From: <glassfish_at_javadesktop.org>
Date: Fri, 15 Feb 2008 21:26:29 PST

Since your requirement is : "anyone who passes the authentication to use the application."

 Please remove the role-mapping in sun-web.xml :

    <security-role-mapping>
        <role-name>AllRoles</role-name>
        <group-name>*</group-name>
    </security-role-mapping>

 And change this to some other name like

     <security-role-mapping>
        <role-name>All Roles</role-name>
        <group-name>LDAPAuthorized</group-name>
    </security-role-mapping>

Then open domain.xml and add the following assign-groups property in your LDAP Realm.

<property name="assign-groups" value="LDAPAuthorized"/>

For example here is what i have tested :

<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="OpenDS">
          <property name="directory" value="ldap://localhost:389"/>
          <property name="assign-groups" value="LDAPAuthorizedGroup"/>
          <property name="base-dn" value="dc=sun,dc=com"/>
          <property name="jaas-context" value="ldapRealm"/>
        </auth-realm>
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=259336