Hi again,

 

I didn’t want to do a thread high jacking so here a second mail with a complete other question

 

If I’have a structure like:

User

-          Role

Role

-          User

-          Permission

Permission

-          Role

 

Now I want to get the authorization for some permission, So I have the information which user and which Permission. Now I need to match the list.

The way it already work:

                Get all Roles for a Permission

                Search in the user for the Role

If found Authorization

Else no

Therefore I need at least two requests to the LDAP server

 

My Question:

Is it possible to send only the DN of a Permissions and tell the Server, that he/she need to extract the Role attributes and check in the DN of a user for those Roles?

Can I Implement an overlay on the Server to manage this task or is it senseless to think about such a task for the server?

 

Greetings John

 

--

Johannes Fischer

Wissenschaftlicher Angestellter

 

Fraunhofer-Institut für

Produktionstechnik und Automatisierung IPA

 

Kompetenzzentrum Digitale Werkzeuge in der Produktion

 

Nobelstraße 12 │ 70569 Stuttgart

Telefon +49 711 970-1217

 

johannes.fischer@ipa.fraunhofer.de

www.ipa.fraunhofer.de