Thanks for your efforts, mate! I was able to login as LDAP user, but role mapping didn't work. I had commented out "<property name="userDnPatterns"><list><value>uid={0}</value></list></property> " Stupid me! Also, I didn't have member=uid.... in my ldap configuration for that group. log4j.logger.org.springframework.security.ldap=DEBUG, stdout, fileout really helped! I searched forums and I could not find ONE decent example how users should be defined in LDAP/AD. Post Edited by sasamad2004 at 02/11/2011 12:19