HI Rafael,

1) The group mapping might be wrong, even the user is member of more than one Jazzgroup will display and it will allow you to login.

Check the LDAP group mapping done in the JTS/admin>Advanced Property >> Search for LDAP and verify the JazzGroup mapping wrt LDAP groups.

• JazzAdmins = LDAP Group for Jazz admins
  
• JazzUsers = LDAP Group for Jazz users
• JazzGuests = LDAP Group for Jazz guest (Not used by Rational Quality Manager)
• JazzProjectAdmins = LDAP Group for Jazz project admins

http://www-01.ibm.com/support/knowledgecenter/SSYMRC_6.0.0/com.ibm.jazz.install.doc/topics/t_config_ldap_connection.html

2) Restriction: In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz Team Server environment. However, if your Jazz Team Server runs on Apache Tomcat application server and Tomcat does not support mapping multiple LDAP groups to a J2EE role, you cannot map multiple groups to one role. If you use WebSphere Application Server, you can map multiple LDAP groups to a J2EE role.

Please let me know does that answer your question.

Regards,
Arun.

Hi Rafael,
You must add group mapping in two places:

1. Administration panel for RTC
2. Tomcat configuration file. You can find more details in the following document: Manually managing users using Tomcat