This issue is somewhat resolved. I believe that because I deleted the "defaultInternalRoles" value out of the .xml config, it was giving all new users a NULL role, along with whatever other role I assigned manually. If I can't find a CAS/LDAP role .xml, I'll have to set the default role to "ROLE_ANONYMOUS" and manually add in all my users under the adminUsernames, and just give them the role of ROLE_USER.