Hi,
We have use case where accounts and permissions are not coming to us from application. Permissions are defined as LDAP groups. All the people in the group will have permissions named as LDAP group.
For example A-LADAP-ADMIN group will have "A-LDAP-ADMIN" permission. These groups are not stored anywhere in the database. Since the accounts and permissions are not coming form the application , we cannot compare these to the identities and permissions in eDirectory. What is the best approach to implement this use case.

Thanks.