Hi again,


I didn’t want to do a thread high jacking so here a second mail with a complete other question


If I’have a structure like:


-          Role


-          User

-          Permission


-          Role


Now I want to get the authorization for some permission, So I have the information which user and which Permission. Now I need to match the list.

The way it already work:

                Get all Roles for a Permission

                Search in the user for the Role

If found Authorization

Else no

Therefore I need at least two requests to the LDAP server


My Question:

Is it possible to send only the DN of a Permissions and tell the Server, that he/she need to extract the Role attributes and check in the DN of a user for those Roles?

Can I Implement an overlay on the Server to manage this task or is it senseless to think about such a task for the server?


Greetings John



Johannes Fischer

Wissenschaftlicher Angestellter


Fraunhofer-Institut für

Produktionstechnik und Automatisierung IPA


Kompetenzzentrum Digitale Werkzeuge in der Produktion


Nobelstraße 12 │ 70569 Stuttgart

Telefon +49 711 970-1217