Permission management with LDAP

Hi again, I didn’t want to do a thread high jacking so here a second mail with a complete other question If I’have a structure like: User - Role Role - User - Permission Permission - Role Now I want to get the authorization for some permission, So I have the information which user and which Permission. Now I need to match the list. The way it already work: Get all Roles for a Permission Search in the user for the Role If found Authorization Else no Therefore I need at least two requests to the LDAP server My Question: Is it possible to send only the DN of a Permissions and tell the Server, that he/she need to extract the Role attributes and check in the DN of a user for those Roles? Can I Implement an overlay on the Server to manage this task or is it senseless to think about such a task for the server? Greetings John -- Johannes Fischer Wissenschaftlicher Angestellter Fraunhofer-Institut für Produktionstechnik und Automatisierung IPA Kompetenzzentrum Digitale Werkzeuge in der Produktion Nobelstraße 12 │ 70569 Stuttgart Telefon +49 711 970-1217 johannes.fischer@ipa.fraunhofer.de<mailto:johannes.fischer@ipa.fraunhofer.de> www.ipa.fraunhofer.de<http://www.ipa.fraunhofer.de/> [cid:image002.png@01D0E168.63E7FA20]