LDAP indirect lookup

Hello,

Question: Can I make a reverse look up on a users Role?

This is what I am basically using:
spring-ldap-1.3.0.RELEASE-all.jar
spring-security-core-2.0.4.jar

Explanation:
I have nodes (ou) Users, Groups and Roles (all same Level)
Users are members in Groups and these Groups are allocated to Roles.

Example:
user XY is in group RED
Group RED is in Roles ABC
Essentially the look up result should show that XY has the ROLES ABC. (or RED + ABC)

That means I need to realize to get the GROUP the USER is in and then another lookup to get the ROLE the GROUP is in to retrieve all authorities.

Currenly I am using this which returns the Groups of a user.

HTML Code:

---

<!-- ======================== LDAP ======================= -->
        <bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
                <constructor-arg value="ldap://SRVADDRESS:PORT"/>
                <property name="managerDn"><value>CN=UsersGroup, OU=USERS,DC=ad,DC=company,DC=de</value></property>
                <property name="managerPassword"><value>pw$1</value></property>
                <property name="extraEnvVars"><map><entry key="java.naming.referral" value="follow"/></map></property>
        </bean>   
        <!-- For LDAP authentication -->
        <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
                <constructor-arg>
                        <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                                <constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
                                <property name="userSearch" ref="userSearch"/>
                        </bean>
                </constructor-arg>
                <!-- Mapping User Roles -->
                <constructor-arg>
                        <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
                                <constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg>
                                <constructor-arg index="1"><value>OU=Rights,OU=Groups,DC=ad,DC=company,DC=de</value></constructor-arg>
                                <property name="groupRoleAttribute"><value>cn</value></property>
                                <property name="searchSubtree"><value>false</value></property>
                                <property name="convertToUpperCase"><value>true</value></property>
                                <property name="rolePrefix"><value>AD_</value></property>
                        </bean>
                </constructor-arg>
        </bean>
        <!-- For LDAP authentication. This bean is not used by default -->
        <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
                <constructor-arg index="0"><value>OU=USERS,DC=ad,DC=company,DC=de</value></constructor-arg>
                <constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg>
                <constructor-arg index="2"><ref local="initialDirContextFactory" /></constructor-arg>           
                <property name="searchSubtree"><value>true</value></property>
        </bean>

---

Thanks in advance!!