I'm currently evaluating ESOE for a project I'm working on. After
installing it and securing a ressource via SSO I'm trying to
understand how the policy configuration/role management with a ldap
directory is working. In http://esoeproject.org/confluence/display/eu/ESOE+Features
you're writing, that you are supporting even "distributed" ldap
systems and roles - therefore a (simple) RBAC system should be
implementable by ESOE. But I didn't find any information how this
could be achieved?
I'm new to ldap too - currently I implemented roles as
groupOfUniqueNames, which have (muliple) uniqueMembers, referencing
the users for this role. Are there any assumptions about the ldap
layout?

And a second question: In your policy examples your referencing
username, email etc. as user attributes. I figured out that a mapping
from the ldap attributes to these names is done in a sessiondata.xml -
but I don't know where this configuration file has to be saved and/or
referenced.

Beside these questions, the project setup and documentation is really
great! :)

regards,

helmut