Sometimes you may need certain users imported from Active Directory through the LDAP module to be associated with some Sitecore-native roles such as default Sitecore 5.3 Client Roles

In order to accomplish this, you need to customize the LDAPDomain class that is associated with the domain definitions in web.config.

Just create your own class that will inherit from Sitecore.Modules.LDAP.LDAPDomain:

public class LDAPDomain : Sitecore.Modules.LDAP.LDAPDomain
  {      public LDAPDomain(string domainName, string databaseName)         : base(domainName, databaseName)      {

     }

}

Then override the Login method that will call the base implementation of the Login method and post process the AD user:

public override Sitecore.SecurityModel.DomainAccessResult Login(string userName, string password)
       {            DomainAccessResult loginResult = base.Login(userName, password);            if (loginResult.Success)            {                UserItem user = this.GetUser(userName);                if (user["Fromldap"] == "1")                {                    // Optional: Get the Role that is already imported from AD                    RoleItem techSupportRole = Sitecore.Context.Domain.GetRole("Technical Support");

                   // Optional: if the role is found and the user is a member of this role                    if (techSupportRole != null && user.Roles.Contains(techSupportRole.ID))                    {                        user.BeginEdit();

                       // getting Sitecore Client Authoring Role                        RoleItem clientAuthRole = Sitecore.Context.Domain.GetRole(ID.Parse("{DE4E5C04-F820-4406-AEB9-C76144F7D808}"));                        // Getting Sitecore Maintaining Role                        RoleItem clientMaintRole = Sitecore.Context.Domain.GetRole(ID.Parse("{E2036D1D-2828-42B9-8D41-1AD2F247C256}"));

                       // assigne the Sitecore Client Authoring Role to the user                        if (clientAuthRole != null)                        {                            user.Roles.AddRole(clientAuthRole.ID);                        }

                       // assigne the Sitecore Maintaining Role to the user                        if (clientMaintRole != null)                        {                            user.Roles.AddRole(clientMaintRole.ID);                        }

                       user.EndEdit();                    }                }            }            return loginResult;        }

The code is pretty easy and self-explanatory.

Instead of hard-coding the role IDs, you can of course create a Sitecore item that will contain the role mappings, so this logic can read it and apply the rules on the fly.

Thanks to Ivan Sharamok for the idea.