LDAP indirect lookup

[frs24]

Hello,

Question: Can I make a reverse look up on a users Role?

This is what I am basically using:
spring-ldap-1.3.0.RELEASE-all.jar
spring-security-core-2.0.4.jar

Explanation:
I have nodes (ou) Users, Groups and Roles (all same Level)
Users are members in Groups and these Groups are allocated to Roles.

Example:
user XY is in group RED
Group RED is in Roles ABC
Essentially the look up result should show that XY has the ROLES ABC. (or RED + ABC)

That means I need to realize to get the GROUP the USER is in and then another lookup to get the ROLE the GROUP is in to retrieve all authorities.

Currenly I am using this which returns the Groups of a user.

HTML Code:

<!-- ======================== LDAP ======================= -->
	<bean id="initialDirContextFactory" class="org.springframework.security.ldap.DefaultInitialDirContextFactory">
		<constructor-arg value="ldap://SRVADDRESS:PORT"/>
		<property name="managerDn"><value>CN=UsersGroup, OU=USERS,DC=ad,DC=company,DC=de</value></property>
		<property name="managerPassword"><value>pw$1</value></property>
		<property name="extraEnvVars"><map><entry key="java.naming.referral" value="follow"/></map></property>
	</bean>    
	<!-- For LDAP authentication -->
	<bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
		<constructor-arg>
			<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
				<constructor-arg><ref local="initialDirContextFactory"/></constructor-arg>
				<property name="userSearch" ref="userSearch"/>
			</bean>
		</constructor-arg>
		<!-- Mapping User Roles --> 
		<constructor-arg>
			<bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
				<constructor-arg index="0"><ref local="initialDirContextFactory"/></constructor-arg>
				<constructor-arg index="1"><value>OU=Rights,OU=Groups,DC=ad,DC=company,DC=de</value></constructor-arg>
				<property name="groupRoleAttribute"><value>cn</value></property>
				<property name="searchSubtree"><value>false</value></property>
				<property name="convertToUpperCase"><value>true</value></property>
				<property name="rolePrefix"><value>AD_</value></property> 
			</bean>
		</constructor-arg>
	</bean> 
	<!-- For LDAP authentication. This bean is not used by default -->
	<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
		<constructor-arg index="0"><value>OU=USERS,DC=ad,DC=company,DC=de</value></constructor-arg>
		<constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg>
		<constructor-arg index="2"><ref local="initialDirContextFactory" /></constructor-arg>            
		<property name="searchSubtree"><value>true</value></property>
	</bean>

Thanks in advance!!