Description of problem:
The user's roles should match the LDAP mapping regardless of how users are logged in. This is the case with user logged in using RHQ UI. However, if the user is logged in using RHQ CLI or REST API this will not be the case.

Version-Release number of selected component (if applicable):
RHQ 4.12

How reproducible:
Always

Steps to Reproduce:
1. Create LDAP user (for instance: myTest) that does not belong to RHQ LDAP Group but belongs to some other LDAP groups;
2. In RHQ UI, logged in as "rhqadmin" user, change "All Resources" role to include RHQ LDAP Group (rHQ UI -> Administration -> Roles -> LDAP Group);
3. Also, add newly created LDAP user to "All Resources" role (RHQ UI -> Administration -> Roles -> Users;
4. Save the changes and log out;
5. Using newly created LDAP user and RHQ CLI try something like:

******************************************
myTest@localhost:7080$ var criteria = ResourceCriteria();
myTest@localhost:7080$ criteria.clearPaging();
myTest@localhost:7080$ criteria.addFilterPluginName("JBossAS7");
myTest@localhost:7080$ criteria.addFilterResourceTypeName('JBossAS7 Standalone Server');
myTest@localhost:7080$ var resources = ResourceManager.findResourcesByCriteria(criteria);
myTest@localhost:7080$ resources.size();
2
******************************************

6. Confirm that LDAP user can see resources;
7. Using the same user (myTest) try to log in to RHQ UI;
8. Confirm that this user (myTest) does not have permission to see any of the resources;

Actual results:
RHQ user's roles match LDAP mapping only when user is logged in through RHQ UI; For users logged in via RHQ CLI or REST API this is not a case.


Expected results:
RHQ user's roles have to match LDAP mapping regardless of how user's are logged in.

Additional info: