I would like to store all the principal/password and groups in an
external LDAP.

How could I avoid to declare every new user or group into the
security-role-assignment.
I would like to have automatic role assignement of every user declare
into the LDAP.

Thanks in advance

Denis