If you have already implemented a role-based administration policy for granting access to print, file, and LDAP resources, you can leverage your role definitions and use Access Manager policies to control access to web resources. If your role definitions use the following types of LDAP features, you can create Access Manager Role policies that use them:
Values found in LDAP attributes
Location of the user objects in the directory tree
Membership in groups or roles
The Access Manager Role policies that you create for these features can then be used to control access to protected web resources. You can manually assign the roles by creating role policies with conditions or you can activate roles based on the values in the external source.