mapping LDAP groups to roles
I'm trying to fit Spring Security onto our LDAP environment with pre-existing users/groups for a typical role-based scenario. I cannot change the naming scheme for these users/groups. Also, in reading the Spring Security docs, I do not want to set an empty role prefix, since per:
"An empty role prefix means that the voter will vote for every ConfigAttribute. When there are different categories of ConfigAttributes used, this will not be optimal since the voter will be voting for attributes which do not represent roles."
However, I found a set of classes that appears to map groups to roles:
If so, which of these class(es) should I use/extend to map LDAP groups (e.g., cn=department-admin) to Spring Security roles (e.g., ROLE_ADMIN)? Are there any examples that I may glance over?