<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div><span style="font-family: Helvetica; font-size: 12px;">Dear all,</span><br style="font-family: Helvetica; font-size: 12px;"><br style="font-family: Helvetica; font-size: 12px;"><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">at the moment using the LDAP Identity federation we can map a role to the membership to a group.</span><br style="font-family: Helvetica; font-size: 12px;"><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">We are using instead of the groupMembership the „menberOf“ approach, dedicating an attribute to list the values of the roles owned by the user.</span><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">How would you suggest the implementation of this requirement?</span><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">Can you imagine a way to implement it using the planned customised filter?</span><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">Should we go for a custom federation provider?</span><br style="font-family: Helvetica; font-size: 12px;"><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">thank you for your answers,</span><br style="font-family: Helvetica; font-size: 12px;"><span style="font-family: Helvetica; font-size: 12px;">Giovanni</span></div></body></html>