The nsrole attribute is a special feature of Sun ONE LDAP, which is used to represent the role of a user.
Use the following configuration for Sun ONE LDAP with the nsrole attribute used in a group and user relationship.
<config:ldapEntityTypes name="Group">
<config:objectClasses>ldapsubentry</config:objectClasses>
</config:ldapEntityTypes>
...
<config:groupConfiguration>
<config:membershipAttribute name="nsRole" scope="direct"/>
</config:groupConfiguration>
...
</config:attributeConfiguration>