I would like to use Active Directory to authenticate users (I'm using the LDAP module from the AppStore). I'm allocating the Mendix Appliction Users to a group in Active Directory, however I would like to manage the exact user roles within the Mendix application itself. Will the property "Userroles WITHOUT ldap authentication" (see below) do the job? Userroles WITHOUT ldap authentication (new in 1.2) This property identifies which userroles are not authenticated against ldap. This is a global property, not server specific. For example, if one LDAP server has 'FloorManager' as exception, any user which has at least userrole 'FloorManager' will not be authenticated against LDAP. (Even if the user is not from the designated server, or has other userroles).
I have used this setting for members of the Administrator group on my server so that their logins are not dependent on LDAP being available.
Members of this group are then authenticated locally using the password set in mendix, rather than being sent to LDAP for authentication. Other users are authenticated through LDAP
This way, if LDAP is misconfigured, or the account used to read it expires etc, I can still log in to the mendix server to make any necessary configuration changes