Ldap-authnetication-provider namespace configuration and own filter for role

:389/dc=,dc=orgquot; /gt;

lt;ldap-authentication-provider user-dn-pattern=quot;uid={0},ou=peoplequot;/gt;
and after successfull logging, use own filter to retrieve roles for this user? I've tried to do this (of course the code above isn't mine, it's straight from the reference guide), but as soon as trying to start app server, it's throwing exception
java.lang.IllegalArgumentException: Unsupported configuration attributes: [SOME_
ROLE]

So is it necessary to also use ldap-authentication-provider to retrieve the roles? It seems, that reason behind the error is, that I'm not retrieving any roles from ldap-server using ldap-authentication-provider (they would be retrieved from other server / service by filter).

Look at sample ldap application:
samples\ldap\src\main\webapp\WEB-INF\applicationContext-security.xmlCode: lt;bean id=quot;secondLdapProviderquot; class=quot;org..security.providers.ldap.LdapAuthenticationProviderquot;gt; lt;s:custom-authentication-provider /gt;
lt;constructor-arggt;
lt;bean class=quot;org..security.providers.ldap.authenticator.BindAuthenticatorquot;gt;
lt;constructor-arg ref=quot;contextSourcequot; /gt;
lt;property name=quot;userSearchquot;gt;
lt;bean id=quot;userSearchquot; class=quot;org..security.ldap.search.FilterBasedLdapUserSearchquot;gt; lt;constructor-arg index=quot;0quot; value=quot;ou=peoplequot;/gt; lt;constructor-arg index=quot;1quot; value=quot;(uid={0})quot;/gt; lt;constructor-arg index=quot;2quot; ref=quot;contextSourcequot; /gt;
lt;/beangt;
lt;/propertygt;
lt;/beangt;
lt;/constructor-arggt;
lt;constructor-arggt;
lt;bean class=quot;org..security.ldap.populator.DefaultLdapAuthoritiesPopulatorquot;gt;
lt;constructor-arg ref=quot;contextSourcequot; /gt;
lt;constructor-arg value=quot;ou=groupsquot; /gt;
lt;property name=quot;groupSearchFilterquot; value=quot;(member={0})quot;/gt;
lt;property name=quot;rolePrefixquot; value=quot;ROLE_quot;/gt;
lt;property name=quot;searchSubtreequot; value=quot;truequot;/gt;
lt;property name=quot;convertToUpperCasequot; value=quot;truequot;/gt;
lt;/beangt;
lt;/constructor-arggt; lt;/beangt;
It is possible to pass custom implementation of LdapAuthoritiesPopulator intefaces as a second constructor argument.