=Groups,OU=Company,DC=sos-berlin,DC=com : business_user
Example
ldapRealm.groupRolesMap = \sos : it_operator, \apl : administrator|application_manage
...