Return-Path: 
 <users-return-6588-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-users-archive@www.apache.org
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3D94417A73
	for <apmail-directory-users-archive@www.apache.org>;
 Wed, 18 Mar 2015 23:51:14 +0000 (UTC)
Received: (qmail 32764 invoked by uid 500); 18 Mar 2015 23:51:09 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 32721 invoked by uid 500); 18 Mar 2015 23:51:09 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 32710 invoked by uid 99); 18 Mar 2015 23:51:08 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Mar 2015 23:51:08 +0000
X-ASF-Spam-Status: No, hits=2.2 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of mikhail_perelman@hotmail.com
 designates 65.55.116.83 as permitted sender)
Received: from [65.55.116.83] (HELO BLU004-OMC3S8.hotmail.com) (65.55.116.83)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Mar 2015 23:51:02 +0000
Received: from BLU179-W71 ([65.55.116.73]) by BLU004-OMC3S8.hotmail.com over
 TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
	 Wed, 18 Mar 2015 16:50:41 -0700
X-TMN: [U6/Ax29EE9cpYbQEjGQAzalDqX9rdTiI]
X-Originating-Email: [mikhail_perelman@hotmail.com]
Message-ID: <BLU179-W7118CC397C94179E06BD39FF000@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_3124f6dc-6d5f-4f0a-a7b3-17d0ab23ab5c_"
From: Michael Perelman <mikhail_perelman@hotmail.com>
To: "users@directory.apache.org" <users@directory.apache.org>
Subject: checking group membership during while binding
Date: Wed, 18 Mar 2015 18:50:41 -0500
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 18 Mar 2015 23:50:41.0553 (UTC)
 FILETIME=[57AC0010:01D061D6]
X-Virus-Checked: Checked by ClamAV on apache.org

--_3124f6dc-6d5f-4f0a-a7b3-17d0ab23ab5c_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

While using Apache LDAP java APIs=2C is there a way to check for group memb=
ership during the binding process? Or is the only way to determine group me=
mbership is by doing a regular lookup=2C and only after binding? The latter=
 approach may not work because the authenticated user may not have the acce=
ss rights to perform any lookups=2C thereby forcing the use of an LDAP admi=
nistrator. That means that its credentials need to be stored somewhere outs=
ide the LDAP server in order for the client code to use its account for the=
 aforementioned lookup. What approach would you suggest?
 		 	   		  =

--_3124f6dc-6d5f-4f0a-a7b3-17d0ab23ab5c_--