Q: roles for authentication

Hi!

I have a question: You can define roles for authentication this way: Multiple DNs can be members of a group/rolem, and you can use group names when assigning ACLs. To authenticate, a user will use his DN and own password.

Now when a DN is member of multiple roles/groups, authenticating as member assignes all the rights each group/role has.

The idea of a role however is that a user "changes hats", depending on the task he is doing.

I wonder: Is it possibe to authenticate with a group/role's DN and the user's (a memeber) password?

Or is there some other mechanism to accieve what I want?

Regards, Ulrich