Currently, the roles read by the LDAPUserProvider always carry the prefix "ROLE_". E.g. for a role "EXAMPLE" in a configured LDAP instance, the effective role in Mattehorn/Opencast will be "ROLE_EXAMPLE".
This may be problematic in situations where, for instance, an institution has been using the database as the main user provider, has defined roles that do not start with the prefix "ROLE_" and decides to "migrate" their database users to an LDAP provider. Because of the mandatory "ROLE_" prefix applied by the LDAPUserProvider, the (new) users coming from LDAP can not use any roles that do not start with that prefix.
The idea behind this task is to make the prefix addition configurable. Ideally, the prefix should still be "ROLE_" by default, to keep backwards compatibility.