diff --git a/hsarback/src/de/hsadmin/core/model/LdapDAO.java b/hsarback/src/de/hsadmin/core/model/LdapDAO.java
new file mode 100644
index 0000000..0ea4374
--- /dev/null
+++ b/hsarback/src/de/hsadmin/core/model/LdapDAO.java
@@ -0,0 +1,116 @@
+package de.hsadmin.core.model;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.SecureRandom;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.StartTlsRequest;
+import javax.naming.ldap.StartTlsResponse;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import de.hsadmin.core.util.Config;
+
+public class LdapDAO {
+
+	private InitialLdapContext ctx;
+	private StartTlsResponse tls;
+
+	public LdapUser read(final String uid) throws TechnicalException {
+		if (uid == null) {
+			throw new TechnicalException("uid is null");
+		}
+		try {
+			String ldapDC = "dc=hostsharing,dc=net";
+			connect();
+			if (uid.length() == 2) {
+				ldapDC = "uid=" + uid + ",ou=users,ou=admins";
+			} else if (uid.length() > 4 && uid.charAt(3) == '-') {
+				ldapDC = "uid=" + uid + ",ou=users,ou=" + uid.substring(0, 3) + ",ou=customers";
+			} else {
+				throw new TechnicalException("no valid uid " + uid);
+			}
+			final LdapUser ldapUser = new LdapUser();
+			final Attributes ldapAttrs = ctx.getAttributes(ldapDC);
+			ldapUser.setUid(getSingleAttributValue(ldapAttrs, "uid"));
+			ldapUser.setNickname(getSingleAttributValue(ldapAttrs, "nickName"));
+			ldapUser.setSurname(getSingleAttributValue(ldapAttrs, "sn"));
+			ldapUser.setGivenname(getSingleAttributValue(ldapAttrs, "givenName"));
+			ldapUser.setMail(getSingleAttributValue(ldapAttrs, "mail"));
+			return ldapUser;
+		} catch (NamingException e) {
+			throw new TechnicalException(e);
+		} catch (GeneralSecurityException e) {
+			throw new TechnicalException(e);
+		} catch (IOException e) {
+			throw new TechnicalException(e);
+		} finally {
+			close();
+		}
+	}
+
+	private void connect() throws NamingException, GeneralSecurityException, IOException {
+		final Config conf = Config.getInstance();
+		final String ldapConnectString = conf.getProperty("ldap.connect.url");
+		final String bind = conf.getProperty("ldap.connect.bind");
+		final String passwd = conf.getProperty("ldap.connect.password");
+		final Properties env = new Properties();
+		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+		env.put("com.sun.jndi.ldap.connect.pool", "true");
+		env.put(Context.PROVIDER_URL, ldapConnectString);
+		ctx = new InitialLdapContext(env, null);
+		tls = (StartTlsResponse) ctx.extendedOperation(new StartTlsRequest());
+		final SSLContext sc = SSLContext.getInstance("TLSv1.2");
+		final TrustManager tm = new X509TrustManager() {
+			@Override
+			public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+			}
+			@Override
+			public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
+			}
+			@Override
+			public X509Certificate[] getAcceptedIssuers() {
+				return new X509Certificate[0];
+			}
+		};
+		sc.init(null, new TrustManager[] { tm } , new SecureRandom());
+		final SSLSocketFactory ssf = sc.getSocketFactory();
+		tls.negotiate(ssf);
+		ctx.addToEnvironment(Context.SECURITY_AUTHENTICATION, "simple");
+		String principal = bind;
+		ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, principal);
+		ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, passwd);
+		ctx.reconnect(null);
+	}
+
+	private String getSingleAttributValue(final Attributes ldapAttrs, final String attributeName) throws NamingException {
+		return ldapAttrs.get(attributeName).getAll().next().toString();
+	}
+
+	private void close() {
+		if (tls != null) {
+			try {
+				tls.close();
+			} catch (IOException e) {
+				// dont care
+			}
+		}
+		if (ctx != null) {
+			try {
+				ctx.close();
+			} catch (NamingException e) {
+				// dont care
+			}
+		}
+	}
+	
+}
diff --git a/hsarback/src/de/hsadmin/core/model/LdapUser.java b/hsarback/src/de/hsadmin/core/model/LdapUser.java
new file mode 100644
index 0000000..095c3cb
--- /dev/null
+++ b/hsarback/src/de/hsadmin/core/model/LdapUser.java
@@ -0,0 +1,76 @@
+package de.hsadmin.core.model;
+
+public class LdapUser implements AuthenticatedUser {
+
+	private String uid;
+	private String nickname;
+	private String surname;
+	private String givenname;
+	private String mail;
+
+	@Override
+	public long id() {
+		return -1L;
+	}
+
+	@Override
+	public String getName() {
+		return uid;
+	}
+
+	@Override
+	public boolean hasHostmasterRole() {
+		return uid != null && uid.length() == 2;
+	}
+
+	@Override
+	public boolean hasPacAdminRoleFor(AbstractEntity pac) {
+		return hasHostmasterRole();
+	}
+
+	@Override
+	public boolean hasCustomerRoleFor(AbstractEntity customer) {
+		return hasHostmasterRole();
+	}
+
+	public String getUid() {
+		return uid;
+	}
+
+	public String getNickname() {
+		return nickname;
+	}
+
+	public String getSurname() {
+		return surname;
+	}
+
+	public String getGivenname() {
+		return givenname;
+	}
+
+	public String getMail() {
+		return mail;
+	}
+
+	public void setUid(String uid) {
+		this.uid = uid;
+	}
+
+	public void setNickname(String nickname) {
+		this.nickname = nickname;
+	}
+
+	public void setSurname(String surname) {
+		this.surname = surname;
+	}
+
+	public void setGivenname(String givenname) {
+		this.givenname = givenname;
+	}
+
+	public void setMail(String mail) {
+		this.mail = mail;
+	}
+
+}
diff --git a/hsarback/src/de/hsadmin/core/model/Transaction.java b/hsarback/src/de/hsadmin/core/model/Transaction.java
index 80a0a8b..25b818b 100644
--- a/hsarback/src/de/hsadmin/core/model/Transaction.java
+++ b/hsarback/src/de/hsadmin/core/model/Transaction.java
@@ -90,7 +90,6 @@ public class Transaction {
 		for (String hive : taskStores.keySet()) {
 			QueueTaskStore store = taskStores.get(hive);
 			String queueName = "hsadminSystem-" + hive;
-//			queueName = "hsadminSystem-h99";  // FIXME nicht committen !!!
 			Queue jmsSystemQueue = lookupJMSQueue(queueName);
 			QueueClient qClient = null;
 			try {
@@ -176,7 +175,12 @@ public class Transaction {
 	public AuthenticatedUser getLoginUser() {
 		String loginName = getRunas();
 		if (loginName != null && loginName.length() == 2) {
-			loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
+			final LdapDAO ldapDAO = new LdapDAO();
+			return ldapDAO.read(loginName);
+		}
+		if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
+			final LdapDAO ldapDAO = new LdapDAO();
+			return ldapDAO.read(loginName);
 		}
 		if (loginName != null && loginName.length() == 3) {
 			loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;