Thank you very much David, with roles and nested roles I can do everything I describe in my mail. Now I want one more thing. I have a hardware appliance who authorize users by testing if they belong to one given group, by retrieving the lists of the members of the group. But in our data model, authorization are given through an intermediary group belonging to several authorization groups.. I want that when getting the list of the members, the operation get the users members of the groups members of this group. Is it possible to write or use some plugin to do this ? Thank you, Fran?ois 2006/5/3, David Boreham <david_list at boreham.org>: > Fran?ois Beretti wrote: > > > > > I want two things : > > 1) to be able to get the groups of a user by reading an attribute of > > the user > > 2) to be able to get the groups of the groups of a user by reading an > > attribute of the user > > > > I am not sure I can replace totally an ldap search (matching some > > criteria) result with a custom value. > > This sounds quite like 'roles'. You might take a look at that code > and see if it'll work for you, or work with some minor modifications. > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >